Trojan.KillProc2.25366

Technical Information

Malicious functions

Terminates or attempts to terminate

the following system processes:

%WINDIR%\explorer.exe
<SYSTEM32>\taskhost.exe
<SYSTEM32>\dwm.exe

the following user processes:

iexplore.exe
firefox.exe

Modifies file system

Creates the following files

%WINDIR%y1s2fctrp3
%CommonProgramFiles%\microsoft shared\ddqayq tsomq34 sgu4m7oc 50+ .mpg.exe
%ProgramFiles%\dvd maker\shared\nom72kl sperm bq4kno boobs ae2sd7u4xh (cy4xpd,karin).mpg.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\black bd1l5ir uncut .rar.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\nude 8ok6yf l9hwcs7vvnphd9 girly .mpg.exe
%ProgramFiles%\microsoft office\office14\groove\xml files\space templates\8r3baiec uncut .rar.exe
%ProgramFiles%\microsoft office\templates\lpcu5ai3 horse uncut jxqgtp 8pfmdyy .mpg.exe
%ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\fac71w2 wep6b08 w6csjja14n1 nom72kl .rar.exe
%ProgramFiles%\windows journal\templates\8r3baiec ddqayq ihthd33 hotel .mpeg.exe
%ProgramFiles%\windows sidebar\shared gadgets\7nd83wovj mzwpstr8n uncut girly .rar.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\jxaglwti wep6b08 sperm uncut ash .avi.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\zc8giv9 beast xakmpl uncut .mpg.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\mnho9y54 horse sgu4m7oc ejn547rbxhd1 .zip.exe
%CommonProgramFiles(x86)%\microsoft shared\tsomq34 w6csjja14n1 girls .zip.exe
%ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\bd1l5ir porn epyxwn (36mho73).rar.exe
%ProgramFiles(x86)%\windows sidebar\shared gadgets\wep6b08 uncut ash .rar.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\0287zh yzw1afy l9hwcs7vvnphd9 legs gsva2xn .mpeg.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\eq7k2xcxt mzwpstr8n sgu4m7oc boots .rar.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\nom72kl ddqayq [milf] .avi.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\f07qtt lpcu5ai3 [bangbus] kfp2yqq fw58kpr41ob1w .avi.exe
%ALLUSERSPROFILE%\templates\yzw1afy apv53deiq9fw ash 8pfmdyy .avi.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\gzn4ud7e bd1l5ir wep6b08 girls .zip.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\4h1e2a346 cum apv53deiq9fw legs .mpg.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\nude [free] balls .avi.exe
%ALLUSERSPROFILE%\templates\asian ddqayq [free] .zip.exe
C:\users\default\appdata\local\microsoft\windows\<INETFILES>\upfgetx horse ihthd33 mg9fvb2xk9 .avi.exe
C:\users\default\appdata\local\temp\8r3baiec mzwpstr8n 8ok6yf nom72kl lzxyhb7k .rar.exe
C:\users\default\appdata\local\<INETFILES>\f07qtt 7nd83wovj mnho9y54 [bangbus] fw58kpr41ob1w .rar.exe
C:\users\default\appdata\roaming\microsoft\windows\templates\8r3baiec 8ok6yf 8ok6yf big latex (jade,36mho73).avi.exe
C:\users\default\templates\w6csjja14n1 lpcu5ai3 [bangbus] .rar.exe
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\7nd83wovj hot (!) ae2sd7u4xh .zip.exe
%TEMP%\7nd83wovj nom72kl (c4w8hqa,jade).mpg.exe
%LOCALAPPDATA%\<INETFILES>\eq7k2xcxt nom72kl sperm [milf] gsva2xn .mpeg.exe
%LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\fac71w2 nude uncut kfp2yqq lzxyhb7k .rar.exe
%LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\xxx big .mpg.exe
%LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\w6csjja14n1 uncut ash ejn547rbxhd1 .zip.exe
%APPDATA%\microsoft\templates\z1qxwcd nude porn big (sonja).rar.exe
%APPDATA%\microsoft\windows\templates\8r3baiec horse girls .mpg.exe
%APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\yzw1afy hot (!) jxqgtp (sandy,liz).zip.exe
%APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\tsomq34 nom72kl 7vepaqjm .rar.exe
%HOMEPATH%\templates\0287zh mnho9y54 porn apv53deiq9fw sweet .mpeg.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\z9z7rwe wep6b08 sperm vjq39c1gwy glans .mpg.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\zc8giv9 tsomq34 bq4kno js80j73 .zip.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\w6csjja14n1 girls nrb42wq .mpeg.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\bd1l5ir beast l9hwcs7vvnphd9 nmibe2 (haj1oyikd,karin).avi.exe
%WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\wep6b08 nude big hole gsva2xn (gina,2hbt8wr).avi.exe
%WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\xxx [bangbus] lady (haj1oyikd,hyo87il).avi.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\black mzwpstr8n uncut lzxyhb7k .mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\ cum uncut .zip.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\8r3baiec porn [bangbus] glans zn3tvn .zip.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\eq7k2xcxt 7nd83wovj w6csjja14n1 big (cy4xpd).mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\black wep6b08 8ok6yf apv53deiq9fw hole fishy .zip.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\cum apv53deiq9fw cock .mpg.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\horse ddqayq vjq39c1gwy .mpeg.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\black gay horse ihthd33 .mpg.exe
%WINDIR%\assembly\temp\xxx hot (!) cock qx2j1b5 (haj1oyikd,sandy).mpeg.exe
%WINDIR%\assembly\tmp\mnho9y54 xxx sgu4m7oc ash .mpeg.exe
%WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\eq7k2xcxt horse sperm vjq39c1gwy (jenna,sonja).mpg.exe
%WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\zc8giv9 horse uncut 40+ .mpeg.exe
%WINDIR%\pla\templates\ddqayq bq4kno cock fw58kpr41ob1w .mpg.exe
%WINDIR%\security\templates\8r3baiec mnho9y54 tsomq34 uncut sm .mpg.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\z1qxwcd horse 8ok6yf [free] titts lady .avi.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\temp\h93bklf [milf] legs lzxyhb7k (2hbt8wr,36mho73).rar.exe
%WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\horse h93bklf apv53deiq9fw (sarah).avi.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\xakmpl beast ihthd33 .mpeg.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\temp\horse apv53deiq9fw young .mpg.exe
%WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\7b6fhxi beast bd1l5ir uncut legs b37oavmx289 (y8oxsqa).zip.exe
%WINDIR%\syswow64\config\systemprofile\4h1e2a346 w6csjja14n1 h93bklf uncut nmibe2 .mpeg.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\s2fkave sperm bq4kno 779mipj .avi.exe
%WINDIR%\syswow64\fxstmp\f07qtt 8ok6yf epyxwn .zip.exe
%WINDIR%\syswow64\config\systemprofile\asian ddqayq bd1l5ir l9hwcs7vvnphd9 (hyo87il).avi.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\beast uncut sm (cy4xpd,jade).avi.exe
%WINDIR%\syswow64\fxstmp\zc8giv9 yzw1afy h93bklf [bangbus] eigt45 .avi.exe
%WINDIR%\syswow64\ime\shared\cum porn hot (!) qx2j1b5 (jade).mpeg.exe
%WINDIR%\winsxs\installtemp\7nd83wovj big latex .zip.exe
<Current directory>\sqjaed7r1vnw
%CommonProgramFiles%\microsoft shared\s2fkave nude lpcu5ai3 epyxwn cock .zip.exe
%ProgramFiles%\dvd maker\shared\lpcu5ai3 uncut ae2sd7u4xh .zip.exe

Miscellaneous

Searches for the following windows

ClassName: 'Progman' WindowName: ''
ClassName: 'Proxy Desktop' WindowName: ''

Restarts the analyzed sample

Executes the following

'%WINDIR%\explorer.exe'

TECHNOLOGIES

TERMINOLOGIE

COURS ET EDU

MYTHES

Technical Information

Recommandations pour le traitement

Free trial