Trojan.KillProc2.29863

Technical Information

Malicious functions

Terminates or attempts to terminate

the following system processes:

%WINDIR%\explorer.exe
<SYSTEM32>\taskhost.exe
<SYSTEM32>\dwm.exe

the following user processes:

iexplore.exe
firefox.exe

Modifies file system

Creates the following files

%WINDIR%y1s2fctrp3
%CommonProgramFiles%\microsoft shared\fac71w2 horse bd1l5ir big qx2j1b5 (sarah).mpg.exe
%ProgramFiles%\dvd maker\shared\f07qtt sperm [bangbus] titts eigt45 .rar.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\beast nom72kl .avi.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\sperm sgu4m7oc hairy .avi.exe
%ProgramFiles%\microsoft office\office14\groove\xml files\space templates\sperm bd1l5ir girls titts zn3tvn (sonja,hyo87il).mpeg.exe
%ProgramFiles%\microsoft office\templates\f07qtt mnho9y54 [bangbus] sm (36mho73).avi.exe
%ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\z1qxwcd ddqayq h93bklf uncut .zip.exe
%ProgramFiles%\windows journal\templates\wpjwijv w6csjja14n1 yzw1afy uncut .mpg.exe
%ProgramFiles%\windows sidebar\shared gadgets\fac71w2 xakmpl gay ihthd33 .zip.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\viaz50 mzwpstr8n uncut legs balls .avi.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\s2fkave sperm hot (!) boots .zip.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\lpcu5ai3 l9hwcs7vvnphd9 .mpg.exe
%CommonProgramFiles(x86)%\microsoft shared\z1qxwcd sperm bq4kno .mpeg.exe
%ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\upfgetx porn wep6b08 ihthd33 ash (sandy,sarah).zip.exe
%ProgramFiles(x86)%\windows sidebar\shared gadgets\z1qxwcd beast 7vepaqjm ejn547rbxhd1 .mpg.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\porn [free] .zip.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\f1i7cm xxx wep6b08 7vepaqjm js80j73 .avi.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\8ok6yf big 50+ .avi.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\z1qxwcd sperm beast epyxwn legs ejn547rbxhd1 .avi.exe
%ALLUSERSPROFILE%\templates\nom72kl girls hole hotel (g6u8n4r,sonja).mpg.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\black mnho9y54 sgu4m7oc boots (y8oxsqa,sarah).zip.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\gay lpcu5ai3 [bangbus] cock .mpg.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\zc8giv9 8ok6yf nude epyxwn boobs 8pfmdyy (haj1oyikd).mpg.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\yzw1afy beast ihthd33 gh5b6gd7wrv .mpg.exe
%ALLUSERSPROFILE%\templates\f07qtt 7nd83wovj apv53deiq9fw legs wifey .mpg.exe
C:\users\default\appdata\local\microsoft\windows\<INETFILES>\zc8giv9 nude ddqayq epyxwn (c4w8hqa,sarah).avi.exe
C:\users\default\appdata\local\temp\0287zh 7nd83wovj [free] .mpg.exe
C:\users\default\appdata\local\<INETFILES>\8ok6yf uncut fishy .zip.exe
C:\users\default\appdata\roaming\microsoft\windows\templates\cum uncut mg9fvb2xk9 (jenna,c4w8hqa).mpg.exe
C:\users\default\templates\bd1l5ir tsomq34 [bangbus] legs .mpg.exe
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\cum uncut feet .zip.exe
%TEMP%\s2fkave xakmpl [milf] (2hbt8wr,sandy).rar.exe
%LOCALAPPDATA%\<INETFILES>\viaz50 beast apv53deiq9fw nrb42wq .avi.exe
%LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\7b6fhxi 8ok6yf ihthd33 .zip.exe
%LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\z9z7rwe horse girls (sandy,dehod0).avi.exe
%LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\horse horse sgu4m7oc boots .rar.exe
%APPDATA%\microsoft\templates\0287zh lpcu5ai3 sgu4m7oc hairy (dehod0,karin).zip.exe
%APPDATA%\microsoft\windows\templates\s2fkave 8ok6yf uncut gsva2xn .mpeg.exe
%APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\tsomq34 ddqayq apv53deiq9fw ash (sandy,36mho73).mpeg.exe
%APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\ikdyfwhy horse girls cock .avi.exe
%HOMEPATH%\templates\xakmpl [milf] .mpeg.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\xxx ihthd33 boobs ae2sd7u4xh .rar.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\f07qtt xakmpl uncut zmc8ujp (sonja,liz).mpeg.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\ikdyfwhy ddqayq w6csjja14n1 big .mpeg.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\ikdyfwhy gay w6csjja14n1 uncut hole (jenna,hyo87il).mpg.exe
%WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\z9z7rwe xakmpl big (haj1oyikd).zip.exe
%WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\ikdyfwhy mnho9y54 mnho9y54 hot (!) titts qq6w54yfhtqrbwcslg .avi.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\upfgetx nom72kl horse uncut gh5b6gd7wrv (sandy).mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\7nd83wovj beast [free] sweet .mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\h93bklf hot (!) ash .avi.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\ sgu4m7oc cock sm .mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\0287zh porn h93bklf vjq39c1gwy .mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\xakmpl xakmpl 7vepaqjm zmc8ujp (rdl1tfkz,sandy).rar.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\asian xxx gay hot (!) cock .rar.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\ddqayq xakmpl big feet nmibe2 .avi.exe
%WINDIR%\assembly\temp\8r3baiec tsomq34 beast vjq39c1gwy .mpeg.exe
%WINDIR%\assembly\tmp\7b6fhxi sperm gay sgu4m7oc hole .mpg.exe
%WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\zc8giv9 7nd83wovj xakmpl sgu4m7oc .rar.exe
%WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\black ddqayq 8ok6yf uncut sgoibhh (c4w8hqa).avi.exe
%WINDIR%\pla\templates\z1qxwcd nom72kl l9hwcs7vvnphd9 hole .zip.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\ikdyfwhy mzwpstr8n lpcu5ai3 [milf] sgoibhh .rar.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\temp\f07qtt mzwpstr8n nom72kl .avi.exe
%WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\cum horse [milf] .zip.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\8r3baiec cum nude 7vepaqjm kfp2yqq (cy4xpd,jenna).zip.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\temp\upfgetx gay epyxwn kfp2yqq fw58kpr41ob1w .zip.exe
%WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\0287zh mnho9y54 xakmpl [milf] .rar.exe
%WINDIR%\syswow64\config\systemprofile\f1i7cm mnho9y54 yzw1afy big mg9fvb2xk9 .mpg.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\ikdyfwhy yzw1afy l9hwcs7vvnphd9 .avi.exe
%WINDIR%\syswow64\fxstmp\bd1l5ir nom72kl hot (!) qx2j1b5 .zip.exe
%WINDIR%\syswow64\ime\shared\bd1l5ir uncut .zip.exe
%WINDIR%\syswow64\config\systemprofile\ horse girls .zip.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\nude nude [free] jxqgtp zn3tvn .avi.exe
%WINDIR%\syswow64\fxstmp\bd1l5ir sgu4m7oc sgoibhh .avi.exe
%WINDIR%\syswow64\ime\shared\4h1e2a346 yzw1afy nom72kl uncut kfp2yqq nrb42wq .mpeg.exe
%WINDIR%\temp\cum mnho9y54 nom72kl balls .mpeg.exe

Miscellaneous

Searches for the following windows

ClassName: 'Progman' WindowName: ''
ClassName: 'Proxy Desktop' WindowName: ''

Restarts the analyzed sample

Executes the following

'%WINDIR%\explorer.exe'

TECHNOLOGIES

TERMINOLOGIE

COURS ET EDU

MYTHES

Technical Information

Recommandations pour le traitement

Free trial