Trojan.KillProc2.25195

Technical Information

Malicious functions

Terminates or attempts to terminate

the following system processes:

%WINDIR%\explorer.exe
<SYSTEM32>\taskhost.exe
<SYSTEM32>\dwm.exe

the following user processes:

iexplore.exe
firefox.exe

Modifies file system

Creates the following files

%WINDIR%y1s2fctrp3
%CommonProgramFiles%\microsoft shared\eq7k2xcxt 8ok6yf mzwpstr8n [milf] girly .rar.exe
%ProgramFiles%\dvd maker\shared\ [free] cock boots (gina).zip.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\xakmpl wep6b08 big latex .mpeg.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\zc8giv9 xakmpl uncut 779mipj .zip.exe
%ProgramFiles%\microsoft office\office14\groove\xml files\space templates\upfgetx bd1l5ir xxx [bangbus] nmibe2 .rar.exe
%ProgramFiles%\microsoft office\templates\8r3baiec yzw1afy horse girls cock lady (g6u8n4r,c4w8hqa).mpg.exe
%ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\ddqayq apv53deiq9fw 8pfmdyy .zip.exe
%ProgramFiles%\windows journal\templates\s2fkave horse bq4kno legs fishy (sandy).mpg.exe
%ProgramFiles%\windows sidebar\shared gadgets\z1qxwcd nom72kl 7vepaqjm hole .rar.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\xakmpl [free] zmc8ujp .zip.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\jxaglwti lpcu5ai3 bd1l5ir bq4kno sm .avi.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\zc8giv9 porn h93bklf apv53deiq9fw latex .zip.exe
%CommonProgramFiles(x86)%\microsoft shared\f07qtt porn lpcu5ai3 uncut .mpeg.exe
%ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\7b6fhxi xxx nom72kl vjq39c1gwy nrb42wq .mpg.exe
%ProgramFiles(x86)%\windows sidebar\shared gadgets\black 7nd83wovj big .rar.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\0287zh 7nd83wovj uncut hairy .zip.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\zc8giv9 xakmpl wep6b08 bq4kno ash .mpeg.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\4h1e2a346 sperm w6csjja14n1 big 6tl9zg0uqa (jenna).avi.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\xakmpl vjq39c1gwy ash (sonja,rdl1tfkz).mpeg.exe
%ALLUSERSPROFILE%\templates\gzn4ud7e gay big rv0y8n .rar.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\fac71w2 h93bklf yzw1afy [milf] 40+ .rar.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\7nd83wovj mzwpstr8n hot (!) fw58kpr41ob1w .mpg.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\viaz50 l9hwcs7vvnphd9 .avi.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\0287zh tsomq34 gay girls ae2sd7u4xh (dxocjwba).mpg.exe
%ALLUSERSPROFILE%\templates\gzn4ud7e horse ddqayq 7vepaqjm .avi.exe
C:\users\default\appdata\local\microsoft\windows\<INETFILES>\f07qtt xakmpl girls ash 50+ .rar.exe
C:\users\default\appdata\local\temp\ [milf] .mpg.exe
C:\users\default\appdata\local\<INETFILES>\gzn4ud7e xxx nude uncut .zip.exe
C:\users\default\appdata\roaming\microsoft\windows\templates\8r3baiec porn nom72kl big boobs 50+ (liz).rar.exe
C:\users\default\templates\f07qtt 8ok6yf nude hot (!) (jenna).mpg.exe
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\upfgetx ddqayq [free] young (sarah,sarah).avi.exe
%TEMP%\ yzw1afy big ash .avi.exe
%LOCALAPPDATA%\<INETFILES>\fac71w2 mzwpstr8n epyxwn (sarah).mpeg.exe
%LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\yzw1afy apv53deiq9fw .rar.exe
%LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\horse l9hwcs7vvnphd9 titts .rar.exe
%LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\4h1e2a346 sperm beast nom72kl glans .zip.exe
%APPDATA%\microsoft\templates\f1i7cm tsomq34 uncut qq6w54yfhtqrbwcslg .avi.exe
%APPDATA%\microsoft\windows\templates\f1i7cm beast nude hot (!) (sandy).avi.exe
%APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\fac71w2 wep6b08 7vepaqjm kfp2yqq lady (sandy,dxocjwba).zip.exe
%APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\eq7k2xcxt mzwpstr8n [free] legs .avi.exe
%HOMEPATH%\templates\black yzw1afy mzwpstr8n sgu4m7oc nrb42wq .mpg.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\z9z7rwe yzw1afy ihthd33 nrb42wq (haj1oyikd).avi.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\7b6fhxi xakmpl ddqayq 7vepaqjm mg9fvb2xk9 (jenna,hyo87il).mpg.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\eq7k2xcxt horse ihthd33 .avi.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\sperm vjq39c1gwy shoes .zip.exe
%WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\zc8giv9 7nd83wovj l9hwcs7vvnphd9 kfp2yqq ol6p1tua .zip.exe
%WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\z9z7rwe w6csjja14n1 hot (!) 50+ .avi.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\f1i7cm horse horse big legs 8bgkvshe1 (dxocjwba).rar.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\beast 7vepaqjm hairy .zip.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\jxaglwti h93bklf girls rv0y8n (c4w8hqa,sonja).avi.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\s2fkave 8ok6yf hot (!) eigt45 .rar.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\4h1e2a346 big ash sgoibhh .mpg.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\0287zh lpcu5ai3 tsomq34 [bangbus] (haj1oyikd).avi.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\cum nude uncut glans 40+ (liz).rar.exe
%WINDIR%\assembly\temp\f07qtt 8ok6yf uncut legs sgoibhh (sandy,gina).mpg.exe
%WINDIR%\assembly\tmp\ikdyfwhy xakmpl 7vepaqjm .rar.exe
%WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\viaz50 sperm vjq39c1gwy (2hbt8wr,hyo87il).mpeg.exe
%WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\cum lpcu5ai3 girls nrb42wq .avi.exe
%WINDIR%\pla\templates\jxaglwti mzwpstr8n wep6b08 [milf] girly .avi.exe
%WINDIR%\security\templates\z9z7rwe wep6b08 mzwpstr8n 7vepaqjm feet .rar.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\xakmpl vjq39c1gwy rv0y8n (hyo87il).avi.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\temp\s2fkave w6csjja14n1 [free] 40+ .rar.exe
%WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\jxaglwti nom72kl w6csjja14n1 l9hwcs7vvnphd9 .rar.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\jxaglwti xakmpl sgu4m7oc ejn547rbxhd1 (2hbt8wr).mpeg.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\temp\nude ihthd33 b37oavmx289 .mpg.exe
%WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\7nd83wovj ihthd33 feet (g6u8n4r,karin).mpg.exe
%WINDIR%\syswow64\config\systemprofile\nude cum 7vepaqjm .mpg.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\s2fkave horse nom72kl epyxwn cock zn3tvn .rar.exe
%WINDIR%\syswow64\fxstmp\xxx sgu4m7oc hotel .zip.exe
%WINDIR%\syswow64\ime\shared\s2fkave h93bklf nom72kl (sarah,sonja).avi.exe
%WINDIR%\syswow64\config\systemprofile\nom72kl 8ok6yf bq4kno wifey .mpg.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\8r3baiec nude big .zip.exe
%WINDIR%\syswow64\fxstmp\horse hot (!) sgoibhh .zip.exe
%WINDIR%\syswow64\ime\shared\s2fkave hot (!) ae2sd7u4xh .zip.exe
%WINDIR%\temp\mzwpstr8n yzw1afy girls sweet .rar.exe
%WINDIR%\winsxs\installtemp\4h1e2a346 xakmpl epyxwn hole .avi.exe
<Current directory>\sqjaed7r1vnw
%CommonProgramFiles%\microsoft shared\yzw1afy 7vepaqjm (y8oxsqa).zip.exe
%CommonProgramFiles%\microsoft shared\black porn lpcu5ai3 sgu4m7oc ejn547rbxhd1 .avi.exe
%ProgramFiles%\dvd maker\shared\yzw1afy bq4kno glans lady .mpeg.exe
%ProgramFiles%\dvd maker\shared\tsomq34 bq4kno (cy4xpd).avi.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\eq7k2xcxt 8ok6yf tsomq34 epyxwn zn3tvn .mpeg.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\f07qtt 7nd83wovj mzwpstr8n ihthd33 titts lady .mpeg.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\lpcu5ai3 ihthd33 titts .mpeg.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\lpcu5ai3 uncut 6tl9zg0uqa .rar.exe
%ProgramFiles%\microsoft office\office14\groove\xml files\space templates\xxx nom72kl shoes .avi.exe
%ProgramFiles%\microsoft office\office14\groove\xml files\space templates\f1i7cm xakmpl yzw1afy girls hole lady .zip.exe
%ProgramFiles%\microsoft office\templates\f07qtt xakmpl lpcu5ai3 l9hwcs7vvnphd9 (dxocjwba).rar.exe
%ProgramFiles%\microsoft office\templates\ [bangbus] (g6u8n4r).avi.exe
%ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\lpcu5ai3 girls cock .mpg.exe
%ProgramFiles%\windows journal\templates\upfgetx horse beast uncut titts .mpeg.exe
%ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\mzwpstr8n vjq39c1gwy glans ol6p1tua (karin).mpg.exe
%ProgramFiles%\windows journal\templates\8r3baiec 7nd83wovj sperm [bangbus] .avi.exe
%ProgramFiles%\windows sidebar\shared gadgets\horse ihthd33 lzxyhb7k .mpeg.exe
%ProgramFiles%\windows sidebar\shared gadgets\black cum beast [milf] feet balls (jade).avi.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\xxx [free] hole balls .rar.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\f07qtt 8ok6yf nom72kl [free] nmibe2 .zip.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\ epyxwn glans 40+ (sarah).mpeg.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\gzn4ud7e h93bklf gay hot (!) .zip.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\upfgetx 7nd83wovj nom72kl nom72kl nrb42wq .avi.exe
%CommonProgramFiles(x86)%\microsoft shared\s2fkave nude beast [milf] .rar.exe
%CommonProgramFiles(x86)%\microsoft shared\upfgetx wep6b08 xxx l9hwcs7vvnphd9 (karin).mpg.exe
%ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\black horse sperm [free] ae2sd7u4xh (sonja,liz).zip.exe
%ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\gay 7vepaqjm feet boots .zip.exe
%ProgramFiles(x86)%\windows sidebar\shared gadgets\f07qtt porn lpcu5ai3 [milf] .mpeg.exe
%ProgramFiles(x86)%\windows sidebar\shared gadgets\beast [bangbus] fw58kpr41ob1w .zip.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\gzn4ud7e wep6b08 mzwpstr8n ihthd33 cock .avi.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\f07qtt w6csjja14n1 sperm uncut eigt45 .mpeg.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\upfgetx cum nom72kl apv53deiq9fw sgoibhh .mpeg.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\z9z7rwe horse gay [milf] gh5b6gd7wrv .mpeg.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\beast vjq39c1gwy girly .mpg.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\upfgetx horse mnho9y54 epyxwn 50+ .rar.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\s2fkave h93bklf mnho9y54 [bangbus] glans lzxyhb7k (karin).mpg.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\horse bq4kno gh5b6gd7wrv .avi.exe
%ALLUSERSPROFILE%\templates\mnho9y54 apv53deiq9fw .mpg.exe
%ALLUSERSPROFILE%\templates\black h93bklf nom72kl uncut feet ash .mpg.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\eq7k2xcxt cum nom72kl vjq39c1gwy qx2j1b5 .mpeg.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\tsomq34 7vepaqjm (2hbt8wr).rar.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\gay uncut 50+ .avi.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\f1i7cm h93bklf gay uncut rv0y8n .zip.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\8r3baiec horse xxx uncut wifey .zip.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\lpcu5ai3 epyxwn cock .mpg.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\f1i7cm 7nd83wovj nom72kl uncut titts gh5b6gd7wrv .avi.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\xxx [milf] titts boots .mpeg.exe
%ALLUSERSPROFILE%\templates\mnho9y54 uncut ejn547rbxhd1 .mpeg.exe
C:\users\default\appdata\local\microsoft\windows\<INETFILES>\eq7k2xcxt bd1l5ir tsomq34 vjq39c1gwy feet .mpg.exe
%ALLUSERSPROFILE%\templates\gay [free] fishy .rar.exe
C:\users\default\appdata\local\temp\f1i7cm porn yzw1afy big fishy .mpg.exe
C:\users\default\appdata\local\<INETFILES>\horse bq4kno .rar.exe
C:\users\default\appdata\local\microsoft\windows\<INETFILES>\black cum uncut (jade).mpg.exe
C:\users\default\appdata\local\temp\gay uncut .mpeg.exe
C:\users\default\templates\4h1e2a346 beast bq4kno sm .zip.exe
C:\users\default\appdata\local\<INETFILES>\nom72kl sgu4m7oc (c4w8hqa).zip.exe
C:\users\default\appdata\roaming\microsoft\windows\templates\xxx l9hwcs7vvnphd9 (karin).avi.exe
C:\users\default\templates\gzn4ud7e wep6b08 beast bq4kno cock ash .zip.exe
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\black w6csjja14n1 gay bq4kno hole zmc8ujp .mpg.exe
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\tsomq34 l9hwcs7vvnphd9 latex (36mho73,c4w8hqa).zip.exe
%TEMP%\8r3baiec porn tsomq34 l9hwcs7vvnphd9 (sarah).avi.exe
%TEMP%\eq7k2xcxt w6csjja14n1 beast [free] hole .rar.exe
%LOCALAPPDATA%\<INETFILES>\beast [milf] sm (36mho73,cy4xpd).zip.exe
%LOCALAPPDATA%\<INETFILES>\nom72kl hot (!) zn3tvn .zip.exe
%LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\lpcu5ai3 girls fw58kpr41ob1w .mpg.exe
%LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\black wep6b08 mzwpstr8n uncut .mpg.exe
%LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\black h93bklf horse epyxwn zmc8ujp .zip.exe
%LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\black 7nd83wovj nom72kl [bangbus] boots .mpeg.exe
%LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\tsomq34 sgu4m7oc qx2j1b5 .zip.exe
%LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\8r3baiec porn nom72kl ihthd33 8bgkvshe1 (sandy,sarah).rar.exe
%APPDATA%\microsoft\templates\xxx [milf] glans nmibe2 .rar.exe
%APPDATA%\microsoft\templates\ big hotel .rar.exe
%APPDATA%\microsoft\windows\templates\f1i7cm horse mnho9y54 nom72kl (jade).avi.exe
%APPDATA%\microsoft\windows\templates\upfgetx wep6b08 xxx epyxwn ejn547rbxhd1 .mpg.exe
%APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\z9z7rwe w6csjja14n1 bq4kno .mpg.exe
%APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\z9z7rwe w6csjja14n1 nom72kl sgu4m7oc cock .rar.exe
%APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\z9z7rwe nude beast l9hwcs7vvnphd9 .mpg.exe
%HOMEPATH%\templates\f1i7cm ddqayq mnho9y54 vjq39c1gwy eigt45 .rar.exe
%APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\f07qtt 7nd83wovj tsomq34 epyxwn gh5b6gd7wrv .mpg.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\eq7k2xcxt wep6b08 sgu4m7oc nrb42wq .mpeg.exe
%HOMEPATH%\templates\f1i7cm cum mnho9y54 ihthd33 (2hbt8wr).rar.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\nom72kl sgu4m7oc lady (sandy,cy4xpd).rar.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\yzw1afy ihthd33 sm .mpeg.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\fac71w2 wep6b08 nom72kl vjq39c1gwy glans ol6p1tua (g6u8n4r).mpeg.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\mzwpstr8n nom72kl fw58kpr41ob1w .zip.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\gzn4ud7e 8ok6yf beast 7vepaqjm 6tl9zg0uqa .mpg.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\black xakmpl mnho9y54 sgu4m7oc (jade).zip.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\mzwpstr8n bq4kno hole lzxyhb7k .mpg.exe
%WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\tsomq34 uncut girly .rar.exe
%WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\gzn4ud7e h93bklf lpcu5ai3 epyxwn feet girly .avi.exe
%WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\f1i7cm bd1l5ir horse apv53deiq9fw gsva2xn .rar.exe
%WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\upfgetx porn xxx uncut eigt45 .zip.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\f07qtt 7nd83wovj mnho9y54 hot (!) hole .zip.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\eq7k2xcxt cum gay nom72kl 8bgkvshe1 .mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\z9z7rwe xakmpl gay [milf] ol6p1tua (haj1oyikd,sarah).mpeg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\f07qtt porn tsomq34 [bangbus] girly .avi.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\z9z7rwe xakmpl mnho9y54 apv53deiq9fw titts .rar.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\black ddqayq nom72kl 7vepaqjm lady .zip.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\sperm [milf] cock lzxyhb7k .avi.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\gzn4ud7e w6csjja14n1 lpcu5ai3 ihthd33 8pfmdyy .mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\lpcu5ai3 big cock .zip.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\f1i7cm 7nd83wovj gay l9hwcs7vvnphd9 lady .avi.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\horse 7vepaqjm cock .mpeg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\black porn sperm apv53deiq9fw glans 779mipj .zip.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\yzw1afy [free] hole qx2j1b5 .rar.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\ uncut feet (sonja,y8oxsqa).zip.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\z9z7rwe h93bklf lpcu5ai3 girls .mpeg.exe
%WINDIR%\assembly\temp\4h1e2a346 sperm uncut cock lzxyhb7k (sarah).avi.exe
%WINDIR%\assembly\temp\z9z7rwe porn mnho9y54 ihthd33 cock sgoibhh .zip.exe
%WINDIR%\assembly\tmp\black w6csjja14n1 gay big rv0y8n .rar.exe
%WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\8r3baiec wep6b08 vjq39c1gwy hole ash (liz).zip.exe
%WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\tsomq34 vjq39c1gwy (cy4xpd).rar.exe
%WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\f07qtt h93bklf mnho9y54 l9hwcs7vvnphd9 ae2sd7u4xh .mpg.exe
%WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\yzw1afy big fw58kpr41ob1w .mpeg.exe
%WINDIR%\pla\templates\fac71w2 wep6b08 gay girls (sarah).rar.exe
%WINDIR%\pla\templates\upfgetx porn horse [free] zmc8ujp .mpeg.exe
%WINDIR%\security\templates\fac71w2 ddqayq beast [free] cock girly (jade).zip.exe
%WINDIR%\security\templates\xxx big 779mipj .mpg.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\mzwpstr8n [milf] gsva2xn .avi.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\temp\z9z7rwe w6csjja14n1 sperm apv53deiq9fw .mpg.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\z9z7rwe xakmpl nom72kl apv53deiq9fw lzxyhb7k .rar.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\temp\eq7k2xcxt cum gay epyxwn .mpeg.exe
%WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\eq7k2xcxt horse beast [milf] cock latex .rar.exe
%WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\eq7k2xcxt wep6b08 sperm [bangbus] glans ejn547rbxhd1 .zip.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\nom72kl vjq39c1gwy feet 6tl9zg0uqa .mpg.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\z9z7rwe 7nd83wovj xxx 7vepaqjm .zip.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\temp\s2fkave porn nom72kl hole .mpg.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\temp\horse girls titts .rar.exe
%WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\s2fkave horse mzwpstr8n vjq39c1gwy zmc8ujp (jenna,jade).mpeg.exe
%WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\8r3baiec w6csjja14n1 mzwpstr8n vjq39c1gwy gh5b6gd7wrv .rar.exe
%WINDIR%\syswow64\config\systemprofile\lpcu5ai3 l9hwcs7vvnphd9 cock ol6p1tua .avi.exe
%WINDIR%\syswow64\config\systemprofile\f1i7cm horse nom72kl 7vepaqjm (c4w8hqa).mpeg.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\fac71w2 bd1l5ir nom72kl apv53deiq9fw feet balls .mpeg.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\f07qtt 7nd83wovj lpcu5ai3 big sweet .mpg.exe
%WINDIR%\syswow64\fxstmp\z1qxwcd mnho9y54 vjq39c1gwy ol6p1tua .zip.exe
%WINDIR%\syswow64\fxstmp\eq7k2xcxt xakmpl mnho9y54 l9hwcs7vvnphd9 hole 50+ .mpg.exe
%WINDIR%\syswow64\ime\shared\s2fkave ddqayq tsomq34 7vepaqjm hole .mpg.exe
%WINDIR%\syswow64\ime\shared\black w6csjja14n1 lpcu5ai3 l9hwcs7vvnphd9 glans .rar.exe
%WINDIR%\syswow64\config\systemprofile\eq7k2xcxt wep6b08 yzw1afy bq4kno (2hbt8wr).mpeg.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\4h1e2a346 xxx hot (!) fw58kpr41ob1w .zip.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\beast nom72kl feet girly .zip.exe
%WINDIR%\syswow64\fxstmp\beast big .avi.exe
%WINDIR%\syswow64\fxstmp\f07qtt xakmpl beast nom72kl glans young .avi.exe
%WINDIR%\syswow64\ime\shared\nom72kl big nrb42wq .rar.exe
%WINDIR%\syswow64\ime\shared\upfgetx w6csjja14n1 lpcu5ai3 [bangbus] titts gh5b6gd7wrv .mpeg.exe
%WINDIR%\temp\8r3baiec w6csjja14n1 gay l9hwcs7vvnphd9 titts .mpg.exe
%WINDIR%\temp\yzw1afy nom72kl .mpeg.exe
%WINDIR%\winsxs\installtemp\7nd83wovj tsomq34 epyxwn .avi.exe
%WINDIR%\winsxs\installtemp\ddqayq mnho9y54 7vepaqjm hole .avi.exe

Miscellaneous

Searches for the following windows

ClassName: 'Progman' WindowName: ''
ClassName: 'Proxy Desktop' WindowName: ''

Restarts the analyzed sample

Executes the following

'%WINDIR%\explorer.exe'

Technologies

Terminology

Training and education

Myths

Technical Information

Curing recommendations

Free trial