Trojan.KillProc2.25319

Technical Information

Malicious functions

Terminates or attempts to terminate

the following system processes:

%WINDIR%\explorer.exe
<SYSTEM32>\taskhost.exe
<SYSTEM32>\dwm.exe

the following user processes:

iexplore.exe
firefox.exe

Modifies file system

Creates the following files

%WINDIR%y1s2fctrp3
%CommonProgramFiles%\microsoft shared\fac71w2 gay mnho9y54 apv53deiq9fw 8bgkvshe1 .rar.exe
%ProgramFiles%\dvd maker\shared\f1i7cm 8ok6yf xakmpl bq4kno cock .mpg.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\f1i7cm w6csjja14n1 horse big .avi.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\zc8giv9 xakmpl lpcu5ai3 nom72kl .avi.exe
%ProgramFiles%\microsoft office\office14\groove\xml files\space templates\ikdyfwhy w6csjja14n1 hot (!) .zip.exe
%ProgramFiles%\microsoft office\templates\beast big ash (jade,gina).avi.exe
%ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\eq7k2xcxt horse [milf] jxqgtp 6tl9zg0uqa .mpg.exe
%ProgramFiles%\windows journal\templates\asian wep6b08 hot (!) .rar.exe
%ProgramFiles%\windows sidebar\shared gadgets\ikdyfwhy beast big glans (sonja,sonja).rar.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\ girls hole qx2j1b5 (dehod0).rar.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\8r3baiec porn [milf] rv0y8n (hyo87il).mpeg.exe
%CommonProgramFiles(x86)%\microsoft shared\upfgetx mnho9y54 uncut ash shoes .mpeg.exe
%ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\horse girls .mpeg.exe
%ProgramFiles(x86)%\windows sidebar\shared gadgets\s2fkave horse girls wifey .rar.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\gzn4ud7e ddqayq bq4kno legs young .mpg.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\0287zh sperm nom72kl bq4kno cock .rar.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\ddqayq horse [bangbus] gh5b6gd7wrv .mpeg.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\asian sperm l9hwcs7vvnphd9 sm .mpg.exe
%ALLUSERSPROFILE%\templates\mzwpstr8n mnho9y54 [free] qx2j1b5 .zip.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\viaz50 wep6b08 vjq39c1gwy hole (sonja).zip.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\wep6b08 nom72kl hot (!) lady (sandy,dehod0).avi.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\upfgetx 7nd83wovj sgu4m7oc titts .rar.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\xxx beast nom72kl gh5b6gd7wrv .rar.exe
%ALLUSERSPROFILE%\templates\f07qtt mzwpstr8n gay apv53deiq9fw mg9fvb2xk9 (liz,dehod0).mpeg.exe
C:\users\default\appdata\local\microsoft\windows\<INETFILES>\ikdyfwhy bd1l5ir ihthd33 rv0y8n .mpeg.exe
C:\users\default\appdata\local\temp\mzwpstr8n xxx bq4kno .zip.exe
C:\users\default\appdata\local\<INETFILES>\xakmpl sperm ihthd33 feet shoes .mpeg.exe
C:\users\default\appdata\roaming\microsoft\windows\templates\sperm nom72kl nom72kl .zip.exe
C:\users\default\templates\gzn4ud7e beast sgu4m7oc .rar.exe
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\asian 7nd83wovj beast apv53deiq9fw ash rv0y8n .mpg.exe
%TEMP%\f07qtt cum uncut qx2j1b5 .mpg.exe
%LOCALAPPDATA%\<INETFILES>\upfgetx 7nd83wovj ddqayq ihthd33 (hyo87il,y8oxsqa).mpeg.exe
%LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\mnho9y54 uncut feet (karin).rar.exe
%LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\8ok6yf girls girly (jade).avi.exe
%LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\f07qtt xxx epyxwn js80j73 .mpeg.exe
%APPDATA%\microsoft\templates\black lpcu5ai3 w6csjja14n1 uncut lady .rar.exe
%APPDATA%\microsoft\windows\templates\f07qtt yzw1afy vjq39c1gwy boobs 40+ (c4w8hqa).avi.exe
%APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\8ok6yf yzw1afy big feet nmibe2 .rar.exe
%APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\7b6fhxi xakmpl beast hot (!) gsva2xn .zip.exe
%HOMEPATH%\templates\nude xakmpl apv53deiq9fw titts (c4w8hqa,36mho73).rar.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\mnho9y54 [milf] shoes .rar.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\jxaglwti 7nd83wovj big ejn547rbxhd1 .mpg.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\black mzwpstr8n yzw1afy 7vepaqjm cock 40+ .rar.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\asian 8ok6yf w6csjja14n1 ihthd33 8bgkvshe1 (sonja,sandy).rar.exe
%WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\viaz50 mnho9y54 mnho9y54 7vepaqjm feet .mpg.exe
%WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\black horse sgu4m7oc boobs qq6w54yfhtqrbwcslg .avi.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\jxaglwti w6csjja14n1 horse [bangbus] .mpeg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\yzw1afy sgu4m7oc .rar.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\7nd83wovj vjq39c1gwy cock balls .rar.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\tsomq34 apv53deiq9fw ae2sd7u4xh (36mho73,g6u8n4r).zip.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\jxaglwti beast apv53deiq9fw .mpeg.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\eq7k2xcxt tsomq34 porn [free] wifey .avi.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\porn h93bklf big .zip.exe
%WINDIR%\assembly\temp\viaz50 h93bklf ihthd33 eigt45 (y8oxsqa,g6u8n4r).mpg.exe
%WINDIR%\assembly\tmp\f07qtt nom72kl sperm vjq39c1gwy lzxyhb7k (36mho73,haj1oyikd).zip.exe
%WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\4h1e2a346 cum tsomq34 uncut (hyo87il).mpeg.exe
%WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\black ddqayq 7vepaqjm titts .mpg.exe
%WINDIR%\pla\templates\xakmpl cum [bangbus] rv0y8n .zip.exe
%WINDIR%\security\templates\eq7k2xcxt tsomq34 uncut (cy4xpd).zip.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\7b6fhxi 8ok6yf 8ok6yf bq4kno zmc8ujp (sandy).zip.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\temp\asian xxx sperm l9hwcs7vvnphd9 cock qq6w54yfhtqrbwcslg .mpg.exe
%WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\z1qxwcd mzwpstr8n h93bklf [bangbus] 8pfmdyy (haj1oyikd,sarah).avi.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\w6csjja14n1 xakmpl girls gsva2xn (y8oxsqa).rar.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\temp\horse hot (!) .zip.exe
%WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\nude hot (!) fw58kpr41ob1w .mpg.exe
%WINDIR%\syswow64\config\systemprofile\z9z7rwe xxx sgu4m7oc glans (dehod0,36mho73).mpg.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\f07qtt lpcu5ai3 horse epyxwn young (dxocjwba,dehod0).mpg.exe
%WINDIR%\syswow64\fxstmp\f1i7cm 8ok6yf sgu4m7oc .mpeg.exe
%WINDIR%\syswow64\ime\shared\0287zh wep6b08 [milf] 40+ .mpeg.exe
%WINDIR%\syswow64\config\systemprofile\upfgetx 8ok6yf gay ihthd33 legs (liz,dxocjwba).zip.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\ddqayq 7vepaqjm glans 8bgkvshe1 .rar.exe
%WINDIR%\syswow64\fxstmp\nom72kl l9hwcs7vvnphd9 zn3tvn .avi.exe
%WINDIR%\syswow64\ime\shared\w6csjja14n1 girls lzxyhb7k .zip.exe
%WINDIR%\temp\f1i7cm nude yzw1afy hot (!) lady (jenna).avi.exe
%WINDIR%\winsxs\installtemp\zc8giv9 gay sgu4m7oc .zip.exe
<Current directory>\sqjaed7r1vnw

Miscellaneous

Searches for the following windows

ClassName: 'Progman' WindowName: ''
ClassName: 'Proxy Desktop' WindowName: ''

Restarts the analyzed sample

Executes the following

'%WINDIR%\explorer.exe'

Technologies

Terminology

Training and education

Myths

Technical Information

Curing recommendations

Free trial