Trojan.KillProc2.30276

Technical Information

Malicious functions

Terminates or attempts to terminate

the following system processes:

%WINDIR%\explorer.exe
<SYSTEM32>\taskhost.exe
<SYSTEM32>\dwm.exe

the following user processes:

iexplore.exe
firefox.exe

Modifies file system

Creates the following files

%WINDIR%y1s2fctrp3
%CommonProgramFiles%\microsoft shared\s2fkave h93bklf mzwpstr8n l9hwcs7vvnphd9 sm .avi.exe
%ProgramFiles%\dvd maker\shared\gay uncut js80j73 .mpeg.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\nom72kl apv53deiq9fw 8bgkvshe1 (gina,sarah).mpeg.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\gay uncut .rar.exe
%ProgramFiles%\microsoft office\office14\groove\xml files\space templates\gay [bangbus] hole .avi.exe
%ProgramFiles%\microsoft office\templates\gzn4ud7e xakmpl tsomq34 ihthd33 cock latex .mpg.exe
%ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\tsomq34 big feet sgoibhh .zip.exe
%ProgramFiles%\windows journal\templates\z9z7rwe w6csjja14n1 horse hot (!) titts (gina,c4w8hqa).avi.exe
%ProgramFiles%\windows sidebar\shared gadgets\black 7nd83wovj mnho9y54 [milf] hole 8pfmdyy (c4w8hqa).mpeg.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\sperm vjq39c1gwy hole .rar.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\horse sgu4m7oc (jade).rar.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\sperm uncut b37oavmx289 (hyo87il,dxocjwba).mpg.exe
%CommonProgramFiles(x86)%\microsoft shared\mzwpstr8n [free] (2hbt8wr).zip.exe
%ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\xxx apv53deiq9fw latex .avi.exe
%ProgramFiles(x86)%\windows sidebar\shared gadgets\mnho9y54 uncut .mpeg.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\s2fkave w6csjja14n1 sperm hot (!) (2hbt8wr).zip.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\fac71w2 7nd83wovj gay nom72kl qx2j1b5 .zip.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\tsomq34 hot (!) .zip.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\sperm vjq39c1gwy gh5b6gd7wrv .mpg.exe
%ALLUSERSPROFILE%\templates\s2fkave wep6b08 gay 7vepaqjm (c4w8hqa).avi.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\eq7k2xcxt cum gay big titts nrb42wq (g6u8n4r).mpg.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\black wep6b08 sperm ihthd33 feet fishy .avi.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\upfgetx porn gay [bangbus] nmibe2 .rar.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\f1i7cm ddqayq epyxwn .zip.exe
%ALLUSERSPROFILE%\templates\8r3baiec ddqayq yzw1afy vjq39c1gwy mg9fvb2xk9 .rar.exe
C:\users\default\appdata\local\microsoft\windows\<INETFILES>\s2fkave w6csjja14n1 mzwpstr8n hot (!) .zip.exe
C:\users\default\appdata\local\temp\tsomq34 uncut .mpg.exe
C:\users\default\appdata\local\<INETFILES>\ apv53deiq9fw feet .mpg.exe
C:\users\default\appdata\roaming\microsoft\windows\templates\beast hot (!) latex (sonja,liz).rar.exe
C:\users\default\templates\sperm ihthd33 779mipj (gina,sarah).rar.exe
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\eq7k2xcxt porn tsomq34 hot (!) 8pfmdyy .avi.exe
%TEMP%\nom72kl bq4kno cock mg9fvb2xk9 .avi.exe
%LOCALAPPDATA%\<INETFILES>\horse apv53deiq9fw (g6u8n4r).rar.exe
%LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\8r3baiec 8ok6yf horse l9hwcs7vvnphd9 zmc8ujp .mpg.exe
%LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\eq7k2xcxt w6csjja14n1 mzwpstr8n vjq39c1gwy .mpeg.exe
%LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\mzwpstr8n [bangbus] fishy .mpg.exe
%APPDATA%\microsoft\templates\s2fkave h93bklf tsomq34 [free] feet fw58kpr41ob1w .avi.exe
%APPDATA%\microsoft\windows\templates\eq7k2xcxt w6csjja14n1 sperm girls girly .avi.exe
%APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\yzw1afy hot (!) cock .rar.exe
%APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\sperm vjq39c1gwy cock boots (g6u8n4r).mpeg.exe
%HOMEPATH%\templates\black 8ok6yf yzw1afy [free] glans .zip.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\mzwpstr8n vjq39c1gwy .zip.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\mnho9y54 7vepaqjm (2hbt8wr).avi.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\mnho9y54 hot (!) lzxyhb7k .mpg.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\black 7nd83wovj lpcu5ai3 l9hwcs7vvnphd9 feet js80j73 (c4w8hqa).mpeg.exe
%WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\eq7k2xcxt bd1l5ir tsomq34 sgu4m7oc hole hotel .mpg.exe
%WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\lpcu5ai3 l9hwcs7vvnphd9 .mpeg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\gay nom72kl zn3tvn .mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\xxx [free] glans zmc8ujp (liz).avi.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\fac71w2 wep6b08 sperm ihthd33 girly .mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\mnho9y54 l9hwcs7vvnphd9 zn3tvn .zip.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\nom72kl uncut (karin).mpeg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\gzn4ud7e w6csjja14n1 xxx [bangbus] titts sweet .avi.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\tsomq34 ihthd33 (jade).rar.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\lpcu5ai3 [bangbus] cock .zip.exe
%WINDIR%\assembly\temp\black bd1l5ir sperm bq4kno cock young (y8oxsqa).zip.exe
%WINDIR%\assembly\tmp\yzw1afy 7vepaqjm .avi.exe
%WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\nom72kl nom72kl .zip.exe
%WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\black horse lpcu5ai3 [free] hole girly .avi.exe
%WINDIR%\pla\templates\fac71w2 cum horse apv53deiq9fw (g6u8n4r).avi.exe
%WINDIR%\security\templates\sperm sgu4m7oc .mpeg.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\eq7k2xcxt ddqayq sperm sgu4m7oc latex .rar.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\temp\beast vjq39c1gwy .mpg.exe
%WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\f07qtt horse sperm [free] feet shoes (g6u8n4r).avi.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\upfgetx wep6b08 gay ihthd33 feet .mpg.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\temp\gzn4ud7e h93bklf tsomq34 sgu4m7oc glans (rdl1tfkz,liz).mpeg.exe
%WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\nom72kl sgu4m7oc feet 6tl9zg0uqa .rar.exe
%WINDIR%\syswow64\config\systemprofile\fac71w2 xakmpl xxx girls hole sm .zip.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\sperm vjq39c1gwy hole .zip.exe
%WINDIR%\syswow64\fxstmp\fac71w2 xakmpl horse apv53deiq9fw hole .zip.exe
%WINDIR%\syswow64\ime\shared\lpcu5ai3 big ash .zip.exe
%WINDIR%\syswow64\config\systemprofile\nom72kl [milf] feet .mpg.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\upfgetx xakmpl yzw1afy nom72kl feet b37oavmx289 .rar.exe
%WINDIR%\syswow64\fxstmp\mzwpstr8n 7vepaqjm shoes (sonja,dxocjwba).zip.exe
%WINDIR%\syswow64\ime\shared\nom72kl apv53deiq9fw cock .mpg.exe
%WINDIR%\temp\8r3baiec wep6b08 lpcu5ai3 7vepaqjm (c4w8hqa).avi.exe
%WINDIR%\winsxs\installtemp\7nd83wovj beast big hotel .mpg.exe

Network activity

TCP

Other

'34.##9.100.209':443

Miscellaneous

Searches for the following windows

ClassName: 'Progman' WindowName: ''
ClassName: 'Proxy Desktop' WindowName: ''

Restarts the analyzed sample

Executes the following

'%WINDIR%\explorer.exe'

Technologies

Begriffe

Schulung und Training

Mythen

Technical Information

Curing recommendations

Free trial