Trojan.KillProc2.28694

Technical Information

Malicious functions

Terminates or attempts to terminate

the following system processes:

%WINDIR%\explorer.exe
<SYSTEM32>\taskhost.exe
<SYSTEM32>\dwm.exe

the following user processes:

iexplore.exe
firefox.exe

Modifies file system

Creates the following files

%WINDIR%y1s2fctrp3
%CommonProgramFiles%\microsoft shared\viaz50 8ok6yf bd1l5ir apv53deiq9fw titts .zip.exe
%ProgramFiles%\dvd maker\shared\upfgetx sperm nom72kl epyxwn legs zmc8ujp .mpg.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\f07qtt 8ok6yf hot (!) b37oavmx289 .mpeg.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\z9z7rwe beast [free] lady .rar.exe
%ProgramFiles%\microsoft office\templates\s2fkave mnho9y54 big titts .zip.exe
%ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\7nd83wovj [milf] ash .avi.exe
%ProgramFiles%\windows journal\templates\gzn4ud7e horse big nrb42wq .zip.exe
%ProgramFiles%\windows sidebar\shared gadgets\f1i7cm porn [free] ash mg9fvb2xk9 .zip.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\asian gay horse nom72kl feet ae2sd7u4xh .avi.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\eq7k2xcxt sperm epyxwn (jade).rar.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\7b6fhxi wep6b08 nude 7vepaqjm (hyo87il,dehod0).mpg.exe
%CommonProgramFiles(x86)%\microsoft shared\z9z7rwe h93bklf bq4kno (liz,sonja).avi.exe
%ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\jxaglwti xxx mnho9y54 uncut ae2sd7u4xh (sandy).zip.exe
%ProgramFiles(x86)%\windows sidebar\shared gadgets\f07qtt nom72kl uncut .mpeg.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\tsomq34 wep6b08 girls boobs shoes .avi.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\asian gay girls (dehod0,rdl1tfkz).mpeg.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\f07qtt mzwpstr8n l9hwcs7vvnphd9 zmc8ujp (y8oxsqa,y8oxsqa).mpg.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\xakmpl apv53deiq9fw kfp2yqq (rdl1tfkz).zip.exe
%ALLUSERSPROFILE%\templates\8ok6yf bq4kno .mpeg.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\black cum hot (!) (dehod0).zip.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\gzn4ud7e beast bq4kno .avi.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\4h1e2a346 mzwpstr8n big kfp2yqq .zip.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\0287zh cum big hairy .mpeg.exe
%ALLUSERSPROFILE%\templates\f07qtt horse horse hot (!) (sarah,g6u8n4r).avi.exe
C:\users\default\appdata\local\microsoft\windows\<INETFILES>\horse nom72kl nom72kl .mpeg.exe
C:\users\default\appdata\local\temp\bd1l5ir lpcu5ai3 7vepaqjm 8pfmdyy (hyo87il).rar.exe
C:\users\default\appdata\local\<INETFILES>\horse girls legs .rar.exe
C:\users\default\appdata\roaming\microsoft\windows\templates\upfgetx xxx [free] ae2sd7u4xh .mpeg.exe
C:\users\default\templates\cum 7nd83wovj vjq39c1gwy zmc8ujp .rar.exe
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\ikdyfwhy mnho9y54 h93bklf nom72kl js80j73 .mpg.exe
%TEMP%\f1i7cm beast nom72kl girls boobs .mpeg.exe
%LOCALAPPDATA%\<INETFILES>\viaz50 cum nom72kl qx2j1b5 (haj1oyikd).zip.exe
%LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\asian ddqayq bq4kno (jenna,liz).zip.exe
%LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\viaz50 xakmpl beast uncut .mpg.exe
%LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\upfgetx nude nude girls (haj1oyikd,y8oxsqa).mpg.exe
%APPDATA%\microsoft\templates\gay big .mpeg.exe
%APPDATA%\microsoft\windows\templates\zc8giv9 ddqayq yzw1afy apv53deiq9fw 6tl9zg0uqa .avi.exe
%APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\nom72kl lpcu5ai3 sgu4m7oc cock girly .rar.exe
%APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\black beast xxx apv53deiq9fw .mpg.exe
%HOMEPATH%\templates\zc8giv9 wep6b08 sperm uncut shoes .mpeg.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\yzw1afy ddqayq bq4kno nmibe2 .mpg.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\wpjwijv 8ok6yf big titts .zip.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\z1qxwcd 7nd83wovj nom72kl vjq39c1gwy titts (liz,sonja).zip.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\beast xakmpl bq4kno ash young .mpg.exe
%WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\mnho9y54 sgu4m7oc qx2j1b5 .zip.exe
%WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\7b6fhxi cum apv53deiq9fw sgoibhh (jade).zip.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zc8giv9 gay 7nd83wovj bq4kno gsva2xn .mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\asian xxx w6csjja14n1 7vepaqjm feet gh5b6gd7wrv .mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\0287zh horse sgu4m7oc (jade).rar.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\4h1e2a346 w6csjja14n1 uncut qx2j1b5 (liz,karin).mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\wpjwijv 7nd83wovj nom72kl titts ol6p1tua .zip.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\f1i7cm xxx uncut lzxyhb7k .zip.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\f07qtt w6csjja14n1 ihthd33 .mpeg.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\cum ihthd33 gh5b6gd7wrv .mpeg.exe
%WINDIR%\assembly\temp\bd1l5ir 7vepaqjm .zip.exe
%WINDIR%\assembly\tmp\sperm gay 7vepaqjm qq6w54yfhtqrbwcslg .avi.exe
%WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\eq7k2xcxt xakmpl yzw1afy bq4kno ol6p1tua .mpg.exe
%WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\asian cum apv53deiq9fw lzxyhb7k .mpeg.exe
%WINDIR%\pla\templates\gzn4ud7e wep6b08 h93bklf apv53deiq9fw kfp2yqq .mpeg.exe
%WINDIR%\security\templates\eq7k2xcxt 7vepaqjm titts zn3tvn .rar.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\mnho9y54 nom72kl ihthd33 hole lzxyhb7k (rdl1tfkz).zip.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\temp\ikdyfwhy gay w6csjja14n1 big eigt45 .mpg.exe
%WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\h93bklf epyxwn feet qq6w54yfhtqrbwcslg .mpeg.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\gay beast bq4kno ash fw58kpr41ob1w .mpg.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\temp\ikdyfwhy cum horse [milf] ash .zip.exe
%WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\wpjwijv w6csjja14n1 nom72kl [bangbus] shoes .avi.exe
%WINDIR%\syswow64\config\systemprofile\h93bklf 8ok6yf [free] ash .rar.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\h93bklf nude apv53deiq9fw .zip.exe
%WINDIR%\syswow64\fxstmp\wep6b08 sperm nom72kl feet boots .mpeg.exe
%WINDIR%\syswow64\ime\shared\mnho9y54 ihthd33 boobs 40+ .zip.exe
%WINDIR%\syswow64\config\systemprofile\f07qtt ddqayq uncut ash 8pfmdyy .zip.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\viaz50 nude ihthd33 boobs balls .zip.exe
%WINDIR%\syswow64\fxstmp\ big cock (36mho73).mpg.exe
%WINDIR%\syswow64\ime\shared\4h1e2a346 7nd83wovj 7vepaqjm .zip.exe
%WINDIR%\temp\black nom72kl ihthd33 nmibe2 .rar.exe
%WINDIR%\winsxs\installtemp\lpcu5ai3 wep6b08 girls gsva2xn (g6u8n4r,rdl1tfkz).mpg.exe

Miscellaneous

Searches for the following windows

ClassName: 'Progman' WindowName: ''
ClassName: 'Proxy Desktop' WindowName: ''

Restarts the analyzed sample

Executes the following

'%WINDIR%\explorer.exe'

Technologies

Begriffe

Schulung und Training

Mythen

Technical Information

Curing recommendations

Free trial