Trojan.KillProc2.25549

Technical Information

Malicious functions

Terminates or attempts to terminate

the following system processes:

%WINDIR%\explorer.exe
<SYSTEM32>\taskhost.exe
<SYSTEM32>\dwm.exe

the following user processes:

iexplore.exe
firefox.exe

Modifies file system

Creates the following files

%WINDIR%y1s2fctrp3
%CommonProgramFiles%\microsoft shared\gzn4ud7e sperm mzwpstr8n uncut js80j73 .avi.exe
%ProgramFiles%\dvd maker\shared\s2fkave gay tsomq34 l9hwcs7vvnphd9 (cy4xpd).rar.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\tsomq34 nom72kl ihthd33 .mpeg.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\ uncut .zip.exe
%ProgramFiles%\microsoft office\office14\groove\xml files\space templates\h93bklf ddqayq apv53deiq9fw zn3tvn .zip.exe
%ProgramFiles%\microsoft office\templates\bd1l5ir w6csjja14n1 7vepaqjm .avi.exe
%ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\f07qtt mnho9y54 bq4kno ash fishy .zip.exe
%ProgramFiles%\windows journal\templates\fac71w2 xakmpl girls sweet .avi.exe
%ProgramFiles%\windows sidebar\shared gadgets\ikdyfwhy gay vjq39c1gwy .avi.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\ikdyfwhy gay 7vepaqjm sweet .zip.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\z1qxwcd gay big (sandy,sonja).avi.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\mnho9y54 sperm hot (!) .rar.exe
%CommonProgramFiles(x86)%\microsoft shared\xxx horse apv53deiq9fw ash (hyo87il).mpeg.exe
%ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\black bd1l5ir vjq39c1gwy jxqgtp ae2sd7u4xh (rdl1tfkz).avi.exe
%ProgramFiles(x86)%\windows sidebar\shared gadgets\horse ihthd33 .avi.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\0287zh nude girls girly .avi.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\fac71w2 sperm beast sgu4m7oc cock .mpg.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\7nd83wovj girls glans gh5b6gd7wrv .avi.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\0287zh mnho9y54 uncut ash .mpg.exe
%ALLUSERSPROFILE%\templates\eq7k2xcxt horse beast [milf] 8pfmdyy .avi.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\4h1e2a346 nom72kl sgu4m7oc .mpg.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\eq7k2xcxt horse ihthd33 .mpg.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\zc8giv9 wep6b08 nude 7vepaqjm .mpeg.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\w6csjja14n1 yzw1afy [milf] hole (rdl1tfkz,liz).mpg.exe
%ALLUSERSPROFILE%\templates\z9z7rwe w6csjja14n1 sgu4m7oc rv0y8n .avi.exe
C:\users\default\appdata\local\microsoft\windows\<INETFILES>\7b6fhxi lpcu5ai3 8ok6yf big 40+ .mpeg.exe
C:\users\default\appdata\local\temp\fac71w2 beast yzw1afy 7vepaqjm zn3tvn .zip.exe
C:\users\default\appdata\local\<INETFILES>\wep6b08 w6csjja14n1 ihthd33 .zip.exe
C:\users\default\appdata\roaming\microsoft\windows\templates\yzw1afy ihthd33 shoes .zip.exe
C:\users\default\templates\nom72kl horse [bangbus] (jenna,dxocjwba).mpg.exe
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\viaz50 8ok6yf vjq39c1gwy hole (dxocjwba).mpeg.exe
%TEMP%\s2fkave cum bq4kno ol6p1tua .rar.exe
%LOCALAPPDATA%\<INETFILES>\z9z7rwe lpcu5ai3 [milf] legs sm (2hbt8wr).zip.exe
%LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\fac71w2 lpcu5ai3 hot (!) .rar.exe
%LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\beast ihthd33 .mpeg.exe
%LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\h93bklf wep6b08 uncut cock .rar.exe
%APPDATA%\microsoft\templates\black 8ok6yf epyxwn .mpg.exe
%APPDATA%\microsoft\windows\templates\f1i7cm xakmpl 7vepaqjm qx2j1b5 (y8oxsqa,jade).avi.exe
%APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\ apv53deiq9fw shoes (y8oxsqa).mpg.exe
%APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\s2fkave sperm horse l9hwcs7vvnphd9 ash (cy4xpd,sonja).zip.exe
%HOMEPATH%\templates\0287zh horse horse uncut feet ae2sd7u4xh (rdl1tfkz).avi.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\wep6b08 l9hwcs7vvnphd9 .mpg.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\4h1e2a346 gay gay 7vepaqjm legs girly .zip.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\beast xakmpl ihthd33 eigt45 .mpeg.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\asian beast sperm apv53deiq9fw .rar.exe
%WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\f07qtt 7nd83wovj 7vepaqjm 779mipj (2hbt8wr,y8oxsqa).mpeg.exe
%WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\porn ihthd33 boobs .mpeg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\sperm bd1l5ir girls ash .avi.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\7b6fhxi lpcu5ai3 hot (!) .rar.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\ikdyfwhy gay sgu4m7oc qx2j1b5 (cy4xpd,2hbt8wr).avi.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\horse h93bklf [milf] jxqgtp fw58kpr41ob1w .mpeg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\asian ddqayq nom72kl vjq39c1gwy titts (c4w8hqa,liz).rar.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\z1qxwcd mnho9y54 girls hole nmibe2 .avi.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\jxaglwti nude cum hot (!) legs shoes (hyo87il,g6u8n4r).avi.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\z1qxwcd nom72kl 7vepaqjm boots (sandy).rar.exe
%WINDIR%\assembly\temp\wpjwijv w6csjja14n1 yzw1afy hot (!) cock ash .rar.exe
%WINDIR%\assembly\tmp\upfgetx tsomq34 yzw1afy nom72kl wifey .rar.exe
%WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\z9z7rwe beast nom72kl (jenna,gina).mpeg.exe
%WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\zc8giv9 nude 7vepaqjm .rar.exe
%WINDIR%\pla\templates\z9z7rwe uncut .avi.exe
%WINDIR%\security\templates\black nom72kl bq4kno ash .avi.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\fac71w2 wep6b08 porn sgu4m7oc .mpeg.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\temp\viaz50 ddqayq mzwpstr8n sgu4m7oc balls .mpeg.exe
%WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\upfgetx h93bklf uncut ejn547rbxhd1 (sandy,karin).mpg.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\zc8giv9 w6csjja14n1 cum nom72kl cock zn3tvn (dxocjwba,cy4xpd).mpg.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\temp\4h1e2a346 nom72kl mnho9y54 [bangbus] .mpg.exe
%WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\f07qtt nom72kl mzwpstr8n big gh5b6gd7wrv .zip.exe
%WINDIR%\syswow64\config\systemprofile\f1i7cm 8ok6yf ddqayq epyxwn (rdl1tfkz).avi.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\horse 7vepaqjm .avi.exe
%WINDIR%\syswow64\fxstmp\4h1e2a346 wep6b08 w6csjja14n1 vjq39c1gwy hotel .mpeg.exe
%WINDIR%\syswow64\ime\shared\wpjwijv beast 7vepaqjm .mpeg.exe
%WINDIR%\syswow64\config\systemprofile\z1qxwcd w6csjja14n1 nom72kl young (liz,jade).zip.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\mzwpstr8n lpcu5ai3 vjq39c1gwy 6tl9zg0uqa .zip.exe
%WINDIR%\syswow64\fxstmp\fac71w2 mnho9y54 big .rar.exe
%WINDIR%\syswow64\ime\shared\horse yzw1afy hot (!) ae2sd7u4xh .mpeg.exe
%WINDIR%\temp\h93bklf tsomq34 uncut 8pfmdyy .rar.exe
%WINDIR%\winsxs\installtemp\7nd83wovj nude epyxwn .mpg.exe
<Current directory>\sqjaed7r1vnw

Miscellaneous

Searches for the following windows

ClassName: 'Progman' WindowName: ''
ClassName: 'Proxy Desktop' WindowName: ''

Restarts the analyzed sample

Executes the following

'%WINDIR%\explorer.exe'

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

Technical Information

Curing recommendations

Free trial