Trojan.KillProc2.29858

Technical Information

Malicious functions

Terminates or attempts to terminate

the following system processes:

%WINDIR%\explorer.exe
<SYSTEM32>\taskhost.exe
<SYSTEM32>\dwm.exe

the following user processes:

iexplore.exe
firefox.exe

Modifies file system

Creates the following files

%WINDIR%y1s2fctrp3
%CommonProgramFiles%\microsoft shared\upfgetx bd1l5ir l9hwcs7vvnphd9 eigt45 .zip.exe
%ProgramFiles%\dvd maker\shared\nom72kl yzw1afy uncut lzxyhb7k .zip.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\nude xxx ihthd33 rv0y8n .zip.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\0287zh 7nd83wovj nom72kl ol6p1tua .mpeg.exe
%ProgramFiles%\microsoft office\office14\groove\xml files\space templates\8ok6yf apv53deiq9fw sweet .rar.exe
%ProgramFiles%\microsoft office\templates\f1i7cm nude sgu4m7oc hairy (hyo87il,36mho73).zip.exe
%ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\ikdyfwhy nude epyxwn ol6p1tua .rar.exe
%ProgramFiles%\windows journal\templates\zc8giv9 wep6b08 [milf] legs .zip.exe
%ProgramFiles%\windows sidebar\shared gadgets\nude mnho9y54 [free] .rar.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\porn bd1l5ir ihthd33 boobs qq6w54yfhtqrbwcslg .mpeg.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\z1qxwcd lpcu5ai3 uncut feet .mpg.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\ gay hot (!) .rar.exe
%CommonProgramFiles(x86)%\microsoft shared\wpjwijv horse 7vepaqjm ash (haj1oyikd).rar.exe
%ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\wep6b08 xakmpl [milf] .avi.exe
%ProgramFiles(x86)%\windows sidebar\shared gadgets\xakmpl 7nd83wovj apv53deiq9fw ae2sd7u4xh (sarah,2hbt8wr).mpeg.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\zc8giv9 horse vjq39c1gwy .mpeg.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\z9z7rwe mzwpstr8n sperm hot (!) .zip.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\upfgetx beast hot (!) legs .mpg.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\z9z7rwe 8ok6yf bd1l5ir apv53deiq9fw legs young .mpg.exe
%ALLUSERSPROFILE%\templates\f07qtt cum vjq39c1gwy gsva2xn .mpg.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\horse horse [milf] qq6w54yfhtqrbwcslg .avi.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\mzwpstr8n [milf] fw58kpr41ob1w .mpeg.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\jxaglwti bd1l5ir uncut .zip.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\asian xxx ihthd33 legs .zip.exe
%ALLUSERSPROFILE%\templates\f07qtt wep6b08 [milf] shoes .mpg.exe
C:\users\default\appdata\local\microsoft\windows\<INETFILES>\8r3baiec bd1l5ir girls 6tl9zg0uqa .mpg.exe
C:\users\default\appdata\local\temp\0287zh xxx cum epyxwn lady (haj1oyikd).mpeg.exe
C:\users\default\appdata\local\<INETFILES>\horse [bangbus] kfp2yqq (sarah,karin).mpeg.exe
C:\users\default\appdata\roaming\microsoft\windows\templates\tsomq34 hot (!) zmc8ujp .rar.exe
C:\users\default\templates\fac71w2 sperm 8ok6yf 7vepaqjm .mpg.exe
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\jxaglwti 8ok6yf sperm big lady .mpeg.exe
%TEMP%\viaz50 8ok6yf uncut qx2j1b5 .mpg.exe
%LOCALAPPDATA%\<INETFILES>\wep6b08 uncut (y8oxsqa,gina).mpg.exe
%LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\f07qtt xxx bq4kno 40+ .mpeg.exe
%LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\gay nude uncut qx2j1b5 .rar.exe
%LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\ikdyfwhy tsomq34 8ok6yf girls zmc8ujp .mpg.exe
%APPDATA%\microsoft\templates\fac71w2 7nd83wovj nom72kl js80j73 (rdl1tfkz,gina).avi.exe
%APPDATA%\microsoft\windows\templates\ikdyfwhy w6csjja14n1 w6csjja14n1 l9hwcs7vvnphd9 cock .rar.exe
%APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\wpjwijv mnho9y54 girls cock ol6p1tua .mpeg.exe
%APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\zc8giv9 gay mnho9y54 epyxwn .mpeg.exe
%HOMEPATH%\templates\0287zh cum ihthd33 boots .avi.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\8r3baiec mnho9y54 xakmpl vjq39c1gwy 50+ .rar.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\f07qtt h93bklf cum nom72kl glans girly .mpeg.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\upfgetx 7nd83wovj l9hwcs7vvnphd9 .zip.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\nom72kl sgu4m7oc latex .rar.exe
%WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\eq7k2xcxt h93bklf 7vepaqjm .mpeg.exe
%WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\jxaglwti h93bklf h93bklf hot (!) hole lzxyhb7k (liz).rar.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\wpjwijv h93bklf [free] boobs fishy .zip.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\fac71w2 mzwpstr8n sgu4m7oc 779mipj .avi.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\upfgetx wep6b08 bq4kno (dxocjwba,jenna).zip.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\7nd83wovj porn [bangbus] .avi.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\black wep6b08 horse [free] .mpeg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\xxx wep6b08 uncut sgoibhh (c4w8hqa,jade).mpg.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\black nom72kl hot (!) b37oavmx289 (c4w8hqa).zip.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\f07qtt beast lpcu5ai3 uncut feet girly .mpg.exe
%WINDIR%\assembly\temp\asian mnho9y54 uncut sm (dxocjwba,haj1oyikd).mpg.exe
%WINDIR%\assembly\tmp\gay l9hwcs7vvnphd9 lady .rar.exe
%WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\fac71w2 7nd83wovj [bangbus] sm .avi.exe
%WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\fac71w2 w6csjja14n1 vjq39c1gwy boots .zip.exe
%WINDIR%\pla\templates\upfgetx sperm uncut glans .avi.exe
%WINDIR%\security\templates\7b6fhxi w6csjja14n1 yzw1afy uncut (c4w8hqa,hyo87il).rar.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\fac71w2 beast bq4kno eigt45 .avi.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\temp\gay [milf] .mpg.exe
%WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\black xxx wep6b08 sgu4m7oc ash (cy4xpd).rar.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\bd1l5ir nude uncut legs .avi.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\temp\eq7k2xcxt mzwpstr8n nom72kl ae2sd7u4xh (karin,dxocjwba).mpeg.exe
%WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\0287zh xakmpl yzw1afy apv53deiq9fw sgoibhh .rar.exe
%WINDIR%\syswow64\config\systemprofile\ddqayq hot (!) 40+ .avi.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\z9z7rwe horse mnho9y54 [bangbus] .avi.exe
%WINDIR%\syswow64\fxstmp\fac71w2 ddqayq l9hwcs7vvnphd9 hotel (2hbt8wr,haj1oyikd).avi.exe
%WINDIR%\syswow64\config\systemprofile\viaz50 yzw1afy horse epyxwn legs .mpeg.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\jxaglwti cum bq4kno .avi.exe
%WINDIR%\syswow64\fxstmp\asian yzw1afy ddqayq big .rar.exe
%WINDIR%\syswow64\ime\shared\upfgetx porn mnho9y54 vjq39c1gwy (karin).zip.exe
%WINDIR%\temp\lpcu5ai3 apv53deiq9fw .avi.exe
%WINDIR%\winsxs\installtemp\viaz50 horse epyxwn jxqgtp .zip.exe

Network activity

TCP

Other

'34.##9.100.209':443

Miscellaneous

Searches for the following windows

ClassName: 'Progman' WindowName: ''
ClassName: 'Proxy Desktop' WindowName: ''

Restarts the analyzed sample

Executes the following

'%WINDIR%\explorer.exe'

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

Technical Information

Curing recommendations

Free trial