Trojan.KillProc2.24697

Technical Information

Malicious functions

Terminates or attempts to terminate

the following system processes:

%WINDIR%\explorer.exe
<SYSTEM32>\taskhost.exe
<SYSTEM32>\dwm.exe

the following user processes:

iexplore.exe
firefox.exe

Modifies file system

Creates the following files

%WINDIR%kp371l5wgy
%WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\wsao9hp uncut sweet .avi.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\31o0dp fqp5u2 vov55134 (mehod6gm,rk7el06).mpeg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\vxji6tp [free] .mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\kx2fuhd horse 2o7agtrwm169 young .mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\gay wsao9hp vov55134 .mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\jh8d3r vov55134 (f37wta27n).rar.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\0p5tc4z jrz4xe2qq5 ozjdbxjut9f .mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\mzt7xssz a01ukra wsao9hp big hvplvwu8eqfb2 .mpg.exe
%WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\fdo7awuw horse lbh36g .avi.exe
%WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\vxji6tp horse big ygalq9ar8 .mpg.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\ejo8jis nude 0p5tc4z d4stkw (sarah).mpeg.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\ejo8jis gay beast mns74qe fst67j .mpeg.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\f0d66vw5c 2o7agtrwm169 gub58yt89s .zip.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\7u32ad fqp5u2 [free] glans .rar.exe
%HOMEPATH%\templates\ mns74qe glans (f37wta27n).zip.exe
%WINDIR%\assembly\temp\nude uncut .rar.exe
%WINDIR%\assembly\tmp\qomtp0c6n le7ybowq j7b8ml41 uncut vb1k7el4dd0n .rar.exe
%WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\fdo7awuw 8s65bcmon sperm lbh36g 71iaxi6 .zip.exe
%WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\le7ybowq rklw2d9a .zip.exe
%WINDIR%\syswow64\ime\shared\cum 644w3i .mpeg.exe
%WINDIR%\syswow64\fxstmp\asian beast girls legs .zip.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\jh8d3r ge7e1pc girls shoes .rar.exe
%WINDIR%\syswow64\config\systemprofile\asian l98hx7x rklw2d9a boobs ygalq9ar8 .avi.exe
%WINDIR%\syswow64\ime\shared\gchew6 horse g17ga394zga [bangbus] wifey .mpeg.exe
%WINDIR%\syswow64\fxstmp\qomtp0c6n xur788 vov55134 titts rjeygzs .avi.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\i4pxa0 cum big (karin).zip.exe
%WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\j7b8ml41 jh8d3r brfcb7z605awa1 latex (sqnj4o2,rk7el06).mpg.exe
%WINDIR%\syswow64\config\systemprofile\31o0dp 0p5tc4z gay uncut shoes .rar.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\temp\kqu9i321 fqp5u2 2o7agtrwm169 ash gub58yt89s (gina,karin).mpg.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\z2etygv horse uncut glans 3apblk76e9 .mpeg.exe
%WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\le7ybowq vxji6tp [bangbus] titts .avi.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\temp\j7b8ml41 vov55134 poq7t3b (sonja,liz).zip.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\3u5spn8 g17ga394zga brfcb7z605awa1 .avi.exe
%WINDIR%\security\templates\i4pxa0 xur788 g17ga394zga big ash pn1fq0enrb (karin).zip.exe
%WINDIR%\pla\templates\kx2fuhd horse hot (!) (mehod6gm,mehod6gm).zip.exe
%WINDIR%\temp\7u32ad f0d66vw5c 0p5tc4z (jade,kyzrud3k).mpeg.exe
%APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\z2etygv cum mns74qe fl8p0mg .zip.exe
%APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\black 0p5tc4z 8s65bcmon brfcb7z605awa1 .mpg.exe
%APPDATA%\microsoft\windows\templates\tfchr9dz nude 2o7agtrwm169 ash (sqnj4o2,f37wta27n).mpeg.exe
%ProgramFiles(x86)%\windows sidebar\shared gadgets\7u32ad vxji6tp l98hx7x vov55134 (wsnom1,jade).rar.exe
%ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\horse jrz4xe2qq5 m3ee28g .zip.exe
%CommonProgramFiles(x86)%\microsoft shared\l98hx7x [free] hotel .zip.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\black 8s65bcmon mns74qe ash balls .zip.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\asian nude gay girls m3ee28g .mpeg.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\3u5spn8 horse [milf] (sonja).zip.exe
%ProgramFiles%\windows sidebar\shared gadgets\l98hx7x big legs ash .zip.exe
%ProgramFiles%\windows journal\templates\le7ybowq a01ukra 2o7agtrwm169 feet sm .mpeg.exe
%ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\naf90b4 horse gay rklw2d9a girly .avi.exe
%ProgramFiles%\microsoft office\templates\qomtp0c6n f0d66vw5c big ozjdbxjut9f (0veufa2).rar.exe
%ProgramFiles%\microsoft office\office14\groove\xml files\space templates\f0d66vw5c [free] fl8p0mg wifey .avi.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\nude uncut (mehod6gm,rk7el06).rar.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\3u5spn8 jh8d3r xxx 2o7agtrwm169 (liz).avi.exe
%ProgramFiles%\dvd maker\shared\xxx lbh36g hole .zip.exe
%CommonProgramFiles%\microsoft shared\7u32ad horse hot (!) (liz).avi.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\qomtp0c6n [free] .avi.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\xur788 gay 644w3i .zip.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\horse girls legs (sonja,6f405vn).avi.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\ysfegetkc fqp5u2 cum [free] fl8p0mg gub58yt89s .avi.exe
%LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\nude xxx 0p5tc4z cock (sandy).rar.exe
%LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\ejo8jis xxx vov55134 cock hugln04 .mpg.exe
%LOCALAPPDATA%\<INETFILES>\sperm jrz4xe2qq5 x6kmcmo4gkv .avi.exe
%TEMP%\ysfegetkc porn uncut ash .zip.exe
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\f0d66vw5c nude 2o7agtrwm169 glans (rk7el06,sqnj4o2).zip.exe
C:\users\default\templates\ porn brfcb7z605awa1 ltpaws6 .rar.exe
C:\users\default\appdata\roaming\microsoft\windows\templates\ci8phqp j7b8ml41 nude rklw2d9a .zip.exe
C:\users\default\appdata\local\temp\z2etygv nude [milf] .avi.exe
C:\users\default\appdata\local\<INETFILES>\mzt7xssz horse g17ga394zga mns74qe rjeygzs (7d55pj0,wsnom1).rar.exe
C:\users\default\appdata\local\microsoft\windows\<INETFILES>\ua1zu28 f0d66vw5c uncut ygalq9ar8 .rar.exe
%ALLUSERSPROFILE%\templates\i4pxa0 le7ybowq [milf] legs fst67j .avi.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\kqu9i321 cum fqp5u2 vov55134 m3ee28g (sonja,6f405vn).avi.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\ysfegetkc a01ukra horse 2o7agtrwm169 feet .avi.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\i4pxa0 a01ukra ge7e1pc big cock pn1fq0enrb .rar.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\l98hx7x 8s65bcmon uncut .avi.exe
%ALLUSERSPROFILE%\templates\i4pxa0 8s65bcmon hot (!) d4stkw .mpeg.exe
%APPDATA%\microsoft\templates\3u5spn8 vxji6tp horse rklw2d9a boobs d4stkw .mpg.exe
%WINDIR%\winsxs\installtemp\nude girls .mpg.exe

Miscellaneous

Searches for the following windows

ClassName: 'Progman' WindowName: ''
ClassName: 'Proxy Desktop' WindowName: ''

Restarts the analyzed sample

Executes the following

'%WINDIR%\explorer.exe'

Technologies

Terminology

Training and education

Myths

Technical Information

Curing recommendations

Free trial