ioc[.]one - OSINT Cyber Threat Intelligence Database

Persistent files. Stay even after I reinstall Windows. Is it malware? - Windows 10 Discussion

Tags

country:	United States Of America
attack-pattern:	Data Model Active Setup - T1547.014 Control Panel - T1218.002 Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Hardware - T1592.001 Malware - T1587.001 Malware - T1588.001 Mmc - T1218.014 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Rundll32 - T1085

Show in Graph

Common Information

Type	Value
UUID	1969fa7b-2c0c-4377-bf9c-7dd7ac5e686a
Fingerprint	3d52230ade86eed7
Analysis status	DONE
Considered CTI value	0
Text language
Published	Oct. 27, 2023, 7:22 a.m.
Added to db	Oct. 29, 2023, 9:01 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Persistent files. Stay even after I reinstall Windows. Is it malware?
Title	Persistent files. Stay even after I reinstall Windows. Is it malware? - Windows 10 Discussion
Detected Hints/Tags/Attributes	72/2/182

Source URLs

	Redirection	Url
Details	Source	https://www.bleepingcomputer.com/forums/t/790899/persistent-files-stay-even-after-i-reinstall-windows-is-it-malware/

URL Provider

Details	Provider	Source level domain
Details	bleepingcomputer.com	www.bleepingcomputer.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	163	✔	—	https://media.cert.europa.eu/rss?type=category&id=Malware&language=en&duplicates=false	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Windows Registry Key	2	HKU\S-1-5-21-3237366536-3690962144-3967476854-1001\...\RunOnce
Details	Windows Registry Key	59	HKLM\Software\Microsoft\Active
Details	Windows Registry Key	2	HKU\S-1-5-21-3237366536-3690962144-3967476854-1001\...\uTorrent
Details	Windows Registry Key	68	HKLM-x32\...\Microsoft
Details	Windows Registry Key	2	HKU\S-1-5-21-3237366536-3690962144-3967476854-1001\...\OneDriveSetup.exe
Details	Windows Registry Key	2	HKU\S-1-5-21-3237366536-3690962144-3967476854-1001_Classes\CLSID
Details	Windows Registry Key	2	HKU\S-1-5-21-3237366536-3690962144-3967476854-1001\Control
Details	Windows Registry Key	98	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Details	Windows Registry Key	15	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost
Details	Domain	162	bleepingcomputer.com
Details	Domain	3	www.ccleaner.com
Details	Domain	251	www.bleepingcomputer.com
Details	Domain	35	www.cnn.com
Details	Domain	3	majorgeeks.com
Details	Domain	9	speccy.piriform.com
Details	Domain	67	microsoft.windows
Details	Domain	2	mio.mo
Details	Domain	87	regid.1991-06.com.microsoft
Details	File	816	index.html
Details	File	3	speccy.html
Details	File	12	searchapp.exe
Details	File	5	brave_vpn_wireguard_service.exe
Details	File	1	c:\windows\system32\sru\sru001af.log
Details	File	2	setup.tmp
Details	File	2	botva2.dll
Details	File	1	is-d1q9a.tmp
Details	File	1	is-h5ca8.tmp
Details	File	208	setup.exe
Details	File	99	c:\windows\explorer.exe
Details	File	2	c:\users\fukdafedgov\downloads\frst64.exe
Details	File	2	googleone.exe
Details	File	10	crashpad_handler.exe
Details	File	7	c:\program files\synaptics\syntp\syntpenh.exe
Details	File	2	c:\program files\synaptics\syntp\syntplpr.exe
Details	File	5	c:\program files\synaptics\syntp\syntpenhservice.exe
Details	File	1260	explorer.exe
Details	File	128	msedge.exe
Details	File	12	c:\program files\realtek\audio\hda\ravbg64.exe
Details	File	11	c:\program files\realtek\audio\hda\ravcpl64.exe
Details	File	8	c:\windows\system32\igfxem.exe
Details	File	8	c:\windows\system32\igfxhk.exe
Details	File	7	c:\windows\system32\igfxtray.exe
Details	File	6	c:\windows\syswow64\notepad.exe
Details	File	1	c:\program files\speccy\speccy64.exe
Details	File	306	services.exe
Details	File	3	c:\windows\system32\btwrsupportservice.exe
Details	File	2	vpnbygoogleoneservice.exe
Details	File	9	c:\windows\system32\igfxcuiservice.exe
Details	File	3	c:\windows\system32\ibmpmsvc.exe
Details	File	198	msmpeng.exe
Details	File	87	nissrv.exe
Details	File	1122	svchost.exe
Details	File	6	c:\windows\syswow64\lenovo\powermgr\powermgr.exe
Details	File	10	calculatorapp.exe
Details	File	14	filecoauth.exe
Details	File	49	c:\windows\immersivecontrolpanel\systemsettings.exe
Details	File	85	c:\windows\system32\dllhost.exe
Details	File	127	c:\windows\system32\rundll32.exe
Details	File	6	c:\windows\system32\securityhealthhost.exe
Details	File	7	sechealthui.exe
Details	File	5	c:\program files\synaptics\syntp\syntphelper.exe
Details	File	2	microsoftedgeupdatecore.exe
Details	File	9	c:\program files\bravesoftware\brave-browser\application\brave.exe
Details	File	409	c:\windows\system32\cmd.exe
Details	File	1	c:\users\fukdafedgov\appdata\local\microsoft\onedrive\update\onedrivesetup.exe
Details	File	1	c:\users\fukdafedgov\appdata\local\microsoft\onedrive\standaloneupdater\onedrivesetup.exe
Details	File	61	chrmstp.exe
Details	File	13	braveupdate.exe
Details	File	2	%programfiles%\dolby digital plus\ddp.exe
Details	File	105	googleupdate.exe
Details	File	5	c:\windows\syswow64\powermgrinst.exe
Details	File	97	mpcmdrun.exe
Details	File	2	c:\users\fukdafedgov\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
Details	File	7	brave_vpn_helper.exe
Details	File	3	c:\windows\system32\lplatsvc.exe
Details	File	38	c:\program files\windows defender advanced threat protection\mssense.exe
Details	File	14	elevation_service.exe
Details	File	2	c:\users\fukdafedgov\appdata\local\temp\cpuz149\cpuz149_x64.sys
Details	File	2	c:\windows\system32\drivers\googtun.sys
Details	File	39	mpksldrv.sys
Details	File	2	c:\windows\system32\drivers\pmdrvs.sys
Details	File	2	c:\windows\system32\drivers\risdxc64.sys
Details	File	70	c:\windows\system32\drivers\wd\wdboot.sys
Details	File	70	c:\windows\system32\drivers\wd\wdfilter.sys
Details	File	70	c:\windows\system32\drivers\wd\wdnisdrv.sys
Details	File	2	c:\users\fukdafedgov\downloads\mtb.txt
Details	File	2	c:\users\fukdafedgov\downloads\minitoolbox.exe
Details	File	2	c:\users\fukdafedgov\downloads\spsetup132.exe
Details	File	1	c:\users\fukdafedgov\appdata\roaming\microsoft\mmc 2023-10-25 00:32 - 2023-10-25 00:32 - 000000000 ____d c:\users\fukdafedgov\appdata\local\crashdumps 2023-10-24 23:50 - 2023-10-28 02:33 - 000022436 _____ c:\users\fukdafedgov\downloads\addition.txt
Details	File	1	c:\users\fukdafedgov\appdata\local\mbam 2023-10-24 23:32 - 2023-10-25 02:27 - 000000000 ____d c:\users\fukdafedgov\appdata\local\malwarebytes 2023-10-24 23:22 - 2023-10-24 23:22 - 000000000 ____d c:\programdata\malwarebytes 2023-10-24 23:22 - 2023-10-24 23:22 - 000000000 ____d c:\program files\malwarebytes 2023-10-24 23:13 - 2023-10-28 03:38 - 000017836 _____ c:\users\fukdafedgov\downloads\frst.txt
Details	File	2	c:\windows\msdownld.tmp
Details	File	2	c:\users\fukdafedgov\downloads\vpnbygoogleonesetup.exe
Details	File	2	c:\users\fukdafedgov\downloads\spotifysetup.exe
Details	File	2	c:\windows\system32\drivers\samsfpa.dat
Details	File	2	c:\windows\system32\drivers\rtmiceq0.dat
Details	File	2	c:\windows\system32\drivers\rtmicar.dat
Details	File	2	c:\windows\system32\rtkapi64.dll
Details	File	3	c:\windows\system32\rltkapo64.dll
Details	File	5	c:\windows\system32\rtcom64.dll
Details	File	3	c:\windows\system32\r4eed64a.dll
Details	File	3	c:\windows\system32\rtlcpapi64.dll
Details	File	4	c:\windows\system32\rtkcfg64.dll
Details	File	3	c:\windows\system32\r4eel64a.dll
Details	File	3	c:\windows\system32\r4eea64a.dll
Details	File	3	c:\windows\system32\r4eeg64a.dll
Details	File	2	c:\windows\system32\fmapo64.dll
Details	File	3	c:\windows\system32\dolbydax2apov211.dll
Details	File	3	c:\windows\system32\ddpd64a.dll
Details	File	3	c:\windows\system32\ddpo64a.dll
Details	File	3	c:\windows\system32\ddpa64.dll
Details	File	10	c:\windows\system32\drivers\rtkvhd64.sys
Details	File	3	c:\windows\system32\rtpgex64.dll
Details	File	2	c:\windows\system32\rtkcoldr64.dll
Details	File	3	c:\windows\system32\r4eep64a.dll
Details	File	3	c:\windows\system32\rcoinstii64.dll
Details	File	3	c:\windows\system32\ddpp64a.dll
Details	File	3	c:\windows\system32\dolbydax2apoprop.dll
Details	File	3	c:\windows\system32\hifidax2api.dll
Details	File	3	c:\windows\system32\coneqmsapoguilibrary.dll
Details	File	2	c:\windows\syswow64\pwmtr32v.dll
Details	File	2	c:\windows\syswow64\easyresume.exe
Details	File	2	c:\windows\syswow64\insthelper.dll
Details	File	2	c:\windows\syswow64\eventlogger.dll
Details	File	2	c:\users\fukdafedgov\downloads\utorrent_installer.exe
Details	File	2	c:\programdata\plug 2023-10-21 04:02 - 2023-10-21 04:02 - 000016059 _____ c:\windows\system32\integratedservicesregionpolicyset.json
Details	File	2	7_win.zip
Details	File	2	c:\users\fukdafedgov\downloads\asio4all_2_15_english.exe
Details	File	31	c:\windows\system32\perfstringbackup.ini
Details	File	38	c:\dumpstack.log
Details	File	40	c:\windows\tasks\sa.dat
Details	File	2	c:\windows\system32\tasks\microsoftedgeupdatetaskmachineua 2023-10-24 02:42 - 2019-12-07 03:30 - 000003410 _____ c:\windows\system32\tasks\microsoftedgeupdatetaskmachinecore 2023-10-22 18:11 - 2019-12-07 04:11 - 000000000 ___sd c:\users\fukdafedgov\appdata\roaming\microsoft\credentials 2023-10-22 10:21 - 2019-12-07 05:03 - 000524288 _____ c:\windows\system32\config\bbi 2023-10-22 00:48 - 2019-12-07 04:12 - 000000000 ____d c:\programdata\packages 2023-10-21 04:49 - 2019-12-07 03:29 - 000259496 _____ c:\windows\system32\fntcache.dat
Details	File	12	c:\windows\system32\oemdefaultassociations.dll
Details	File	21	c:\windows\syswow64\msclmd.dll
Details	File	20	c:\windows\system32\msclmd.dll
Details	File	54	c:\windows\syswow64\printconfig.dll
Details	File	86	frst.txt
Details	File	70	onedrivesetup.exe
Details	File	4	psuser_64.dll
Details	File	9	c:\windows\system32\igfxdtcm.dll
Details	File	2	googtun.dll
Details	File	87	skype.exe
Details	File	2	c:\users\fukdafedgov\appdata\roaming\utorrent\utorrent.exe
Details	File	35	spotify.exe
Details	File	76	msedgewebview2.exe
Details	File	91	addition.txt
Details	IPv4	2	118.1.59.120
Details	IPv4	1	0.9.7.151
Details	IPv4	619	0.0.0.0
Details	IPv4	3	118.1.59.124
Details	IPv4	4	7.6.3.1
Details	IPv4	3	3.74.0.0
Details	IPv4	2	19.0.17.115
Details	IPv4	7	8.93.0.0
Details	IPv4	3	1.8.0.4
Details	IPv4	2	1.3.181.5
Details	IPv4	27	192.168.1.254
Details	IPv4	63	8.8.4.4
Details	IPv4	295	8.8.8.8
Details	IPv4	2	1.3.177.11
Details	Microsoft Patch Numbers	4	KB2267602
Details	Microsoft Patch Numbers	21	KB5001716
Details	Url	1	https://www.ccleaner.com/speccy.
Details	Url	2	https://www.bleepingcomputer.com/download/minitoolbox
Details	Url	1	https://pcsupport.lenovo.com/ca/en/products/laptops-and-netbooks/thinkpad-t-series-laptops/thinkpad-t430/downloads
Details	Url	3	https://m.majorgeeks.com/files/details/speccy.html
Details	Url	3	http://www.bleepingcomputer.com/download/minitoolbox
Details	Url	1	http://speccy.piriform.com/results/w8kvdrcz5elfwrnmuubtgf2
Details	Url	4	https://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help
Details	Url	1	https://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-help
Details	Url	1	https://go.microsoft.com/fwlink/?linkid=37020&name=trojan:win32/bullboka.a
Details	Url	1	https://pcsupport.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-t-series-laptops/thinkpad-t430/2347/downloads/driver-list/component?name=bios
Details	Windows Registry Key	2	HKLM-x32\...\ASIO4ALL
Details	Windows Registry Key	9	HKLM-x32\...\BraveSoftware
Details	Windows Registry Key	2	HKLM-x32\...\FL
Details	Windows Registry Key	77	HKLM-x32
Details	Windows Registry Key	2	HKLM-x32\...\Mooer
Details	Windows Registry Key	13	HKLM\...\Speccy
Details	Windows Registry Key	4	HKLM\...\SynTPDeinstKey
Details	Windows Registry Key	2	HKLM-x32\...\Total
Details	Windows Registry Key	68	HKLM\...\Run
Details	Windows Registry Key	6	HKLM\...\RunOnce
Details	Windows Registry Key	2	HKU\S-1-5-21-3237366536-3690962144-3967476854-1001\...\Run