ioc[.]one - OSINT Cyber Threat Intelligence Database

Possible Virus or Trojan - Virus, Trojan, Spyware, and Malware Removal Help

Tags

country:	United States Of America
attack-pattern:	Data Model Active Setup - T1547.014 Control Panel - T1218.002 Dns - T1071.004 Dns - T1590.002 Hardware - T1592.001 Malware - T1587.001 Malware - T1588.001 Msbuild - T1127.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002

Show in Graph

Common Information

Type	Value
UUID	6c9fffd0-d87b-4757-84b3-3cbfa91f5c22
Fingerprint	3dd62390fed62e95
Analysis status	DONE
Considered CTI value	0
Text language
Published	Jan. 15, 2023, 12:47 p.m.
Added to db	Jan. 15, 2023, 10:43 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Possible Virus or Trojan
Title	Possible Virus or Trojan - Virus, Trojan, Spyware, and Malware Removal Help
Detected Hints/Tags/Attributes	70/2/160

Source URLs

	Redirection	Url
Details	Source	https://www.bleepingcomputer.com/forums/t/781418/possible-virus-or-trojan/

URL Provider

Details	Provider	Source level domain
Details	bleepingcomputer.com	www.bleepingcomputer.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	163	✔	—	https://media.cert.europa.eu/rss?type=category&id=Malware&language=en&duplicates=false	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	707	google.com
Details	Domain	1	blueline-sp1a.210812.016.c2-factory-fa981d87.zip
Details	Domain	1	3-windows.zip
Details	Domain	87	regid.1991-06.com.microsoft
Details	Domain	18	microsoft.office
Details	Domain	1	oem17win10.msn.com
Details	Domain	4	winstore.app
Details	File	1260	explorer.exe
Details	File	52	c:\program files\google\chrome\application\chrome.exe
Details	File	128	msedge.exe
Details	File	306	services.exe
Details	File	198	msmpeng.exe
Details	File	1122	svchost.exe
Details	File	1	c:\windows\helppane.exe
Details	File	85	c:\windows\system32\dllhost.exe
Details	File	67	c:\windows\system32\smartscreen.exe
Details	File	35	c:\windows\system32\driverstore\filerepository\realtekservice.inf
Details	File	35	rtkauduservice64.exe
Details	File	2	c:\program files\cfosspeed\cfosspeed.exe
Details	File	99	steam.exe
Details	File	1	origin.exe
Details	File	11	epicgameslauncher.exe
Details	File	61	chrmstp.exe
Details	File	1	c:\program files\nefarius software solutions\scptoolkit\scptrayapp.exe
Details	File	8	c:\program files\amd\cnext\cnext\cncmd.exe
Details	File	97	mpcmdrun.exe
Details	File	8	c:\program files\amd\cim\bin64\installmanagerapp.exe
Details	File	1	c:\program files\nefarius software solutions\scptoolkit\scpupdater.exe
Details	File	4	c:\program files\amd\cnext\cnext\cpumetricsserver.exe
Details	File	7	c:\program files\amd\cnext\cnext\rsservcmd.exe
Details	File	105	googleupdate.exe
Details	File	2	c:\program files\amd\performance profile client\auepmaster.exe
Details	File	1	c:\program files\amd\autoupdate\amdautoupdate.exe
Details	File	99	c:\windows\explorer.exe
Details	File	1	c:\program files\amd\performance profile client\auepdu.exe
Details	File	11	beservice.exe
Details	File	2	c:\program files\cfosspeed\spd.exe
Details	File	1	c:\program files\nefarius software solutions\scptoolkit\scpservice.exe
Details	File	8	c:\program files\electronic arts\ea desktop\ea desktop\eabackgroundservice.exe
Details	File	18	easyanticheat.exe
Details	File	7	easyanticheat_eos.exe
Details	File	16	epiconlineserviceshost.exe
Details	File	8	originclientservice.exe
Details	File	8	originwebhelperservice.exe
Details	File	1	c:\program files\rewasd\rewasdservice.exe
Details	File	1	c:\program files\common files\twitch\twitchservice.exe
Details	File	87	nissrv.exe
Details	File	8	c:\windows\system32\drivers\amdfendrmgr.sys
Details	File	4	c:\windows\system32\drivers\amdgpio3.sys
Details	File	3	c:\windows\system32\amdryzenmasterdriver.sys
Details	File	4	c:\windows\system32\driverstore\filerepository\amdsafd.inf
Details	File	4	amdsafd.sys
Details	File	3	c:\windows\system32\drivers\amdtools64.sys
Details	File	1	c:\windows\system32\driverstore\filerepositoryά458.inf
Details	File	7	amdkmdag.sys
Details	File	5	c:\windows\system32\drivers\amdxe.sys
Details	File	15	c:\windows\system32\drivers\applekmdffilter.sys
Details	File	21	c:\windows\system32\drivers\applelowerfilter.sys
Details	File	2	c:\windows\system32\drivers\cfosspeed6.sys
Details	File	5	c:\windows\system32\drivers\ctiio64.sys
Details	File	4	c:\windows\system32\drivers\gdrv3.sys
Details	File	1	c:\windows\system32\drivers\hidgamemap.sys
Details	File	39	mpksldrv.sys
Details	File	6	c:\windows\system32\drivers\msio64.sys
Details	File	5	c:\windows\system32\drivers\scpvbus.sys
Details	File	5	c:\windows\system32\drivers\vbaudio_vmvaio64_win10.sys
Details	File	3	c:\windows\system32\drivers\vmulti.sys
Details	File	70	c:\windows\system32\drivers\wd\wdboot.sys
Details	File	70	c:\windows\system32\drivers\wd\wdfilter.sys
Details	File	70	c:\windows\system32\drivers\wd\wdnisdrv.sys
Details	File	1	c:\users\fredd\downloads\frst.txt
Details	File	1	c:\users\fredd\downloads\frst64.exe
Details	File	1	c:\users\fredd\downloads\hwi_736.exe
Details	File	1	c:\programdata\microsoft onedrive 2023-01-15 06:41 - 2023-01-15 06:41 - 000000020 ___sh c:\users\fredd\ntuser.ini
Details	File	40	c:\windows\tasks\sa.dat
Details	File	1	c:\windows\system32\tasks\amdinstalllauncher 2023-01-14 22:34 - 2023-01-15 10:04 - 000003078 _____ c:\windows\system32\tasks\amdlinkupdate 2023-01-14 22:34 - 2023-01-14 22:34 - 000003464 _____ c:\windows\system32\tasks\microsoftedgeupdatetaskmachineua 2023-01-14 22:34 - 2023-01-14 22:34 - 000003348 _____ c:\windows\system32\tasks\googleupdatetaskmachineua 2023-01-14 22:34 - 2023-01-14 22:34 - 000003240 _____ c:\windows\system32\tasks\microsoftedgeupdatetaskmachinecore 2023-01-14 22:34 - 2023-01-14 22:34 - 000003124 _____ c:\windows\system32\tasks\googleupdatetaskmachinecore 2023-01-14 22:34 - 2023-01-14 22:34 - 000003094 _____ c:\windows\system32\tasks\updater 2023-01-14 22:34 - 2023-01-14 22:34 - 000003062 _____ c:\windows\system32\tasks\onedrive reporting task-s-1-5-21-235839693-4060227795-4167030482-1002 2023-01-14 22:34 - 2023-01-14 22:34 - 000002858 _____ c:\windows\system32\tasks\onedrive standalone update task-s-1-5-21-235839693-4060227795-4167030482-1002 2023-01-14 22:34 - 2023-01-14 22:34 - 000002856 _____ c:\windows\system32\tasks\onedrive standalone update task-s-1-5-21-3881453898-3778744753-3108341384-500 2023-01-14 22:34 - 2023-01-14 22:34 - 000002672 _____ c:\windows\system32\tasks\modifylinkupdate 2023-01-14 22:34 - 2023-01-14 22:34 - 000002648 _____ c:\windows\system32\tasks\amdautoupdate 2023-01-14 22:34 - 2023-01-14 22:34 - 000002402 _____ c:\windows\system32\tasks\startauep 2023-01-14 22:34 - 2023-01-14 22:34 - 000002402 _____ c:\windows\system32\tasks\amdryzenmastersdktask 2023-01-14 22:34 - 2023-01-14 22:34 - 000002372 _____ c:\windows\system32\tasks\startcnbm 2023-01-14 22:34 - 2023-01-14 22:34 - 000002194 _____ c:\windows\system32\tasks\startcn 2023-01-14 22:34 - 2023-01-14 22:34 - 000002114 _____ c:\windows\system32\tasks\startdvr 2023-01-14 22:34 - 2023-01-14 22:34 - 000000000 ____d c:\windows\system32\tasks\agent activation runtime 2023-01-14 22:32 - 2023-01-15 10:20 - 000840598 _____ c:\windows\system32\perfstringbackup.ini
Details	File	3	c:\windows\diagwrn.xml
Details	File	9	c:\windows\diagerr.xml
Details	File	1	c:\users\fredd 2023-01-14 22:23 - 2023-01-15 10:07 - 000000000 ____d c:\windows\system32\sleepstudy 2023-01-14 22:23 - 2023-01-14 22:23 - 000257824 _____ c:\windows\system32\fntcache.dat
Details	File	1	c:\windows\system32\config\userdiff 2023-01-14 21:59 - 2023-01-15 06:41 - 000000000 ___dc c:\windows\panther 2023-01-14 21:31 - 2023-01-14 21:33 - 1820219392 _____ c:\users\fredd\downloads\win10_22h2_english_x64.iso
Details	File	6	c:\windows\ntbtlog.txt
Details	File	1	19-windows.exe
Details	File	1	c2-factory-fa981d87.zip
Details	File	1	3-windows.zip
Details	File	1	c:\windows\cfosspeed_setup_log.txt
Details	File	10	c:\windows\system32\drivers\rtkvhd64.sys
Details	File	2	c:\windows\rtlexupd.dll
Details	File	2	c:\windows\system32\drivers\rt640x64.sys
Details	File	1	c:\windows\syswow64\amdbugreporttool.exe
Details	File	1	c:\windows\inf 2023-01-15 10:15 - 2021-08-22 20:01 - 000008192 ___sh c:\dumpstack.log
Details	File	1	c:\windows\media 2023-01-14 22:24 - 2022-02-15 22:00 - 000000000 ____d c:\users\fredd\appdata\roaming\microsoft\windows\start menu\programs\vb audio 2023-01-14 22:24 - 2021-09-22 19:31 - 000000000 ____d c:\users\fredd\appdata\roaming\microsoft\windows\start menu\programs\discord inc 2023-01-14 22:23 - 2019-12-07 02:14 - 000000000 ____d c:\windows\appcompat 2023-01-14 22:22 - 2019-12-07 02:18 - 000000000 ____d c:\windows\setup 2023-01-14 22:20 - 2019-12-07 02:14 - 000000000 ____d c:\programdata\usoprivate 2023-01-14 22:18 - 2018-09-15 00:33 - 000000000 ____d c:\windows\syswow64\macromed 2023-01-14 22:18 - 2018-09-15 00:33 - 000000000 ____d c:\windows\system32\macromed 2023-01-14 22:17 - 2022-02-15 22:00 - 000000000 ____d c:\programdata\microsoft\windows\start menu\programs\vb audio 2023-01-14 22:12 - 2021-09-04 07:22 - 000000000 ____d c:\users\fredd\appdata\local\crashdumps 2023-01-14 18:47 - 2021-08-22 20:10 - 000000000 ____d c:\program files\google 2023-01-14 16:22 - 2021-10-31 16:16 - 000000000 ____d c:\users\fredd\appdata\local\elevateddiagnostics 2023-01-14 15:15 - 2021-08-22 20:10 - 000000000 ____d c:\users\fredd\appdata\local\google 2023-01-14 13:57 - 2021-09-06 08:49 - 1256381187 _____ c:\windows\memory.dmp
Details	File	59	c:\windows\system32\mrt.exe
Details	File	1	c:\users\fredd\appdata\roaming\voicemeeterdefault.xml
Details	File	86	frst.txt
Details	File	70	onedrivesetup.exe
Details	File	1	c:\program files\windowsapps\microsoft.sys
Details	File	5	c:\program files\amd\cnext\cnext\atiacm64.dll
Details	File	2	c:\windows\web\wallpaper\theme1\img13.jpg
Details	File	1	c:\users\fredd\appdata\local\android\sdk\platform-tools\adb.exe
Details	File	26	app.exe
Details	File	91	addition.txt
Details	IPv4	6	75.75.75.75
Details	IPv4	4	75.75.76.76
Details	IPv4	1	192.168.28.25
Details	IPv4	1	22.1.1.19
Details	IPv4	7	2.2.0.130
Details	IPv4	3	1.0.0.89
Details	IPv4	2	5.22.0.0
Details	IPv4	1	8.0.0.13
Details	IPv4	7	5.12.0.38
Details	IPv4	8	1.0.7.0
Details	IPv4	3	1.0.4.16
Details	IPv4	3	1.0.10.1
Details	IPv4	2	1.0.11.1
Details	IPv4	8	1.0.1.8
Details	IPv4	10	1.0.4.0
Details	IPv4	12	1.3.0.0
Details	IPv4	2	2.0.28.0
Details	IPv4	109	1.0.0.0
Details	IPv4	12	3.67.0.0
Details	IPv4	13	1.1.0.1
Details	IPv4	21	3.0.0.0
Details	IPv4	9	1.2.3.5
Details	IPv4	34	2.10.91.91
Details	IPv4	4	1.0.14.0
Details	IPv4	4	1.0.2.18
Details	IPv4	619	0.0.0.0
Details	Url	25	http://google.com
Details	Url	1	http://oem17win10.msn.com/?pc=nmte
Details	Windows Registry Key	68	HKLM\...\Run
Details	Windows Registry Key	1	HKU\S-1-5-21-235839693-4060227795-4167030482-1002\...\Run
Details	Windows Registry Key	59	HKLM\Software\Microsoft\Active
Details	Windows Registry Key	14	HKLM\Software\...\Authentication\Credential
Details	Windows Registry Key	7	HKLM-x32\...\AMD_Chipset_IODrivers
Details	Windows Registry Key	77	HKLM-x32
Details	Windows Registry Key	10	HKLM\...\AMD
Details	Windows Registry Key	2	HKLM\...\Android
Details	Windows Registry Key	2	HKLM\...\GBT_MB_Update
Details	Windows Registry Key	2	HKLM\...\GBT_RGB_Sync_Control
Details	Windows Registry Key	2	HKLM\...\GIGABYTE
Details	Windows Registry Key	2	HKLM\...\Gigabyte
Details	Windows Registry Key	2	HKLM\...\MBStorage
Details	Windows Registry Key	55	HKLM-x32\...\Google
Details	Windows Registry Key	4	HKLM\...\HWiNFO64_is1
Details	Windows Registry Key	68	HKLM-x32\...\Microsoft
Details	Windows Registry Key	1	HKU\S-1-5-21-235839693-4060227795-4167030482-1002\...\OneDriveSetup.exe
Details	Windows Registry Key	10	HKLM-x32\...\Origin
Details	Windows Registry Key	1	HKLM\...\reWASD
Details	Windows Registry Key	34	HKLM-x32\...\Steam
Details	Windows Registry Key	6	HKLM\...\029c4619-0385-5543-9426-46f9987161d9
Details	Windows Registry Key	1	HKU\S-1-5-21-235839693-4060227795-4167030482-1002
Details	Windows Registry Key	1	HKU\S-1-5-21-235839693-4060227795-4167030482-1002_Classes\CLSID
Details	Windows Registry Key	2	HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option
Details	Windows Registry Key	1	HKU\S-1-5-21-235839693-4060227795-4167030482-1002\Software\Microsoft\Internet
Details	Windows Registry Key	1	HKU\S-1-5-21-235839693-4060227795-4167030482-1002\Control
Details	Windows Registry Key	98	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Details	Windows Registry Key	42	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Details	Windows Registry Key	8	HKLM\...\StartupApproved\StartupFolder
Details	Windows Registry Key	29	HKLM\...\StartupApproved\Run
Details	Windows Registry Key	1	HKU\S-1-5-21-235839693-4060227795-4167030482-1002\...\StartupApproved\Run