Trojan installer - Virus, Trojan, Spyware, and Malware Removal Help
Common Information
Type Value
UUID 719d7c30-505f-4211-824d-614ac9563dcd
Fingerprint 3ffa8b505ece6f9f
Analysis status DONE
Considered CTI value 0
Text language
Published May 13, 2023, 12:51 p.m.
Added to db May 13, 2023, 8:47 p.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Trojan installer
Title Trojan installer - Virus, Trojan, Spyware, and Malware Removal Help
Detected Hints/Tags/Attributes 61/3/215
Attributes
Details Type #Events CTI Value
Details Domain 51
battle.net
Details Domain 1
curse.agent.host
Details Domain 67
microsoft.windows
Details Domain 18
gog.com
Details Domain 1
electron.app.youtube
Details Domain 37
java.com
Details Domain 1
mglogs.zip
Details Domain 87
regid.1991-06.com.microsoft
Details Email 1
anttoolbar@ant.com.xpi
Details Email 1
jid1-93wyvpgvxzgatw@jetpack.xpi
Details Email 3
jid1-xufzosoflzsoxg@jetpack.xpi
Details File 17
scvhost.exe
Details File 86
frst.txt
Details File 1
c:\users\ander\onedrive\desktop\frst64.exe
Details File 48
agent.exe
Details File 4
c:\program files\lghub\lghub.exe
Details File 3
c:\program files\lghub\system_tray\lghub_system_tray.exe
Details File 7
c:\program files\lghub\lghub_agent.exe
Details File 46
c:\program files\malwarebytes\anti-malware\mbamservice.exe
Details File 39
c:\program files\malwarebytes\anti-malware\mbamtray.exe
Details File 27
c:\program files\nvidia corporation\nvcontainer\nvcontainer.exe
Details File 127
c:\windows\system32\rundll32.exe
Details File 1
c:\program files\steelseries\gg\apps\engine\steelseriesengine.exe
Details File 1
c:\program files\steelseries\gg\apps\engine\prism\steelseriesprism.exe
Details File 1
c:\program files\steelseries\gg\apps\moments\steelseriessvclauncher.exe
Details File 6
c:\program files\steelseries\gg\steelseriesgg.exe
Details File 1
c:\users\ander\appdata\local\programs\curseforge windows\curseforge.exe
Details File 20
host.exe
Details File 35
discord.exe
Details File 1260
explorer.exe
Details File 1
f:\downloads\utorrent-1-6-1-build-490-utorrent.exe
Details File 256
net.exe
Details File 3
c:\program files\intel\sur\queencreek\x64\esrv.exe
Details File 380
notepad.exe
Details File 8
c:\program files\microsoft onedrive\onedrive.exe
Details File 47
c:\program files\mozilla firefox\firefox.exe
Details File 674
node.js
Details File 31
helper.exe
Details File 29
jusched.exe
Details File 306
services.exe
Details File 2
c:\program files\intel\sur\queencreek\sursvc.exe
Details File 2
c:\program files\intel\sur\queencreek\x64\esrv_svc.exe
Details File 22
c:\windows\system32\driverstore\filerepository\mewmiprov.inf
Details File 23
wmiregistrationservice.exe
Details File 33
c:\windows\system32\driverstore\filerepository\dal.inf
Details File 41
jhi_service.exe
Details File 6
c:\program files\lghub\lghub_updater.exe
Details File 15
gameinputsvc.exe
Details File 13
filesynchelper.exe
Details File 13
c:\windows\system32\driverstore\filerepository\nv_dispi.inf
Details File 44
container.exe
Details File 35
c:\windows\system32\driverstore\filerepository\realtekservice.inf
Details File 35
rtkauduservice64.exe
Details File 1122
svchost.exe
Details File 4
c:\program files\intel\sur\queencreek\updater\bin\intelsoftwareassetmanagerservice.exe
Details File 14
filecoauth.exe
Details File 13
hxoutlook.exe
Details File 19
hxtsr.exe
Details File 14
widgetservice.exe
Details File 49
c:\windows\immersivecontrolpanel\systemsettings.exe
Details File 85
c:\windows\system32\dllhost.exe
Details File 7
c:\windows\system32\locationnotificationwindows.exe
Details File 67
c:\windows\system32\smartscreen.exe
Details File 11
chxsmartscreen.exe
Details File 409
c:\windows\system32\cmd.exe
Details File 3
c:\program files\microsoft onedrive\update\onedrivesetup.exe
Details File 3
c:\program files\microsoft onedrive\standaloneupdater\onedrivesetup.exe
Details File 99
steam.exe
Details File 3
galaxyclient.exe
Details File 3
c:\program files\electronic arts\ea desktop\ea desktop\ealauncher.exe
Details File 6
overwolflauncher.exe
Details File 128
msedge.exe
Details File 1
c:\users\ander\appdata\local\programs\youtube-music-desktop-app\youtube music desktop app.exe
Details File 1
c:\users\ander\appdata\local\discord\update.exe
Details File 18
c:\program files\nvidia corporation\nvbackend\nvtmrep.exe
Details File 30
c:\windows\system32\wscript.exe
Details File 2
c:\program files\intel\sur\queencreek\x64\task.vbs
Details File 3
c:\windows\system32\wpninprc.dll
Details File 5
msiafterburner.exe
Details File 12
c:\windows\system32\musnotification.exe
Details File 6
iumsvc.exe
Details File 1
c:\users\ander\appdata\local\microsoft\onedrive\onedrivestandaloneupdater.exe
Details File 19
c:\program files\nvidia corporation\nvidia geforce experience\nvidia geforce experience.exe
Details File 20
c:\programdata\nvidia\nvcontainerdriverupdatecheck.log
Details File 19
c:\program files\nvidia corporation\update core\nvprofileupdater64.exe
Details File 12
c:\program files\microsoft onedrive\onedrivestandaloneupdater.exe
Details File 10
overwolfupdater.exe
Details File 38
c:\program files\mozilla firefox\default-browser-agent.exe
Details File 19
nvnodejslauncher.exe
Details File 7
c:\windows\system32\mbaeparsertask.exe
Details File 99
c:\windows\explorer.exe
Details File 15
npdeployjava1.dll
Details File 15
npjp2.dll
Details File 8
c:\program files\electronic arts\ea desktop\ea desktop\eabackgroundservice.exe
Details File 18
easyanticheat.exe
Details File 7
easyanticheat_eos.exe
Details File 16
epiconlineserviceshost.exe
Details File 3
galaxyclientservice.exe
Details File 5
galaxycommunication.exe
Details File 13
onedriveupdaterservice.exe
Details File 1
e:\program files\rockstar games\launcher\rockstarservice.exe
Details File 5
c:\program files\steelseries\gg\steelseriesupdateservice.exe
Details File 87
nissrv.exe
Details File 198
msmpeng.exe
Details File 30
containerlocalsystem.log
Details File 2
brynhildr.sys
Details File 12
c:\windows\system32\drivers\bthmodem.sys
Details File 4
driver-x64.sys
Details File 5
c:\windows\system32\driverstore\filerepository\e1d.inf
Details File 5
e1d.sys
Details File 16
c:\windows\system32\drivers\mbae64.sys
Details File 6
c:\windows\system32\drivers\logi_joy_bus_enum.sys
Details File 7
c:\windows\system32\drivers\logi_joy_vir_hid.sys
Details File 6
c:\windows\system32\drivers\logi_joy_xlcore.sys
Details File 30
c:\windows\system32\drivers\mbamchameleon.sys
Details File 38
c:\windows\system32\drivers\mbamelam.sys
Details File 11
c:\windows\system32\drivers\farflt.sys
Details File 11
c:\windows\system32\drivers\mbam.sys
Details File 38
c:\windows\system32\drivers\mbamswissarmy.sys
Details File 12
c:\windows\system32\drivers\mwac.sys
Details File 14
c:\windows\system32\driverstore\filerepository\nvmoduletracker.inf
Details File 14
nvmoduletracker.sys
Details File 6
c:\windows\system32\drivers\ssdevfactory.sys
Details File 3
c:\windows\system32\drivers\steamstreamingmicrophone.sys
Details File 3
c:\windows\system32\drivers\steamstreamingspeakers.sys
Details File 4
c:\windows\system32\driverstore\filerepository\steelseries-sonar-vad.inf
Details File 4
steelseries-sonar-vad.sys
Details File 70
c:\windows\system32\drivers\wd\wdboot.sys
Details File 70
c:\windows\system32\drivers\wd\wdfilter.sys
Details File 70
c:\windows\system32\drivers\wd\wdnisdrv.sys
Details File 13
winsetupmon.sys
Details File 1
c:\programdata\malwarebytes  2023-05-07 01:23 - 2023-05-07 01:23 - 000000000 ____d c:\program files\malwarebytes  2023-05-07 00:57 - 2023-05-07 00:57 - 000000000 ____d c:\programdata\microsoft onedrive  2023-05-07 00:56 - 2023-05-13 10:15 - 000850372 _____ c:\windows\system32\perfstringbackup.ini
Details File 1
c:\windows\system32\tasks\onedrive reporting task-s-1-5-21-2374129388-989574461-877817314-1001  2023-05-07 00:55 - 2023-05-10 17:17 - 000003194 _____ c:\windows\system32\tasks\onedrive per-machine standalone update task  2023-05-07 00:55 - 2023-05-10 17:16 - 000000006 ____h c:\windows\tasks\sa.dat
Details File 1
c:\windows\system32\tasks\user_esrv_svc_queencreek  2023-05-07 00:55 - 2023-05-07 00:55 - 000002604 _____ c:\windows\system32\tasks\intelsurqc-upgrade-86621605-2a0b-4128-8ffc-15514c247132-logon  2023-05-07 00:55 - 2023-05-07 00:55 - 000002430 _____ c:\windows\system32\tasks\msiafterburner  2023-05-07 00:55 - 2023-05-07 00:55 - 000000020 ___sh c:\users\ander\ntuser.ini
Details File 1
c:\windows\system32\tasks\mozilla  2023-05-07 00:55 - 2023-05-07 00:55 - 000000000 ____d c:\windows\system32\tasks\event viewer tasks  2023-05-07 00:55 - 2023-05-07 00:55 - 000000000 ____d c:\windows\system32\tasks\agent activation runtime  2023-05-07 00:54 - 2023-05-07 00:55 - 000011433 _____ c:\windows\diagwrn.xml
Details File 9
c:\windows\diagerr.xml
Details File 1
c:\users\default\appdata\roaming\microsoft\network  2023-05-07 00:51 - 2023-05-13 10:11 - 000000000 ____d c:\windows\system32\sleepstudy  2023-05-07 00:51 - 2023-05-07 02:01 - 000303288 _____ c:\windows\system32\fntcache.dat
Details File 1
c:\windows\system32\prounstl.exe
Details File 1
c:\adwcleaner  2023-05-05 23:28 - 2023-05-05 23:28 - 000283581 _____ c:\users\ander\desktop\mglogs.zip
Details File 1
c:\mglogs.zip
Details File 7
v2.bin
Details File 1
c:\program files\intel corporation  2023-05-05 22:33 - 2023-02-24 23:02 - 000047240 _____ c:\windows\system32\drivers\semav6msr64.sys
Details File 1
c:\users\ander\appdata\roaming\nvidia  2023-05-04 16:23 - 2023-05-07 00:52 - 000000000 ____d c:\windows\system32\drivers\nvidia corporation  2023-05-04 16:16 - 2023-04-26 11:47 - 002172472 _____ c:\windows\system32\vulkaninfo-1-999-0-0-0.exe
Details File 19
c:\windows\system32\vulkaninfo.exe
Details File 19
c:\windows\syswow64\vulkaninfo-1-999-0-0-0.exe
Details File 19
c:\windows\syswow64\vulkaninfo.exe
Details File 19
c:\windows\system32\vulkan-1-999-0-0-0.dll
Details File 18
c:\windows\system32\vulkan-1.dll
Details File 19
c:\windows\syswow64\vulkan-1-999-0-0-0.dll
Details File 19
c:\windows\syswow64\vulkan-1.dll
Details File 22
c:\windows\system32\opencl.dll
Details File 22
c:\windows\syswow64\opencl.dll
Details File 17
c:\windows\system32\nvifr64.dll
Details File 17
c:\windows\syswow64\nvifr.dll
Details File 17
c:\windows\system32\nvml.dll
Details File 17
c:\windows\system32\nvofapi64.dll
Details File 17
c:\windows\syswow64\nvofapi.dll
Details File 17
c:\windows\system32\nvfbc64.dll
Details File 17
c:\windows\syswow64\nvfbc.dll
Details File 17
c:\windows\system32\nvencodeapi64.dll
Details File 17
c:\windows\syswow64\nvencodeapi.dll
Details File 17
c:\windows\system32\nvidia-smi.exe
Details File 17
c:\windows\syswow64\nvcuvid.dll
Details File 17
c:\windows\system32\nvcuvid.dll
Details File 17
c:\windows\syswow64\nvcuda.dll
Details File 13
c:\windows\system32\nvcudadebugger.dll
Details File 17
c:\windows\system32\nvcpl.dll
Details File 17
c:\windows\system32\nvcuda.dll
Details File 17
c:\windows\system32\nvdebugdump.exe
Details File 17
c:\windows\system32\mcu.exe
Details File 16
c:\windows\system32\nvapi64.dll
Details File 17
c:\windows\syswow64\nvapi.dll
Details File 8
c:\windows\system32\drivers\nvhda64v.sys
Details File 3
c:\windows\system32\nvspcap64.dll
Details File 3
c:\windows\syswow64\nvspcap.dll
Details File 3
c:\windows\system32\nvrtmpstreamer64.dll
Details File 3
c:\windows\system32\nvaudcap64v.dll
Details File 3
c:\windows\syswow64\nvaudcap32v.dll
Details File 5
c:\windows\system32\drivers\nvvhci.sys
Details File 3
c:\windows\system32\drivers\nvvad64v.sys
Details File 4
c:\windows\system32\windowsaccessbridge-64.dll
Details File 1
c:\users\ander\appdata\roaming\discord  2023-05-10 17:17 - 2022-05-22 16:37 - 000000000 ____d c:\users\ander\appdata\roaming\lghub  2023-05-10 17:17 - 2022-05-22 16:37 - 000000000 ____d c:\users\ander\appdata\local\lghub  2023-05-10 17:17 - 2022-05-22 14:02 - 000000000 ___rd c:\users\ander\onedrive  2023-05-10 17:17 - 2021-09-03 20:12 - 000000000 ____d c:\program files\microsoft onedrive  2023-05-10 17:16 - 2022-05-22 15:54 - 000012288 ___sh c:\dumpstack.log
Details File 59
c:\windows\system32\mrt.exe
Details File 12
c:\windows\system32\oemdefaultassociations.dll
Details File 3
c:\windows\system32\oemdefaultassociations.xml
Details File 21
c:\windows\syswow64\msclmd.dll
Details File 20
c:\windows\system32\msclmd.dll
Details File 10
c:\windows\system32\xgamehelper.exe
Details File 10
c:\windows\system32\xgamecontrol.exe
Details File 10
c:\windows\system32\xgameruntime.dll
Details File 10
c:\windows\system32\gameplatformservices.dll
Details File 8
c:\windows\system32\gamingservicesproxy.dll
Details File 10
c:\windows\system32\gameconfighelper.dll
Details File 10
c:\windows\system32\gamelaunchhelper.dll
Details File 12
c:\windows\system32\gamingtcuihelpers.dll
Details File 1
c:\users\ander\appdata\roaming\vampire_survivors  2023-04-13 19:14 - 2023-03-23 22:02 - 000086568 _____ c:\windows\system32\fvsdk_x64.dll
Details File 3
c:\windows\syswow64\fvsdk_x86.dll
Details File 8
install.log
Details File 1
c:\users\ander\appdata\roaming\battlebitconfig.ini
Details File 1
c:\users\ander\appdata\local\d27558.tmp
Details File 1
c:\users\ander\appdata\local\d277aa.tmp
Details File 1
c:\users\ander\appdata\local\d2febf.tmp
Details IPv4 295
8.8.8.8
Details IPv4 63
8.8.4.4
Details Windows Registry Key 68
HKLM\...\Run
Details Windows Registry Key 50
HKLM-x32\...\Run
Details Windows Registry Key 6
HKLM\...\RunOnce
Details Windows Registry Key 164
HKLM\SOFTWARE\Microsoft\Windows
Details Windows Registry Key 19
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
Details Windows Registry Key 2
HKU\S-1-5-19\...\RunOnce
Details Windows Registry Key 2
HKU\S-1-5-20\...\RunOnce
Details Windows Registry Key 1
HKU\S-1-5-21-2374129388-989574461-877817314-1001\...\Run
Details Windows Registry Key 14
HKLM\Software\...\Authentication\Credential
Details Windows Registry Key 19
HKLM-x32\...\Edge\Extension
Details Windows Registry Key 39
HKLM-x32\...\Chrome\Extension