ioc[.]one - OSINT Cyber Threat Intelligence Database

Suspected malware/trojan - Virus, Trojan, Spyware, and Malware Removal Help

Tags

country:	United States Of America
attack-pattern:	Data Model Active Setup - T1547.014 Control Panel - T1218.002 Dns - T1071.004 Dns - T1590.002 Hardware - T1592.001 Malware - T1587.001 Malware - T1588.001 Msbuild - T1127.001 Server - T1583.004 Server - T1584.004 Sharepoint - T1213.002 Software - T1592.002 Tool - T1588.002

Show in Graph

Common Information

Type	Value
UUID	c2c6b78c-77ec-408e-be7f-250d96acd37c
Fingerprint	3fdabb2afbceeed3
Analysis status	DONE
Considered CTI value	0
Text language
Published	Oct. 23, 2023, 9:39 a.m.
Added to db	Oct. 23, 2023, 8:45 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Suspected malware/trojan
Title	Suspected malware/trojan - Virus, Trojan, Spyware, and Malware Removal Help
Detected Hints/Tags/Attributes	88/2/251

Source URLs

	Redirection	Url
Details	Source	https://www.bleepingcomputer.com/forums/t/790791/suspected-malwaretrojan/

URL Provider

Details	Provider	Source level domain
Details	bleepingcomputer.com	www.bleepingcomputer.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	163	✔	—	https://media.cert.europa.eu/rss?type=category&id=Malware&language=en&duplicates=false	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	285	microsoft.net
Details	Domain	2	microsoft.media
Details	Domain	454	www.google.com
Details	Domain	2	www.google.com.sg
Details	Domain	6	acrobat.adobe.com
Details	Domain	37	videolan.org
Details	Domain	57	adobe.com
Details	Domain	368	microsoft.com
Details	Domain	87	regid.1991-06.com.microsoft
Details	Domain	51	battle.net
Details	Domain	9	king.com
Details	Domain	50	microsoft.photos
Details	Domain	1	myboeingfleet.com
Details	Domain	1	dllinject.bj
Details	Domain	1	dllinject.mk
Details	Domain	1	rd8yqtu.zip
Details	Email	5	web2pdfextension.17@acrobat.adobe.com
Details	File	2	c:\users\admin\desktop\frst64.exe
Details	File	7	adobeipcbroker.exe
Details	File	6	c:\program files\adobe\adobe creative cloud experience\ccxprocess.exe
Details	File	8	c:\program files\adobe\adobe creative cloud\acc\creative cloud.exe
Details	File	86	service.exe
Details	File	5	coresync.exe
Details	File	11	epicgameslauncher.exe
Details	File	6	epicwebhelper.exe
Details	File	674	node.js
Details	File	5	c:\program files\adobe\adobe creative cloud experience\libs\node.exe
Details	File	1	c:\program files\adobe\adobe creative cloud\acc\adobe crash processor.exe
Details	File	3	c:\program files\common files\adobe\adobe desktop common\hex\creative cloud ui helper.exe
Details	File	3	c:\program files\common files\adobe\creative cloud libraries\cclibrary.exe
Details	File	3	c:\program files\common files\adobe\creative cloud libraries\libs\node.exe
Details	File	35	discord.exe
Details	File	1260	explorer.exe
Details	File	6	adobecollabsync.exe
Details	File	7	c:\program files\itunes\ituneshelper.exe
Details	File	2	c:\users\admin\appdata\local\megasync\megasync.exe
Details	File	128	msedge.exe
Details	File	149	msbuild.exe
Details	File	31	helper.exe
Details	File	306	services.exe
Details	File	11	adobeupdateservice.exe
Details	File	38	armsvc.exe
Details	File	14	agmservice.exe
Details	File	16	c:\program files\bonjour\mdnsresponder.exe
Details	File	8	c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe
Details	File	3	c:\program files\ipod\bin\ipodservice.exe
Details	File	1	c:\windows\syswow64\atashost.exe
Details	File	11	c:\program files\hpprintscandoctor\hpprintscandoctorservice.exe
Details	File	17	c:\windows\system32\driverstore\filerepository\lms.inf
Details	File	26	lms.exe
Details	File	33	c:\windows\system32\driverstore\filerepository\dal.inf
Details	File	41	jhi_service.exe
Details	File	29	c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe
Details	File	198	msmpeng.exe
Details	File	87	nissrv.exe
Details	File	27	c:\program files\nvidia corporation\nvcontainer\nvcontainer.exe
Details	File	6	c:\windows\system32\driverstore\filerepository\nv_dispig.inf
Details	File	44	container.exe
Details	File	6	rzsdkservice.exe
Details	File	3	c:\windows\runsw.exe
Details	File	35	c:\windows\system32\driverstore\filerepository\realtekservice.inf
Details	File	35	rtkauduservice64.exe
Details	File	1122	svchost.exe
Details	File	5	adobenotificationclient.exe
Details	File	2	acrobatnotificationclient.exe
Details	File	10	calculatorapp.exe
Details	File	13	hxoutlook.exe
Details	File	19	hxtsr.exe
Details	File	14	filecoauth.exe
Details	File	7	media.pl
Details	File	3	ayer.exe
Details	File	49	c:\windows\immersivecontrolpanel\systemsettings.exe
Details	File	85	c:\windows\system32\dllhost.exe
Details	File	23	c:\windows\system32\mousocoreworker.exe
Details	File	67	c:\windows\system32\smartscreen.exe
Details	File	3	c:\windows\system32\sppextcomobj.exe
Details	File	11	agcinvokerutility.exe
Details	File	12	updaterstartuputility.exe
Details	File	9	ccxprocess.exe
Details	File	1	c:\users\admin\appdata\local\discord\update.exe
Details	File	409	c:\windows\system32\cmd.exe
Details	File	1	c:\users\admin\appdata\local\microsoft\onedrive\update\onedrivesetup.exe
Details	File	1	c:\users\admin\appdata\local\microsoft\onedrive\standaloneupdater\onedrivesetup.exe
Details	File	7	c:\windows\system32\adobepdf.dll
Details	File	61	chrmstp.exe
Details	File	42	adobearm.exe
Details	File	15	agsservice.exe
Details	File	1	c:\users\admin\desktop\adwcleaner.exe
Details	File	99	c:\windows\explorer.exe
Details	File	1	c:\users\admin\desktop\esetonlinescanner.exe
Details	File	105	googleupdate.exe
Details	File	9	c:\program files\hpprintscandoctor\hpprinterhealthmonitor.exe
Details	File	10	c:\windows\system32\driverstore\filerepository\iclsclient.inf
Details	File	8	intelpttekrecertification.exe
Details	File	1	c:\users\admin\appdata\local\megasync\megaupdater.exe
Details	File	29	c:\program files\common files\microsoft shared\clicktorun\officec2rclient.exe
Details	File	10	sdxhelper.exe
Details	File	2	%programfiles%\rempl\remsh.exe
Details	File	97	mpcmdrun.exe
Details	File	47	c:\program files\mozilla firefox\firefox.exe
Details	File	38	c:\program files\mozilla firefox\default-browser-agent.exe
Details	File	5	c:\programdata\nvidia\nvcontainerbatteryboostcheck.log
Details	File	20	c:\programdata\nvidia\nvcontainerdriverupdatecheck.log
Details	File	19	c:\program files\nvidia corporation\nvidia geforce experience\nvidia geforce experience.exe
Details	File	19	nvnodejslauncher.exe
Details	File	19	c:\program files\nvidia corporation\update core\nvprofileupdater64.exe
Details	File	18	c:\program files\nvidia corporation\nvbackend\nvtmrep.exe
Details	File	17	c:\program files\videolan\vlc\npvlc.dll
Details	File	13	npadobeaamdetect64.dll
Details	File	16	npspwrap.dll
Details	File	10	nppdf32.dll
Details	File	10	npadobeaamdetect32.dll
Details	File	16	epiconlineserviceshost.exe
Details	File	5	rzsdkserver.exe
Details	File	30	containerlocalsystem.log
Details	File	26	c:\windows\system32\drivers\btha2dp.sys
Details	File	22	c:\windows\system32\drivers\bthhfenum.sys
Details	File	39	mpksldrv.sys
Details	File	2	c:\windows\system32\mpenginestore\mpksldrv.sys
Details	File	1	c:\windows\syswow64\drivers\pcasp60.sys
Details	File	2	c:\windows\system32\drivers\rzendpt.sys
Details	File	1	c:\windows\system32\drivers\rzmpos.sys
Details	File	12	c:\windows\system32\drivers\ssudmdm.sys
Details	File	16	c:\windows\system32\drivers\tap0901.sys
Details	File	8	c:\windows\system32\drivers\usbaapl64.sys
Details	File	70	c:\windows\system32\drivers\wd\wdboot.sys
Details	File	70	c:\windows\system32\drivers\wd\wdfilter.sys
Details	File	70	c:\windows\system32\drivers\wd\wdnisdrv.sys
Details	File	1	c:\users\admin\desktop\frst-olderversion 2023-10-23 19:03 - 2023-10-23 19:03 - 000000000 ___hd c:\onedrivetemp 2023-10-18 10:44 - 2023-10-18 10:44 - 000043320 _____ c:\users\admin\desktop\ata 75 summary.pdf
Details	File	1	c:\users\admin\desktop\ata 75 overview.xlsx
Details	File	1	c:\users\admin\downloads\fsdss 688 mp4.mp4
Details	File	1	c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\zoom 2023-10-16 22:25 - 2023-10-16 22:26 - 091949099 _____ c:\users\admin\desktop\iae pw1100g_b1b2_additional engine_feb23_st engineering_x.pdf
Details	File	1	c:\users\admin\downloads\fsdss 672 mp4.mp4
Details	File	1	c:\users\admin\downloads\hmn-479.mp4
Details	File	1	c:\users\admin\downloads\pred 526 mp4.mp4
Details	File	1	c:\users\admin\downloads\hmn 486 mp4.mp4
Details	File	1	c:\users\admin\appdata\local\backup 2023-10-11 22:28 - 2023-10-11 22:28 - 000016059 _____ c:\windows\system32\integratedservicesregionpolicyset.json
Details	File	1	c:\program files\mozilla firefox 2023-10-11 21:36 - 2023-10-11 21:36 - 000000000 ____d c:\programdata\plug 2023-10-10 21:31 - 2023-10-10 21:31 - 000000000 ____d c:\program files\ruxim 2023-09-28 14:17 - 2023-09-28 14:20 - 033806670 _____ c:\users\admin\downloads\dfe2fb8695c001972a4e362891a6d3181672147803-640-360-921-h264.mp4
Details	File	2	c:\users\admin\desktop\frst.txt
Details	File	1	c:\users\admin\appdata\roaming\telegram desktop 2023-10-18 11:04 - 2018-02-25 21:53 - 000000000 ____d c:\users\admin\appdata\roaming\microsoft\excel 2023-10-18 09:52 - 2018-02-03 20:26 - 000000000 ____d c:\users\admin\appdata\local\packages 2023-10-18 07:18 - 2021-02-13 22:55 - 000795738 _____ c:\windows\system32\perfstringbackup.ini
Details	File	40	c:\windows\tasks\sa.dat
Details	File	38	c:\dumpstack.log
Details	File	59	c:\windows\system32\mrt.exe
Details	File	1	c:\users\public\accountpictures 2023-10-12 21:41 - 2019-12-07 17:14 - 000000000 ___rd c:\windows\immersivecontrolpanel 2023-10-12 21:40 - 2021-02-13 22:45 - 000457416 _____ c:\windows\system32\fntcache.dat
Details	File	12	c:\windows\system32\oemdefaultassociations.dll
Details	File	21	c:\windows\syswow64\msclmd.dll
Details	File	20	c:\windows\system32\msclmd.dll
Details	File	54	c:\windows\syswow64\printconfig.dll
Details	File	1	c:\users\admin\appdata\local\oobelibmkey.log
Details	File	1	c:\users\admin\appdata\local\update_progress.txt
Details	File	86	frst.txt
Details	File	70	onedrivesetup.exe
Details	File	34	win.rar
Details	File	1	c:\users\admin\appdata\local\megasync\shellextx64.dll
Details	File	9	coresync_x64.dll
Details	File	4	contextmenushim64.dll
Details	File	19	c:\program files\winrar\rarext.dll
Details	File	19	c:\program files\winrar\rarext32.dll
Details	File	29	nvshext.dll
Details	File	1	c:\users\admin\appdata\local\megasync\qt5core.dll
Details	File	10	ochelper.dll
Details	File	4	acroiefavstub.dll
Details	File	1	c:\windows\syswow64\cgmopenbho.dll
Details	File	9	msosb.dll
Details	File	24	c:\windows\web\wallpaper\windows\img0.jpg
Details	File	2	c:\windows\web\wallpaper\theme1\img13.jpg
Details	File	1	c:\program files\bluestacks\hd-player.exe
Details	File	8	c:\program files\itunes\itunes.exe
Details	File	1	noxvmhandle.exe
Details	File	1	d:\program files\nox\bin\nox.exe
Details	File	1	wowvoiceproxy.exe
Details	File	18	mdnsresponder.exe
Details	File	10	apsdaemon.exe
Details	File	17	c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe
Details	File	1	c:\users\admin\appdata\roaming\zoom\bin\zoom.exe
Details	File	1	c:\users\admin\appdata\roaming\zoom\bin\airhost.exe
Details	File	173	outlook.exe
Details	File	35	spotify.exe
Details	File	271	chrome.exe
Details	File	76	msedgewebview2.exe
Details	File	87	skype.exe
Details	File	1	c:\users\admin\downloads\file_part1.zip
Details	File	1	file_part1.msi
Details	File	45	1.zip
Details	File	351	recycle.bin
Details	File	1	rd8yqtu.zip
Details	File	1	c:\users\admin\appdata\local\isfixedsize\izksl\instance.exe
Details	File	1	c:\windows\system32\tasks\isfixedsize\instance detection origin: local machine detection type: fastpath detection source: real-time protection process name: c:\windows\system32\svchost.exe
Details	File	92	c:\windows\system32\svchost.exe
Details	File	17	msoxmlmf.dll
Details	File	91	addition.txt
Details	IPv4	27	192.168.1.254
Details	IPv4	262	192.168.1.1
Details	IPv4	1	172.17.5.36
Details	IPv4	1	172.17.5.4
Details	IPv4	1	8.3.0.61
Details	IPv4	1	12.2.0.15
Details	IPv4	3	2.6.0.1
Details	IPv4	1	2.1.4.7
Details	IPv4	14	3.1.0.1
Details	IPv4	3	1.3.51.0
Details	IPv4	109	1.0.0.0
Details	IPv4	5	2.0.36.0
Details	IPv4	1	12.9.4.102
Details	IPv4	4	3.73.0.0
Details	IPv4	1	3.20.2.34
Details	IPv4	7	8.93.0.0
Details	IPv4	1	1.10.0.0
Details	Microsoft Patch Numbers	21	KB5001716
Details	Url	54	http://www.google.com
Details	Url	1	http://www.google.com.sg
Details	Url	1	http://myboeingfleet.com
Details	Windows Registry Key	68	HKLM\...\Run
Details	Windows Registry Key	50	HKLM-x32\...\Run
Details	Windows Registry Key	19	HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
Details	Windows Registry Key	1	HKU\S-1-5-21-1074230309-3786456183-1573165190-1001\...\Run
Details	Windows Registry Key	1	HKU\S-1-5-21-1074230309-3786456183-1573165190-1001\...\RunOnce
Details	Windows Registry Key	7	HKLM\...\Print\Monitors\Adobe
Details	Windows Registry Key	59	HKLM\Software\Microsoft\Active
Details	Windows Registry Key	1	HKU\S-1-5-21-1074230309-3786456183-1573165190-1001
Details	Windows Registry Key	12	HKLM\...\Firefox\Extensions
Details	Windows Registry Key	19	HKLM-x32\...\Firefox\Extensions
Details	Windows Registry Key	39	HKLM-x32\...\Chrome\Extension
Details	Windows Registry Key	77	HKLM-x32
Details	Windows Registry Key	18	HKLM-x32\...\Adobe
Details	Windows Registry Key	8	HKLM-x32\...\AdobeGenuineService
Details	Windows Registry Key	15	HKLM-x32\...\Battle.net
Details	Windows Registry Key	1	HKU\S-1-5-21-1074230309-3786456183-1573165190-1001\...\Discord
Details	Windows Registry Key	55	HKLM-x32\...\Google
Details	Windows Registry Key	2	HKLM-x32\...\GSmartControl
Details	Windows Registry Key	3	HKLM-x32\...\MEGAsync
Details	Windows Registry Key	12	HKLM\...\O365HomePremRetail
Details	Windows Registry Key	68	HKLM-x32\...\Microsoft
Details	Windows Registry Key	1	HKU\S-1-5-21-1074230309-3786456183-1573165190-1001\...\OneDriveSetup.exe
Details	Windows Registry Key	41	HKLM\...\Mozilla
Details	Windows Registry Key	41	HKLM\...\MozillaMaintenanceService
Details	Windows Registry Key	7	HKLM-x32\...\Razer
Details	Windows Registry Key	20	HKLM\...\VLC
Details	Windows Registry Key	30	HKLM\...\WinRAR
Details	Windows Registry Key	4	HKLM-x32\...\World
Details	Windows Registry Key	1	HKU\S-1-5-21-1074230309-3786456183-1573165190-1001\...\ZoomUMX
Details	Windows Registry Key	1	HKU\S-1-5-21-1074230309-3786456183-1573165190-1001_Classes\CLSID
Details	Windows Registry Key	1	HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost
Details	Windows Registry Key	1	HKU\S-1-5-21-1074230309-3786456183-1573165190-1001\Software\Microsoft\Internet
Details	Windows Registry Key	1	HKU\S-1-5-21-1074230309-3786456183-1573165190-1001\...\localhost
Details	Windows Registry Key	41	HKLM\System\CurrentControlSet\Control\Session
Details	Windows Registry Key	1	HKU\S-1-5-21-1074230309-3786456183-1573165190-1000\Control
Details	Windows Registry Key	1	HKU\S-1-5-21-1074230309-3786456183-1573165190-1001\Control
Details	Windows Registry Key	98	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Details	Windows Registry Key	42	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Details	Windows Registry Key	15	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost