Categories > Exploiting > Roblox >

[CW] Evon being a Coin miner

SPECTRE_

Posts: 2

Threads: 1

Joined: Jul, 2024

Reputation: 0

Posted

Hello everyone,

 

Today I ran malwarebytes on my old pc and as its scanning everything its finding things that are hooking in to system32 and well thats not normal and nothing should be hooked to system32 thats not something windows made or your computer company did not make. Evon was also changing things in the REGISTRY KEY nothing should be doing that not even things you download from a website or even here i only made this as I want everyone to stay safe and to never ever ever download even when it comes back out this just proves that sakpot a well trusted man is money hungry stay safe yall.

 

Thanks everyone for reading here is a copy of the report ofc all my info is deleted

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/1/2024
Scan Time: 3:20 PM
Log File: eacddd8c-504b-11ef-ba8a-0897989f2734.json

-Software Information-


-System Information-


-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 469318
Threats Detected: 21
Threats Quarantined: 21
Time Elapsed: 16 min, 2 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
File system: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 3
RiskWare.CoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\EvonUpdateCheck, Quarantined, 2778, 1187616, 1.0.87372, , ame, , , 
RiskWare.CoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{1AD232F5-BA26-467F-8D79-B88A31FFD6B9}, Quarantined, 2778, 1187616, 1.0.87372, , ame, , , 
RiskWare.CoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\BOOT\{1AD232F5-BA26-467F-8D79-B88A31FFD6B9}, Quarantined, 2778, 1187616, 1.0.87372, , ame, , , 

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 18
RiskWare.CoinMiner, C:\WINDOWS\SYSTEM32\TASKS\EVONUPDATECHECK, Quarantined, 2778, 1187616, 1.0.87372, , ame, , C666AB4A576C4B7F0652575E4F24B492, 09C63F004C3FD4010D09FA4B2E4FA9689D54E4EABA04323A488FBE44CCDDD26B
PUP.Optional.BundleInstaller, C:\USERS\ \APPDATA\LOCAL\SETUP18320.EXE, Quarantined, 70, 947187, 1.0.87372, , ame, , 29D3A70CEC060614E1691E64162A6C1E, CC70B093A19610E9752794D757AEC9EF07CA862EA9267EC6F9CC92B2AA882C72
PUP.Optional.BundleInstaller, C:\USERS\ \APPDATA\LOCAL\SETUP96728.EXE, Quarantined, 70, 947187, 1.0.87372, , ame, , 29D3A70CEC060614E1691E64162A6C1E, CC70B093A19610E9752794D757AEC9EF07CA862EA9267EC6F9CC92B2AA882C72
PUP.Optional.BundleInstaller, C:\USERS\ \APPDATA\LOCAL\SETUP19724.EXE, Quarantined, 70, 947187, 1.0.87372, , ame, , 29D3A70CEC060614E1691E64162A6C1E, CC70B093A19610E9752794D757AEC9EF07CA862EA9267EC6F9CC92B2AA882C72
PUP.Optional.BundleInstaller, C:\USERS\ \APPDATA\LOCAL\SETUP06278.EXE, Quarantined, 70, 947187, 1.0.87372, , ame, , 29D3A70CEC060614E1691E64162A6C1E, CC70B093A19610E9752794D757AEC9EF07CA862EA9267EC6F9CC92B2AA882C72
PUP.Optional.BundleInstaller, C:\USERS\ \APPDATA\LOCAL\SETUP68914.EXE, Quarantined, 70, 947187, 1.0.87372, , ame, , 29D3A70CEC060614E1691E64162A6C1E, CC70B093A19610E9752794D757AEC9EF07CA862EA9267EC6F9CC92B2AA882C72
PUP.Optional.BundleInstaller, C:\USERS\ \APPDATA\LOCAL\SETUP06729.EXE, Quarantined, 70, 947187, 1.0.87372, , ame, , 29D3A70CEC060614E1691E64162A6C1E, CC70B093A19610E9752794D757AEC9EF07CA862EA9267EC6F9CC92B2AA882C72
PUP.Optional.BundleInstaller, C:\USERS\ \APPDATA\LOCAL\SETUP73254.EXE, Quarantined, 70, 947187, 1.0.87372, , ame, , 29D3A70CEC060614E1691E64162A6C1E, CC70B093A19610E9752794D757AEC9EF07CA862EA9267EC6F9CC92B2AA882C72
PUP.Optional.BundleInstaller, C:\USERS\ \APPDATA\LOCAL\SETUP16405.EXE, Quarantined, 70, 947187, 1.0.87372, , ame, , 29D3A70CEC060614E1691E64162A6C1E, CC70B093A19610E9752794D757AEC9EF07CA862EA9267EC6F9CC92B2AA882C72
PUP.Optional.BundleInstaller, C:\USERS\ \APPDATA\LOCAL\SETUP85231.EXE, Quarantined, 70, 947187, 1.0.87372, , ame, , 29D3A70CEC060614E1691E64162A6C1E, CC70B093A19610E9752794D757AEC9EF07CA862EA9267EC6F9CC92B2AA882C72
PUP.Optional.BundleInstaller, C:\USERS\ \APPDATA\LOCAL\SETUP28790.EXE, Quarantined, 70, 947187, 1.0.87372, , ame, , 29D3A70CEC060614E1691E64162A6C1E, CC70B093A19610E9752794D757AEC9EF07CA862EA9267EC6F9CC92B2AA882C72
RiskWare.CoinMiner, C:\PROGRAM FILES\EVON\EVONUPDATE\EVONUPDATER.EXE, Quarantined, 2778, 1187560, 1.0.87372, , ame, , 1593D103F927BAB8456374EC1A965F32, 6131CC715E5EFFDCC74A7EC8E23E4888B255F62FAAB48D1D0084D162ECD9B3BE
RiskWare.ProcessHacker, C:\PROGRAM FILES\PROCESS HACKER 2\KPROCESSHACKER.SYS, Quarantined, 8457, 1005245, 1.0.87372, , ame, , 1B5C3C458E31BEDE55145D0644E88D75, 70211A3F90376BBC61F49C22A63075D1D4DDD53F0AEFA976216C46E6BA39A9F4
RiskWare.ProcessHacker, C:\PROGRAM FILES\PROCESS HACKER 2\X86\PROCESSHACKER.EXE, Quarantined, 8457, 1002709, 1.0.87372, , ame, , 68F9B52895F4D34E74112F3129B3B00D, D4A0FE56316A2C45B9BA9AC1005363309A3EDC7ACF9E4DF64D326A0FF273E80F
RiskWare.ProcessHacker, C:\PROGRAM FILES\PROCESS HACKER 2\PROCESSHACKER.EXE, Quarantined, 8457, 1002709, 1.0.87372, , ame, , B365AF317AE730A67C936F21432B9C71, BD2C2CF0631D881ED382817AFCCE2B093F4E412FFB170A719E2762F250ABFEA4
RiskWare.ProcessHacker, C:\USERS\ \ONEDRIVE\DESKTOP\Process Hacker 2.lnk, Quarantined, 8457, 1002709, 1.0.87372, , ame, , 02BBD4546F83E14675182A9D5BC4709E, B334255A9A37F497B4E0189CDA19C8027E8A5D40476140FBE9FAB0D99F6836C1

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

  • 0

Zera

Casual Femboy Agent

vip

Posts: 1537

Threads: 39

Joined: Mar, 2020

Reputation: 40

Replied

Evon still works post-byfron? Well I wouldn't understand the purpose of adding a registry key and the mention of process hacker. Anyone want to fill me in on the purpose of Evon doing this?

 

RiskWare.ProcessHacker, C:\PROGRAM FILES\PROCESS HACKER 2\KPROCESSHACKER.SYS, Quarantined, 8457, 1005245, 1.0.87372, , ame, , 1B5C3C458E31BEDE55145D0644E88D75, 70211A3F90376BBC61F49C22A63075D1D4DDD53F0AEFA976216C46E6BA39A9F4
RiskWare.ProcessHacker, C:\PROGRAM FILES\PROCESS HACKER 2\X86\PROCESSHACKER.EXE, Quarantined, 8457, 1002709, 1.0.87372, , ame, , 68F9B52895F4D34E74112F3129B3B00D, D4A0FE56316A2C45B9BA9AC1005363309A3EDC7ACF9E4DF64D326A0FF273E80F
RiskWare.ProcessHacker, C:\PROGRAM FILES\PROCESS HACKER 2\PROCESSHACKER.EXE, Quarantined, 8457, 1002709, 1.0.87372, , ame, , B365AF317AE730A67C936F21432B9C71, BD2C2CF0631D881ED382817AFCCE2B093F4E412FFB170A719E2762F250ABFEA4
RiskWare.ProcessHacker, C:\USERS\ \ONEDRIVE\DESKTOP\Process Hacker 2.lnk, Quarantined, 8457, 1002709, 1.0.87372, , ame, , 02BBD4546F83E14675182A9D5BC4709E, B334255A9A37F497B4E0189CDA19C8027E8A5D40476140FBE9FAB0D99F6836C1

RiskWare.CoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\EvonUpdateCheck, Quarantined, 2778, 1187616, 1.0.87372, , ame, , , 
RiskWare.CoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{1AD232F5-BA26-467F-8D79-B88A31FFD6B9}, Quarantined, 2778, 1187616, 1.0.87372, , ame, , , 
RiskWare.CoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\BOOT\{1AD232F5-BA26-467F-8D79-B88A31FFD6B9}, Quarantined, 2778, 1187616, 1.0.87372, , ame, , ,

Comments

SPECTRE_ 0 Reputation

Commented

Evon is coming back and sakpot said on one of the newer videos im just saying so people dont download evon and have there pc f**ked like my old one evon f**ked it so bad i had to take the back casing off and but a new storage drive stick

  • 0

  • 0

https://cdn.discordapp.com/attachments/995469995742068832/1073019970012848228/Untitled39_20220604185345.png

Users viewing this thread:

( Members: 0, Guests: 1, Total: 1 )