Malwarebytes.
www.malwarebytes.com
-Log details-
Scan date: 4/25/21
Scan time: 7:09 pm.
Log file: 93339ABC-A5E0-11EB-9A80-74e6E24CA1F8.json
-Software ınformation-
Version: 4.3.0.98
Components version: 1.0.1273
Update package version: 1.0.39797
License: Free.
-System ınformation-
OS: Windows 10 (Build 19042.928)
CPU: X64.
FILE_SYSTEM: NTFS.
User: DESKTOP-KVJSMK7\Kemal
-Scan summary-
Scan type: Threat scan.
Scan ınitiated by: Manual.
Result: Completed.
Objects scanned: 305522.
Threats detected: 21.
Threats quarantined: 21.
Time elapsed: 15min, 59 sec.
-Scan options-
Memory: Enabled.
Startup: Enabled.
Filesystem: Enabled.
Archives: Enabled.
Rootkits: Disabled.
Heuristics: Enabled.
PUP: Detect.
Pum: Detect.
-Scan details-
Process: 1
Trojan. Agent, C:\USERS\KEMAL\APPDATA\LOCAL\TEMP\STEALGPX.EXE, quarantined, 511, 30292, 4E86FE67E53C0BA292B2F47AF5cc5802, EB3989977F9fb8C5E485BAB25a4D2C26DB9A7bEE49E9C5e34D381BCC3eaB3105
Module: 1
Trojan. Agent, C:\USERS\KEMAL\APPDATA\LOCAL\TEMP\STEALGPX.EXE, quarantined, 511, 30292, 4E86FE67E53C0BA292B2F47AF5cc5802, EB3989977F9fb8C5E485BAB25a4D2C26DB9A7bEE49E9C5e34D381BCC3eaB3105
Registry Key: 5
Trojan. Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\stealgpx, quarantined, 511, 30292,
Trojan. Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E716DB76-FB03-4756-AF61-3205211B9098}, quarantined, 511, 30292,
Trojan. Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{E716DB76-FB03-4756-AF61-3205211B9098}, quarantined, 511, 30292,
Trojan. Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE fıle executıon OPTIONS\SVCHOST.EXE, quarantined, 511, 30292,
Trojan. Agent, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE fıle executıon OPTIONS\SVCHOST.EXE, quarantined, 511, 30292,
Registry Value: 0
(No malicious items detected)
Registry data: 0
(No malicious items detected)
Data stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 14.
Trojan. Agent, C:\WINDOWS\SYSTEM32\TASKS\stealgpx, quarantined, 511, 30292, 6E951CB222C91830Aa59E48919D01D27, A77C639B9297637158C9dd3C56B729615F26841B2D102F04D714E90A50D7Cad1
Trojan. Agent, C:\USERS\KEMAL\APPDATA\LOCAL\TEMP\STEALGPX.EXE, quarantined, 511, 30292, 1.0.39797, ame, 4E86FE67E53C0BA292B2F47AF5cc5802, EB3989977F9fb8C5E485BAB25a4D2C26DB9A7bEE49E9C5e34D381BCC3eaB3105
Hacktool. Agent, C:\USERS\KEMAL\APPDATA\ROAMING\PROCESS.EXE, quarantined, 4007, 915640, 1.0.39797, daacEC232FDAb80e7F7ee734, dds, 01217679, AE7FA50A6734b6EA71CBBC9D42B775A7, 7E5053F23EB3946ABE5511B0681DC81628AAD802E489A33BC59C233451466DC0
Trojan. PowerShell, C:\USERS\KEMAL\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\DEFENDER.EXE, quarantined, 5649, 907335, 1.0.39797, bde3B831DD9EE88BFB0a23A9, dds, 01217679, A32174FC6008FF4A8E74608BD3491ACF, AB7948D3F7B00A906F0967CA7957CB73652D8C432A52a5E6524D977949F4E26D
Trojan. PowerShell, C:\USERS\KEMAL\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\PROCESS.EXE, quarantined, 5649, 907335, 1.0.39797, C78B3139CEe9B04E36A0def2, dds, 01217679, bfCE7290A7afd7B96B5A1e2C474A524D, 881BC742A25C188A8CF652E776E7A7AD17753AFD4902CAecc7D731664a0da155
Riskware. Bitcoinminer, C:\USERS\KEMAL\APPDATA\LOCAL\TEMP\5367.TMP\DEFENDER.EXE, quarantined, 909, 930555, 1.0.39797, 14154AE4B587CA9578ae3845, dds, 01217679, 3C9dCC91E05DC05A01FFF739E40474D7, 6dd7b3D944595429136366B908FD18D3cAC315C6F1453DD4Cb5bcafa9e9A95A6
Riskware. Bitcoinminer, C:\USERS\KEMAL\APPDATA\LOCAL\TEMP\B5AB.TMP\DEFENDER.EXE, quarantined, 909, 930555, 1.0.39797, 14154AE4B587CA9578ae3845, dds, 01217679, 3C9dCC91E05DC05A01FFF739E40474D7, 6dd7b3D944595429136366B908FD18D3cAC315C6F1453DD4Cb5bcafa9e9A95A6
Riskware. Bitcoinminer, C:\USERS\KEMAL\APPDATA\LOCAL\TEMP\1494.TMP\DEFENDER.EXE, quarantined, 909, 930555, 1.0.39797, 14154AE4B587CA9578ae3845, dds, 01217679, 3C9dCC91E05DC05A01FFF739E40474D7, 6dd7b3D944595429136366B908FD18D3cAC315C6F1453DD4Cb5bcafa9e9A95A6
Riskware. Bitcoinminer, C:\USERS\KEMAL\APPDATA\LOCAL\TEMP\CCD8.TMP\DEFENDER.EXE, quarantined, 909, 930555, 1.0.39797, 14154AE4B587CA9578ae3845, dds, 01217679, 3C9dCC91E05DC05A01FFF739E40474D7, 6dd7b3D944595429136366B908FD18D3cAC315C6F1453DD4Cb5bcafa9e9A95A6
Riskware. Bitcoinminer, C:\USERS\KEMAL\APPDATA\LOCAL\TEMP\EEB0.TMP\DEFENDER.EXE, quarantined, 909, 930555, 1.0.39797, 14154AE4B587CA9578ae3845, dds, 01217679, 3C9dCC91E05DC05A01FFF739E40474D7, 6dd7b3D944595429136366B908FD18D3cAC315C6F1453DD4Cb5bcafa9e9A95A6
Riskware. Bitcoinminer, C:\USERS\KEMAL\APPDATA\LOCAL\TEMP\D4B1.TMP\DEFENDER.EXE, quarantined, 909, 930555, 1.0.39797, 14154AE4B587CA9578ae3845, dds, 01217679, 3C9dCC91E05DC05A01FFF739E40474D7, 6dd7b3D944595429136366B908FD18D3cAC315C6F1453DD4Cb5bcafa9e9A95A6
Spyware. Lokibot, C:\USERS\KEMAL\APPDATA\LOCAL\TEMP\RAR$EXB3964.7266\VALORANT_BOT_2021 X32.EXE, quarantined, 4263, 861286, 1.0.39797, BB85ECCCdEF063964D982ed8, dds, 01217679, B0149AE6ceef6efdb7D4ED674F6B2872, 0A2547FD9188E8794CA33CC8E40D0cb3F5F9622BF8886A589212038C82423967
Riskware. Avdis. Msıl, C:\USERS\KEMAL\APPDATA\LOCAL\TEMP\RARSFX1\INJECTION-PATCHER.EXE, quarantined, 14855, 776730, 1.0.39797, dDC22EFCB7F208D5C9bb019e, dds, 01217679, B717AFB98cdd2BD66E91E1E02E57D0ba, 9292F5FEbAA31C693A62CB8025A5eb6ce9b7CD86F51E7CF0eaf8B02F57C13146
Trojan. Agent, C:\USERS\KEMAL\APPDATA\LOCAL\TEMP\RARSFX2\SVCHOST.EXE, quarantined, 511, 30292, 1.0.39797, ame, 4E86FE67E53C0BA292B2F47AF5cc5802, EB3989977F9fb8C5E485BAB25a4D2C26DB9A7bEE49E9C5e34D381BCC3eaB3105
Physical sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(End)