Техническая информация
Для обеспечения автозапуска и распространения
Модифицирует следующие ключи реестра
- [<HKLM>\Software\Classes\malwarebytes\shell\open\command] '' = '"%ProgramFiles%\Malwarebytes\Anti-Malware\assistant.exe" -uri "%1"'
Устанавливает следующие настройки сервисов
- [<HKLM>\System\CurrentControlSet\Services\MBAMService] 'ImagePath' = '"%ProgramFiles%\Malwarebytes\Anti-Malware\mbamservice.exe"'
- [<HKLM>\System\CurrentControlSet\Services\MBAMSwissArmy] 'ImagePath' = 'system32\DRIVERS\mbamswissarmy.sys'
- [<HKLM>\System\CurrentControlSet\Services\MBAMSwissArmy] 'ImagePath' = '<DRIVERS>\mbamswissarmy.sys'
- [<HKLM>\System\CurrentControlSet\Services\MBAMService] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\MBAMFarflt] 'ImagePath' = 'system32\DRIVERS\farflt.sys'
Создает следующие сервисы
- 'MBAMService' "%ProgramFiles%\Malwarebytes\Anti-Malware\mbamservice.exe"
- 'MBAMService' %ProgramFiles%\Malwarebytes\Anti-Malware\mbamservice.exe
- 'MBAMSwissArmy' system32\DRIVERS\mbamswissarmy.sys
- 'MBAMSwissArmy' <DRIVERS>\mbamswissarmy.sys
- 'MBAMFarflt' system32\DRIVERS\farflt.sys
Вредоносные функции
Запускает на исполнение
- '<SYSTEM32>\netsh.exe' firewall set opmode enable
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="Malwarebytes" dir=out action=block program="%ProgramFiles%\Malwarebytes\Anti-Malware\MBAMService.exe"
Регистрирует фильтр файловой системы
- [<HKLM>\System\CurrentControlSet\Services\MBAMFarflt] 'Group' = 'FSFilter Activity Monitor'
Изменения в файловой системе
Создает следующие файлы
- %TEMP%\aut190c.tmp
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-ugoae.tmp
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-di9it.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-jult8.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-81sci.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-kq4i9.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-0qip2.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-gmu72.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-4foua.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-8jreg.tmp
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-tfpnk.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-s90ac.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-l7ui0.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-9omu5.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-v2q1e.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-0v5gb.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-psdfp.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-shq4n.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-ko6me.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-459ob.tmp
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-dbjho.tmp
- %ProgramFiles%\malwarebytes\anti-malware\serviceconfig.json
- %TEMP%\mb_errors2656.log
- %TEMP%\is-mpdvc.tmp\digicertevroot.crt
- %TEMP%\is-mpdvc.tmp\baltimorecybertrustroot.crt
- %ProgramFiles%\malwarebytes\anti-malware\unins000.dat
- %ProgramFiles%\malwarebytes\anti-malware\unins000.msg
- C:\users\public\desktop\malwarebytes.lnk
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\malwarebytes\uninstall malwarebytes.lnk
- %ProgramFiles%\malwarebytes\anti-malware\is-nd145.tmp
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-ja7oe.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-8a00e.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-2hm9g.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-nqt7v.tmp
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-i61c3.tmp
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-d93mp.tmp
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-dhsfc.tmp
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-jedku.tmp
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-fhn1m.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-5qmvd.tmp
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-fssbm.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-8vsm9.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-tn73v.tmp
- <DRIVERS>\is-60rpb.tmp
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-pkc79.tmp
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-3r2aq.tmp
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-3n6li.tmp
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-r14vi.tmp
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-sc2h7.tmp
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-n3qt0.tmp
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-edh7d.tmp
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-27c25.tmp
- %ProgramFiles%\malwarebytes\anti-malware\serviceconfig.json.bak
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-871mv.tmp
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-1rn19.tmp
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-t6qft.tmp
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-sheag.tmp
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-1ufcs.tmp
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-do1tc.tmp
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-dqte4.tmp
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-uocgb.tmp
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-k2851.tmp
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-snuhh.tmp
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\malwarebytes\malwarebytes.lnk
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-rttlg.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-05ub2.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-elq1f.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-h5hcs.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-pt4de.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-stfuq.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-nu7va.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-3abls.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-80kr1.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-ebhkh.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-l42th.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-pm5ds.tmp
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-q9kpa.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-ipstc.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-vmfg8.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-jge5l.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-edcij.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-hrblk.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-c1g5m.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-hsqku.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-b32tc.tmp
- %ProgramFiles%\malwarebytes\anti-malware\securityproductinformation.ini
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\prot.mbdb
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\rdefs.mbdb
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\spconfigfile.json
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\aeconfig.json.bak
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\aeconfig.json
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\arwcontrollerconfig.json.bak
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\arwcontrollerconfig.json
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021161414077-usrclass.dat.log1
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021161414077-ntuser.dat.log1
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-06072021161413983-ntuser.dat.log1
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\spconfigfile.json.bak
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-06072021161413921-ntuser.dat.log1
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021161414077-usrclass.dat
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021161414077-ntuser.dat
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-06072021161413983-ntuser.dat
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-06072021161413921-ntuser.dat
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-06072021161413890-ntuser.dat
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\mwaccontrollerconfig.json.bak
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\mwaccontrollerconfig.json
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021161404653-usrclass.dat.log1
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-06072021161413890-ntuser.dat.log1
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-06072021161426620-ntuser.dat
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-sqtq1.tmp
- %LOCALAPPDATA%\microsoft\windows\history\low\desktop.ini
- %ProgramFiles%\malwarebytes\anti-malware\sdk\mwac.tmf
- %ProgramFiles%\malwarebytes\anti-malware\sdk\mwac.cat
- %ProgramFiles%\malwarebytes\anti-malware\sdk\mwac.inf
- %ProgramFiles%\malwarebytes\anti-malware\sdk\mwac.sys
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\logs\mbae-default.log
- <DRIVERS>\set7ced.tmp
- %ProgramFiles%\malwarebytes\anti-malware\sdk\farflt.cat
- %ProgramFiles%\malwarebytes\anti-malware\sdk\farflt.inf
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021161404653-ntuser.dat.log1
- %ProgramFiles%\malwarebytes\anti-malware\sdk\farflt.sys
- %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\index.dat
- %APPDATA%\microsoft\windows\cookies\low\index.dat
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\2hnmy0jl\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\hl8oye8o\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\21objmam\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\x9xiid05\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\index.dat
- %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\desktop.ini
- %ProgramFiles%\malwarebytes\anti-malware\sdk\mbamswissarmy.tmf
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-06072021161404575-ntuser.dat.log1
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\telemctrlconfig.json
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\irisdata.json
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\updatecontrollerconfig.json.bak
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\updatecontrollerconfig.json
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\licenseconfig.json.bak
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\licenseconfig.json
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\logs\mbamservice.log
- %ProgramFiles%\malwarebytes\anti-malware\mbshlext.dll
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\policiesconfig.json.bak
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\cloudconfig.json
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\policiesconfig.json
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\dbmanifest2.dat
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\dynconfig.dat
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\exclusions.txt
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\clean.mbdb
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\wprot2.mbdb
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tids.mbdb
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\scan.mbdb
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\rules.mbdb
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\mbdigsig2.dat
- %ProgramFiles%\malwarebytes\anti-malware\sdk\mbamchameleon.sys
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-06072021161404450-ntuser.dat.log1
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\telemctrlconfig.json.bak
- %WINDIR%\temp\udd2be0.tmp
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021161404653-usrclass.dat
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021161404653-ntuser.dat
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-06072021161404575-ntuser.dat
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-06072021161404481-ntuser.dat
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-06072021161404450-ntuser.dat
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\rtpconfig.json.bak
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\rtpconfig.json
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-06072021161404481-ntuser.dat.log1
- <DRIVERS>\set203c.tmp
- %ProgramFiles%\malwarebytes\anti-malware\sdk\mbamswissarmy.cat
- %ProgramFiles%\malwarebytes\anti-malware\sdk\mbamswissarmy.inf
- %ProgramFiles%\malwarebytes\anti-malware\sdk\mbamswissarmy.sys
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\scanconfig.json.bak
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\scanconfig.json
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\cleancontrollerconfig.json.bak
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\cleancontrollerconfig.json
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\telemetry.json
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\cloudconfig.json.bak
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\desktop.ini
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-jelm2.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-vr5a6.tmp
- %ProgramFiles%\malwarebytes\anti-malware\iconengines\is-t7ah0.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\is-2qrg5.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\is-cmtue.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\is-1j5ji.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-qbl1q.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-ulcgu.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-rm6sq.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-k0nrq.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-3asl1.tmp
- %ProgramFiles%\malwarebytes\anti-malware\imageformats\is-so8g3.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-flh5d.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-t4tsh.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-90apk.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-bj3jm.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-gocmi.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-4jcev.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-qnad3.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-rclj9.tmp
- %TEMP%\is-mpdvc.tmp\innocallback.dll
- %ProgramFiles%\malwarebytes\anti-malware\platforms\is-5rsff.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-4hmpt.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-4a7le.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-ak6pq.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\styles\flat\is-8hi8h.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\styles\flat\is-f9rlt.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\is-7m8t8.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\is-q5hb5.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\is-gp5pd.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-mjto6.tmp
- %ProgramFiles%\malwarebytes\anti-malware\imageformats\is-3i5uf.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\is-0odjt.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\is-ecp5b.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\is-7cvef.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\is-k2vsv.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\is-4t4ka.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\is-pgivk.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\is-do8rh.tmp
- %ProgramFiles%\malwarebytes\anti-malware\styles\is-cs1bc.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\is-tlva0.tmp
- %ProgramFiles%\malwarebytes\anti-malware\scenegraph\is-dncgj.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-fttie.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-g7m0b.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-l339v.tmp
- C:\gecici_proje_klasoru\e.link.exe
- C:\gecici_proje_klasoru\r.reg
- %TEMP%\aut5f85.tmp
- C:\gecici_proje_klasoru\mçik.exe
- %TEMP%\aut58d0.tmp
- C:\gecici_proje_klasoru\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11402.exe
- %TEMP%\aut4417.tmp
- C:\gecici_proje_klasoru\m.exe
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-do0jf.tmp
- C:\gecici_proje_klasoru\si̇l.bat
- %TEMP%\aut4000.tmp
- C:\gecici_proje_klasoru\2.exe
- %TEMP%\aut3101.tmp
- C:\gecici_proje_klasoru\1.exe
- %TEMP%\aut1b01.tmp
- C:\gecici_proje_klasoru\klp.png
- %TEMP%\aut1a06.tmp
- C:\gecici_proje_klasoru\grey.gif
- %TEMP%\aut4261.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\is-0foqm.tmp
- %TEMP%\aut6236.tmp
- nul
- C:\gecici_proje_klasoru\si̇l.exe
- %ProgramFiles%\malwarebytes\anti-malware\is-8s61o.tmp
- %TEMP%\is-mpdvc.tmp\mb-header-options100.bmp
- %TEMP%\is-mpdvc.tmp\mb-work-image100.bmp
- %TEMP%\is-mpdvc.tmp\mb-personal-image100.bmp
- %TEMP%\is-mpdvc.tmp\mb-header100.bmp
- %TEMP%\is-mpdvc.tmp\malwarebytes_privacypolicy.htm
- %TEMP%\is-mpdvc.tmp\malwarebytes_enduserlicenseagreement.htm
- %TEMP%\69ba.tmp\sГЅl.bat
- %TEMP%\is-mpdvc.tmp\languages.txt
- %TEMP%\aut60dd.tmp
- %TEMP%\is-mpdvc.tmp\suhlpr.dll
- %TEMP%\is-mpdvc.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-mpdvc.tmp\_isetup\_setup64.tmp
- %TEMP%\setup log 2021-06-07 #001.txt
- %TEMP%\is-usgp0.tmp\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11402.tmp
- %ALLUSERSPROFILE%\mb2migration\exclusions.dat
- %ALLUSERSPROFILE%\mb2migration\configuration\license.conf
- %TEMP%\mb_setup2060.log
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-p7g3j.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-osu5b.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-s9f4d.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-fl0f6.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-jqdvd.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-7b35t.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-66re8.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-jdbl5.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-oboh6.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-jl87l.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-tvhgp.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-unjfd.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-5jli9.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-jo3e6.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-6594a.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-q7q2p.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-58nbh.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-jljvn.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-13da0.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-9406t.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-k5s6h.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-6tqaq.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-37ugi.tmp
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-jlara.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-6e184.tmp
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-2mapd.tmp
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-ur1ku.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-lvk7m.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-e6qe3.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-2ef1r.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-hi7c1.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-aceln.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-lsqhg.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-8s16h.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-j38tg.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-pmt9k.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-7rhcg.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-dr0qn.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-f6qbq.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-6h2bm.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-85tqa.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-qtrbm.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-l2jr0.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-pib6l.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\is-9v3bs.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-1tan5.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-dolvj.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\is-ot16r.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\is-5lqtu.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-f8dej.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-ph44v.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-ilrh3.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-5pj0j.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-8gagh.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-f8qap.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\is-bpn0l.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-vol59.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-09dnv.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-brmr8.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-m7ibi.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-hsq3s.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-oedn6.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-uqsjm.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-eeog8.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-bd1f0.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-2haeq.tmp
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-o3ur1.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-4co35.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-4s127.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-iocgr.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-nbpl1.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-magv4.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\is-o4msj.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\is-tq3gu.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\is-tn80r.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\is-iqj7m.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\is-vrr23.tmp
- %ProgramFiles%\malwarebytes\anti-malware\is-gcs2u.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\is-5nht1.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\is-hbacs.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\is-8inmu.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\is-r3jfd.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\is-8u2rb.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\is-3fj2v.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-qdaib.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-p4669.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-krh8h.tmp
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-vps3u.tmp
- <DRIVERS>\set8103.tmp
Присваивает атрибут 'скрытый' для следующих файлов
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\x9xiid05\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\21objmam\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\hl8oye8o\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\2hnmy0jl\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\desktop.ini
Удаляет следующие файлы
- %TEMP%\aut190c.tmp
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-06072021161404481-ntuser.dat.log1
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-06072021161404575-ntuser.dat
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-06072021161404575-ntuser.dat.log1
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021161404653-ntuser.dat
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021161404653-ntuser.dat.log1
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021161404653-usrclass.dat
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021161404653-usrclass.dat.log1
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-06072021161413890-ntuser.dat
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-06072021161413890-ntuser.dat.log1
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-06072021161413921-ntuser.dat
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-06072021161413921-ntuser.dat.log1
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-06072021161413983-ntuser.dat
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-06072021161413983-ntuser.dat.log1
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021161414077-ntuser.dat.log1
- %TEMP%\is-mpdvc.tmp\_isetup\_shfoldr.dll
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021161414077-usrclass.dat
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021161414077-usrclass.dat.log1
- %ALLUSERSPROFILE%\mb2migration\configuration\license.conf
- %ALLUSERSPROFILE%\mb2migration\exclusions.dat
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-06072021161426620-ntuser.dat
- %TEMP%\is-mpdvc.tmp\baltimorecybertrustroot.crt
- %TEMP%\is-mpdvc.tmp\digicertevroot.crt
- %TEMP%\is-mpdvc.tmp\innocallback.dll
- %TEMP%\is-mpdvc.tmp\languages.txt
- %TEMP%\is-mpdvc.tmp\malwarebytes_enduserlicenseagreement.htm
- %TEMP%\is-mpdvc.tmp\malwarebytes_privacypolicy.htm
- %TEMP%\is-mpdvc.tmp\suhlpr.dll
- %TEMP%\is-mpdvc.tmp\_isetup\_setup64.tmp
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-06072021161404481-ntuser.dat
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021161414077-ntuser.dat
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-06072021161404450-ntuser.dat.log1
- %TEMP%\is-mpdvc.tmp\mb-header-options100.bmp
- %TEMP%\aut1a06.tmp
- %TEMP%\aut1b01.tmp
- %TEMP%\aut3101.tmp
- %TEMP%\aut4000.tmp
- %TEMP%\aut4261.tmp
- %TEMP%\aut4417.tmp
- %TEMP%\aut58d0.tmp
- %TEMP%\aut5f85.tmp
- %TEMP%\aut60dd.tmp
- %TEMP%\aut6236.tmp
- %TEMP%\is-mpdvc.tmp\mb-header100.bmp
- %TEMP%\is-mpdvc.tmp\mb-personal-image100.bmp
- %TEMP%\is-mpdvc.tmp\mb-work-image100.bmp
- %ProgramFiles%\malwarebytes\anti-malware\languages\lang_es.qm
- %WINDIR%\temp\udd2be0.tmp
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\clean.mbdb
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\dbmanifest2.dat
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\dynconfig.dat
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\exclusions.txt
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\mbdigsig2.dat
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\prot.mbdb
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\rdefs.mbdb
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\rules.mbdb
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\scan.mbdb
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\tids.mbdb
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\wprot2.mbdb
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\pkgvers.dat
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\version.dat
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-06072021161404450-ntuser.dat
- %TEMP%\is-usgp0.tmp\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11402.tmp
Перемещает следующие файлы
- %ProgramFiles%\malwarebytes\anti-malware\is-8s61o.tmp в %ProgramFiles%\malwarebytes\anti-malware\unins000.exe
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-uocgb.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_pl.qm
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-dqte4.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_pt_br.qm
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-do1tc.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_pt_pt.qm
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-1ufcs.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_ru.qm
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-t6qft.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_sv.qm
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-1rn19.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_da.qm
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-pkc79.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_no.qm
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-snuhh.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_fi.qm
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-27c25.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_ja.qm
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-sqtq1.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_it.qm
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-k2851.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_nl.qm
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-edh7d.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_hu.qm
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-r14vi.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_ko.qm
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-3n6li.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_ro.qm
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-3r2aq.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_hr.qm
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-q9kpa.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_sl.qm
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-871mv.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_sk.qm
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-rttlg.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_bg.qm
- %ProgramFiles%\malwarebytes\anti-malware\is-elq1f.tmp в %ProgramFiles%\malwarebytes\anti-malware\mbamwsc.exe
- %ProgramFiles%\malwarebytes\anti-malware\is-l42th.tmp в %ProgramFiles%\malwarebytes\anti-malware\mbamservice.exe
- %ProgramFiles%\malwarebytes\anti-malware\is-05ub2.tmp в %ProgramFiles%\malwarebytes\anti-malware\arwcontrollerimpl.dll
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-n3qt0.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_cs.qm
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-sc2h7.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_zh_tw.qm
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-jelm2.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_fr.qm
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-o3ur1.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_de.qm
- %ProgramFiles%\malwarebytes\anti-malware\is-c1g5m.tmp в %ProgramFiles%\malwarebytes\anti-malware\cloudcontrollerimpl.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-pib6l.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-timezone-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-vr5a6.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-util-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-6e184.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-xstate-l2-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-l2jr0.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-conio-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-qtrbm.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-convert-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-85tqa.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-environment-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-6h2bm.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-filesystem-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-f6qbq.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-heap-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-dr0qn.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-locale-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-7rhcg.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-math-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-pmt9k.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-multibyte-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-37ugi.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-private-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-j38tg.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-process-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-lsqhg.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-runtime-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-aceln.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-stdio-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-hi7c1.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-string-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-2ef1r.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-time-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-e6qe3.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-utility-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-lvk7m.tmp в %ProgramFiles%\malwarebytes\anti-malware\ucrtbase.dll
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-ur1ku.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_en_gb.qm
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-2mapd.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_en_us.qm
- %ProgramFiles%\malwarebytes\anti-malware\is-hsqku.tmp в %ProgramFiles%\malwarebytes\anti-malware\cleancontrollerimpl.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-fl0f6.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-synch-l1-2-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\languages\is-jlara.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_es.qm
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\is-5nht1.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\plugins.qmltypes
- %ProgramFiles%\malwarebytes\anti-malware\is-hrblk.tmp в %ProgramFiles%\malwarebytes\anti-malware\licensecontrollerimpl.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-gmu72.tmp в %ProgramFiles%\malwarebytes\anti-malware\mbampt.exe
- %ProgramFiles%\malwarebytes\anti-malware\is-0qip2.tmp в %ProgramFiles%\malwarebytes\anti-malware\mbae.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-kq4i9.tmp в %ProgramFiles%\malwarebytes\anti-malware\mbamelam.sys
- %ProgramFiles%\malwarebytes\anti-malware\is-81sci.tmp в %ProgramFiles%\malwarebytes\anti-malware\mbamelam.cat
- %ProgramFiles%\malwarebytes\anti-malware\is-jult8.tmp в %ProgramFiles%\malwarebytes\anti-malware\mbamelam.inf
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-di9it.tmp в %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\clean.mbdb
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-ugoae.tmp в %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\prot.mbdb
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-ja7oe.tmp в %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\rdefs.mbdb
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-tfpnk.tmp в %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\rules.mbdb
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-dbjho.tmp в %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\scan.mbdb
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-fssbm.tmp в %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\tids.mbdb
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-fhn1m.tmp в %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\wprot2.mbdb
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-jedku.tmp в %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\exclusions.txt
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-dhsfc.tmp в %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\dynconfig.dat
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-d93mp.tmp в %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\dbmanifest2.dat
- %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-i61c3.tmp в %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\mbdigsig2.dat
- %ProgramFiles%\malwarebytes\anti-malware\is-nqt7v.tmp в %ProgramFiles%\malwarebytes\anti-malware\pkgvers.dat
- %ProgramFiles%\malwarebytes\anti-malware\is-2hm9g.tmp в %ProgramFiles%\malwarebytes\anti-malware\version.dat
- %ProgramFiles%\malwarebytes\anti-malware\is-8a00e.tmp в %ProgramFiles%\malwarebytes\anti-malware\7z.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-5qmvd.tmp в %ProgramFiles%\malwarebytes\anti-malware\zlib.dll
- %ProgramFiles%\malwarebytes\anti-malware\pkgvers.dat в %ALLUSERSPROFILE%\malwarebytes\mbamservice\pkgvers.dat
- %ProgramFiles%\malwarebytes\anti-malware\version.dat в %ALLUSERSPROFILE%\malwarebytes\mbamservice\version.dat
- <DRIVERS>\set203c.tmp в <DRIVERS>\mbamswissarmy.sys
- %ProgramFiles%\malwarebytes\anti-malware\is-4foua.tmp в %ProgramFiles%\malwarebytes\anti-malware\selfprotectionsdk.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-jqdvd.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-synch-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-unjfd.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-sysinfo-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-s90ac.tmp в %ProgramFiles%\malwarebytes\anti-malware\rtpshim.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-jge5l.tmp в %ProgramFiles%\malwarebytes\anti-malware\policiescontrollerimpl.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-vmfg8.tmp в %ProgramFiles%\malwarebytes\anti-malware\rtpcontrollerimpl.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-ipstc.tmp в %ProgramFiles%\malwarebytes\anti-malware\scancontrollerimpl.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-459ob.tmp в %ProgramFiles%\malwarebytes\anti-malware\telemetrycontrollerimpl.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-b32tc.tmp в %ProgramFiles%\malwarebytes\anti-malware\aecontrollerimpl.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-pm5ds.tmp в %ProgramFiles%\malwarebytes\anti-malware\updatecontrollerimpl.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-ebhkh.tmp в %ProgramFiles%\malwarebytes\anti-malware\spcontrollerimpl.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-80kr1.tmp в %ProgramFiles%\malwarebytes\anti-malware\actions.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-3abls.tmp в %ProgramFiles%\malwarebytes\anti-malware\actionsshim.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-nu7va.tmp в %ProgramFiles%\malwarebytes\anti-malware\browsersdkdll.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-stfuq.tmp в %ProgramFiles%\malwarebytes\anti-malware\browsersdkdllshim.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-pt4de.tmp в %ProgramFiles%\malwarebytes\anti-malware\aeshim.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-h5hcs.tmp в %ProgramFiles%\malwarebytes\anti-malware\mbae64.dll
- <DRIVERS>\is-60rpb.tmp в <DRIVERS>\mbae64.sys
- %ProgramFiles%\malwarebytes\anti-malware\is-tn73v.tmp в %ProgramFiles%\malwarebytes\anti-malware\mbae-api-na.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-8vsm9.tmp в %ProgramFiles%\malwarebytes\anti-malware\arwsdkshim.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-nd145.tmp в %ProgramFiles%\malwarebytes\anti-malware\arwlib.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-shq4n.tmp в %ProgramFiles%\malwarebytes\anti-malware\mbamshim.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-psdfp.tmp в %ProgramFiles%\malwarebytes\anti-malware\mbamcore.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-0v5gb.tmp в %ProgramFiles%\malwarebytes\anti-malware\mwacsdkshim.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-v2q1e.tmp в %ProgramFiles%\malwarebytes\anti-malware\mwaclib.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-9omu5.tmp в %ProgramFiles%\malwarebytes\anti-malware\swissarmyshim.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-l7ui0.tmp в %ProgramFiles%\malwarebytes\anti-malware\swissarmy.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-8jreg.tmp в %ProgramFiles%\malwarebytes\anti-malware\rtp.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-edcij.tmp в %ProgramFiles%\malwarebytes\anti-malware\mwaccontrollerimpl.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-7b35t.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-string-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-66re8.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-rtlsupport-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-jdbl5.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-profile-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\is-k2vsv.tmp в %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\plugins.qmltypes
- %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\is-7cvef.tmp в %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\qmldir
- %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\is-ecp5b.tmp в %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\qmlsettingsplugin.dll
- %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\is-0odjt.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\modelsplugin.dll
- %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\is-tlva0.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\plugins.qmltypes
- %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\is-0foqm.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\qmldir
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\is-gp5pd.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\plugins.qmltypes
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\is-q5hb5.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\qmldir
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\is-7m8t8.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\qtquickcontrolsplugin.dll
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\styles\flat\is-f9rlt.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\styles\flat\qmldir
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\styles\flat\is-8hi8h.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\styles\flat\qtquickextrasflatplugin.dll
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-ak6pq.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\defaultcolordialog.qml
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-4a7le.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\defaultdialogwrapper.qml
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-4hmpt.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\defaultfiledialog.qml
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-do0jf.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\defaultfontdialog.qml
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-p7g3j.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\defaultmessagedialog.qml
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-osu5b.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\dialogplugin.dll
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-s9f4d.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\plugins.qmltypes
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-bd1f0.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qmldir
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-eeog8.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\widgetcolordialog.qml
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-uqsjm.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\widgetfiledialog.qml
- %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\is-do8rh.tmp в %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\plugins.qmltypes
- %ProgramFiles%\malwarebytes\anti-malware\scenegraph\is-dncgj.tmp в %ProgramFiles%\malwarebytes\anti-malware\scenegraph\qsgd3d12backend.dll
- %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\is-4t4ka.tmp в %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dll
- <DRIVERS>\set7ced.tmp в <DRIVERS>\farflt.sys
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-oedn6.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\widgetfontdialog.qml
- %ProgramFiles%\malwarebytes\anti-malware\platforms\is-5rsff.tmp в %ProgramFiles%\malwarebytes\anti-malware\platforms\qwindows.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-g7m0b.tmp в %ProgramFiles%\malwarebytes\anti-malware\suhlpr.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-fttie.tmp в %ProgramFiles%\malwarebytes\anti-malware\mbam.exe
- %ProgramFiles%\malwarebytes\anti-malware\is-mjto6.tmp в %ProgramFiles%\malwarebytes\anti-malware\mbamtray.exe
- %ProgramFiles%\malwarebytes\anti-malware\is-qnad3.tmp в %ProgramFiles%\malwarebytes\anti-malware\assistant.exe
- %ProgramFiles%\malwarebytes\anti-malware\is-4jcev.tmp в %ProgramFiles%\malwarebytes\anti-malware\malwarebytes_assistant.exe
- %ProgramFiles%\malwarebytes\anti-malware\is-gocmi.tmp в %ProgramFiles%\malwarebytes\anti-malware\mbamwow.exe
- %ProgramFiles%\malwarebytes\anti-malware\is-bj3jm.tmp в %ProgramFiles%\malwarebytes\anti-malware\mbshlext_proto
- %ProgramFiles%\malwarebytes\anti-malware\is-90apk.tmp в %ProgramFiles%\malwarebytes\anti-malware\mbcut.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-t4tsh.tmp в %ProgramFiles%\malwarebytes\anti-malware\qt5core.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-flh5d.tmp в %ProgramFiles%\malwarebytes\anti-malware\qt5gui.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-l339v.tmp в %ProgramFiles%\malwarebytes\anti-malware\changes.txt
- %ProgramFiles%\malwarebytes\anti-malware\is-3asl1.tmp в %ProgramFiles%\malwarebytes\anti-malware\qt5network.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-k0nrq.tmp в %ProgramFiles%\malwarebytes\anti-malware\qt5quick.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-rm6sq.tmp в %ProgramFiles%\malwarebytes\anti-malware\qt5svg.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-ulcgu.tmp в %ProgramFiles%\malwarebytes\anti-malware\qt5widgets.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-qbl1q.tmp в %ProgramFiles%\malwarebytes\anti-malware\qt5winextras.dll
- %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\is-1j5ji.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\plugins.qmltypes
- %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\is-cmtue.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\qmldir
- %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\is-2qrg5.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\qml_winextras.dll
- %ProgramFiles%\malwarebytes\anti-malware\iconengines\is-t7ah0.tmp в %ProgramFiles%\malwarebytes\anti-malware\iconengines\qsvgicon.dll
- %ProgramFiles%\malwarebytes\anti-malware\imageformats\is-3i5uf.tmp в %ProgramFiles%\malwarebytes\anti-malware\imageformats\qico.dll
- %ProgramFiles%\malwarebytes\anti-malware\imageformats\is-so8g3.tmp в %ProgramFiles%\malwarebytes\anti-malware\imageformats\qsvg.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-rclj9.tmp в %ProgramFiles%\malwarebytes\anti-malware\qt5qml.dll
- %ProgramFiles%\malwarebytes\anti-malware\styles\is-cs1bc.tmp в %ProgramFiles%\malwarebytes\anti-malware\styles\qwindowsvistastyle.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-ko6me.tmp в %ProgramFiles%\malwarebytes\anti-malware\selfprotectionshim.dll
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-hsq3s.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\widgetmessagedialog.qml
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-09dnv.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\copy.png
- %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\is-tq3gu.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\qmldir
- %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\is-o4msj.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\qtquick2plugin.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-magv4.tmp в %ProgramFiles%\malwarebytes\anti-malware\msvcp140.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-nbpl1.tmp в %ProgramFiles%\malwarebytes\anti-malware\vcruntime140.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-iocgr.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-console-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-4co35.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-console-l1-2-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-gcs2u.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-datetime-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-1tan5.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-debug-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-8s16h.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-errorhandling-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-k5s6h.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-file-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-9406t.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-file-l1-2-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-13da0.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-file-l2-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-jljvn.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-handle-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-58nbh.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-heap-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-q7q2p.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-interlocked-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-6594a.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-libraryloader-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-jo3e6.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-localization-l1-2-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-6tqaq.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-memory-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-5jli9.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-namedpipe-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-tvhgp.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-processenvironment-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-jl87l.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-processthreads-l1-1-0.dll
- %ProgramFiles%\malwarebytes\anti-malware\is-oboh6.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-processthreads-l1-1-1.dll
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-m7ibi.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\checkers.png
- %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\is-tn80r.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\plugins.qmltypes
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-brmr8.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\checkmark.png
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\is-iqj7m.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\windowplugin.dll
- %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\is-pgivk.tmp в %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\qmldir
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-2haeq.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\critical.png
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-vol59.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\crosshairs.png
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-f8qap.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\information.png
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-8gagh.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\question.png
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-5pj0j.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\slider_handle.png
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-ilrh3.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\sunken_frame.png
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-ph44v.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\warning.png
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-f8dej.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\window_border.png
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\is-5lqtu.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\dialogsprivateplugin.dll
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\is-ot16r.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\plugins.qmltypes
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\is-bpn0l.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\qmldir
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-vps3u.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\colorslider.qml
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-dolvj.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\defaultwindowdecoration.qml
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-4s127.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\iconbuttonstyle.qml
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-krh8h.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\iconglyph.qml
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-p4669.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\icons.ttf
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-qdaib.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\qmldir
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\is-3fj2v.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\plugins.qmltypes
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\is-8u2rb.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\qmldir
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\is-r3jfd.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\qquicklayoutsplugin.dll
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\is-8inmu.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\plugins.qmltypes
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\is-hbacs.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\qmldir
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\is-9v3bs.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\widgetsplugin.dll
- %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\is-vrr23.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\qmldir
- <DRIVERS>\set8103.tmp в <DRIVERS>\mwac.sys
Подменяет следующие файлы
- %TEMP%\is-mpdvc.tmp\mb-header100.bmp
- %ProgramFiles%\malwarebytes\anti-malware\languages\lang_es.qm
Изменяет файл HOSTS.
Сетевая активность
Подключается к
- 'te######y.malwarebytes.com':443
- 'localhost':443
UDP
- DNS ASK te######y.malwarebytes.com
Другое
Добавляет корневой сертификат
Ищет следующие окна
- ClassName: 'EDIT' WindowName: ''
Создает и запускает на исполнение
- 'C:\gecici_proje_klasoru\si̇l.exe'
- 'C:\gecici_proje_klasoru\m.exe'
- 'C:\gecici_proje_klasoru\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11402.exe' /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
- '%TEMP%\is-usgp0.tmp\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11402.tmp' /SL5="$D0214,63820596,239616,C:\gecici_proje_klasoru\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11402.exe" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
- '%ProgramFiles%\malwarebytes\anti-malware\mbamservice.exe' /service
- '%ProgramFiles%\malwarebytes\anti-malware\mbamservice.exe'
- '%ProgramFiles%\malwarebytes\anti-malware\mbamtray.exe'
- 'C:\gecici_proje_klasoru\mçik.exe'
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\69BA.tmp\SГќL.bat C:\gecici_proje_klasoru\SIL.exe"' (со скрытым окном)
- '<SYSTEM32>\certutil.exe' -f -addStore root "%TEMP%\is-MPDVC.tmp\BaltimoreCyberTrustRoot.crt"' (со скрытым окном)
- '<SYSTEM32>\certutil.exe' -f -addStore root "%TEMP%\is-MPDVC.tmp\DigiCertEVRoot.crt"' (со скрытым окном)
- '%ProgramFiles%\malwarebytes\anti-malware\mbamservice.exe' /service' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\DBBE.tmp\MГ‡IK.bat C:\gecici_proje_klasoru\MГ‡IK.exe"' (со скрытым окном)
Запускает на исполнение
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\69BA.tmp\SГќL.bat C:\gecici_proje_klasoru\SIL.exe"
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 4
- '<SYSTEM32>\netsh.exe' advfirewall reset
- '<SYSTEM32>\attrib.exe' -r <DRIVERS>\etc\hosts
- '<SYSTEM32>\find.exe' /C /I "keystone.mwbsys.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\certutil.exe' -f -addStore root "%TEMP%\is-MPDVC.tmp\BaltimoreCyberTrustRoot.crt"
- '<SYSTEM32>\certutil.exe' -f -addStore root "%TEMP%\is-MPDVC.tmp\DigiCertEVRoot.crt"
- '%WINDIR%\syswow64\rundll32.exe' "%WINDIR%\syswow64\WININET.dll",DispatchAPICall 1
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\DBBE.tmp\MÇIK.bat C:\gecici_proje_klasoru\MÇIK.exe"
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 30
