ПОЛЬЗОВАТЕЛЯМ

Закрыть

Поиск

Поиск

Поддержка
Круглосуточная поддержка

Напишите

Запрос через форму

Позвоните

Бесплатно по России:
8-800-333-79-32

ЧаВо | Форум

Напишите

Задать вопрос в поддержку

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -

Позвоните

Бесплатно по России:
8-800-333-79-32

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

RU
RU CN DE EN ES FR IT JP KZ UZ PL BY
Закрыть

Переключение языка сайта

Сервисы
Сканеры
FixIt!
Dr.Web vxCube
Экспертиза ВКИ
Вирусная библиотека
База знаний

Технологии

Термины

Обучение и просвещение

Мифы

Новости

Trojan.Hosts.46996

Добавлен в вирусную базу Dr.Web: 2019-11-30

Описание добавлено:

Техническая информация

Для обеспечения автозапуска и распространения
Модифицирует следующие ключи реестра
  • [<HKLM>\Software\Classes\malwarebytes\shell\open\command] '' = '"%ProgramFiles%\Malwarebytes\Anti-Malware\assistant.exe" -uri "%1"'
Устанавливает следующие настройки сервисов
  • [<HKLM>\System\CurrentControlSet\Services\MBAMService] 'ImagePath' = '"%ProgramFiles%\Malwarebytes\Anti-Malware\mbamservice.exe"'
  • [<HKLM>\System\CurrentControlSet\Services\MBAMSwissArmy] 'ImagePath' = 'system32\DRIVERS\mbamswissarmy.sys'
  • [<HKLM>\System\CurrentControlSet\Services\MBAMSwissArmy] 'ImagePath' = '<DRIVERS>\mbamswissarmy.sys'
  • [<HKLM>\System\CurrentControlSet\Services\MBAMService] 'Start' = '00000002'
  • [<HKLM>\System\CurrentControlSet\Services\MBAMWebProtection] 'ImagePath' = 'system32\DRIVERS\mwac.sys'
  • [<HKLM>\System\CurrentControlSet\Services\ESProtectionDriver] 'Start' = '00000001'
  • [<HKLM>\System\CurrentControlSet\Services\ESProtectionDriver] 'ImagePath' = '<DRIVERS>\mbae64.sys'
  • [<HKLM>\System\CurrentControlSet\Services\MBAMChameleon] 'Start' = '00000002'
  • [<HKLM>\System\CurrentControlSet\Services\MBAMChameleon] 'ImagePath' = 'system32\DRIVERS\MbamChameleon.sys'
  • [<HKLM>\System\CurrentControlSet\Services\MBAMFarflt] 'ImagePath' = 'system32\DRIVERS\farflt.sys'
  • [<HKLM>\System\CurrentControlSet\Services\MBAMChameleon] 'ImagePath' = '<DRIVERS>\MbamChameleon.sys'
  • [<HKLM>\System\CurrentControlSet\Services\MBAMProtection] 'ImagePath' = '<DRIVERS>\mbam.sys'
Создает следующие сервисы
  • 'MBAMService' "%ProgramFiles%\Malwarebytes\Anti-Malware\mbamservice.exe"
  • 'MBAMService' %ProgramFiles%\Malwarebytes\Anti-Malware\mbamservice.exe
  • 'MBAMSwissArmy' system32\DRIVERS\mbamswissarmy.sys
  • 'MBAMSwissArmy' <DRIVERS>\mbamswissarmy.sys
  • 'MBAMWebProtection' system32\DRIVERS\mwac.sys
  • 'ESProtectionDriver' <DRIVERS>\mbae64.sys
  • 'MBAMChameleon' system32\DRIVERS\MbamChameleon.sys
  • 'MBAMFarflt' system32\DRIVERS\farflt.sys
  • 'MBAMChameleon' <DRIVERS>\MbamChameleon.sys
  • 'MBAMProtection' <DRIVERS>\mbam.sys
Вредоносные функции
Запускает на исполнение
  • '<SYSTEM32>\taskkill.exe' /IM MBAMIService.exe /f
  • '<SYSTEM32>\taskkill.exe' /IM MBSetup.exe /f
  • '<SYSTEM32>\taskkill.exe' /IM MBAMInstallerService.exe /f
  • '<SYSTEM32>\netsh.exe' firewall set opmode enable
  • '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="Malwarebytes" dir=out action=block program="%ProgramFiles%\Malwarebytes\Anti-Malware\MBAMService.exe"
Внедряет код в
следующие пользовательские процессы:
  • iexplore.exe
Перехватывает функции
в браузерах
  • Процесс iexplore.exe, модуль urlmon.dll
  • Процесс iexplore.exe, модуль wininet.dll
  • Процесс firefox.exe, модуль urlmon.dll
  • Процесс firefox.exe, модуль wininet.dll
Регистрирует фильтр файловой системы
  • [<HKLM>\System\CurrentControlSet\Services\MBAMChameleon] 'Group' = 'FSFilter Activity Monitor'
  • [<HKLM>\System\CurrentControlSet\Services\MBAMFarflt] 'Group' = 'FSFilter Activity Monitor'
  • [<HKLM>\System\CurrentControlSet\Services\MBAMProtection] 'Group' = 'FSFilter Activity Monitor'
Изменения в файловой системе
Создает следующие файлы
  • %TEMP%\autf0d3.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\telemctrlconfig.json
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\cloudconfig.json.bak
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\cloudconfig.json
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\irisdata.json
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\updatecontrollerconfig.json.bak
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\updatecontrollerconfig.json
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\licenseconfig.json.bak
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\logs\mbamservice.log
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\licenseconfig.json
  • %ProgramFiles%\malwarebytes\anti-malware\mbshlext.dll
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\policiesconfig.json.bak
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\policiesconfig.json
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\mbdigsig2.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\dbmanifest2.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\dynconfig.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\exclusions.txt
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\clean.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\wprot2.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tids.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\scan.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\rules.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\prot.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\rdefs.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\telemctrlconfig.json.bak
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\telemetry.json
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-06072021155331421-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-06072021155331358-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-06072021155331312-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021155329642-usrclass.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021155329642-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-06072021155329502-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-06072021155329455-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\mwaccontrollerconfig.json.bak
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\mwaccontrollerconfig.json
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-06072021155329252-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\rtpconfig.json
  • %ProgramFiles%\malwarebytes\anti-malware\is-b40b8.tmp
  • %WINDIR%\temp\uddb9dc.tmp
  • <DRIVERS>\setb395.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\sdk\mbamswissarmy.tmf
  • %ProgramFiles%\malwarebytes\anti-malware\sdk\mbamswissarmy.cat
  • %ProgramFiles%\malwarebytes\anti-malware\sdk\mbamswissarmy.inf
  • %ProgramFiles%\malwarebytes\anti-malware\sdk\mbamswissarmy.sys
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\scanconfig.json.bak
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\scanconfig.json
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\cleancontrollerconfig.json.bak
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\cleancontrollerconfig.json
  • %ProgramFiles%\malwarebytes\anti-malware\securityproductinformation.ini
  • %ProgramFiles%\malwarebytes\anti-malware\serviceconfig.json.bak
  • %ProgramFiles%\malwarebytes\anti-malware\serviceconfig.json
  • %ProgramFiles%\malwarebytes\anti-malware\is-1o7a2.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-j1n9m.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-td9qr.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-3dvku.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-7pk3q.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-fnd11.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-sgqva.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-rlej7.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-8at82.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-fe742.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-2bs2u.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-nh51b.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-p3vp3.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-4pt03.tmp
  • <DRIVERS>\is-s7t1u.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-7eaui.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-nhet4.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-r7tm9.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-ciosi.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-jtgu2.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-s51t9.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-9vs4p.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-uour7.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-i2tsj.tmp
  • %TEMP%\mb_errors1668.log
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-tt7er.tmp
  • %TEMP%\is-5nbtm.tmp\digicertevroot.crt
  • %TEMP%\is-5nbtm.tmp\baltimorecybertrustroot.crt
  • %ProgramFiles%\malwarebytes\anti-malware\unins000.dat
  • %ProgramFiles%\malwarebytes\anti-malware\unins000.msg
  • C:\users\public\desktop\malwarebytes.lnk
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\malwarebytes\uninstall malwarebytes.lnk
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\malwarebytes\malwarebytes.lnk
  • %ProgramFiles%\malwarebytes\anti-malware\is-802cn.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-7q6ir.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\rtpconfig.json.bak
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021155331468-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-o32ka.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-9ksnc.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-2qd51.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-o5q1d.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-spmhb.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-csk9p.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-icfch.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-tah14.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-24ld3.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-pr3ib.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-aott4.tmp
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\mwac.cat
  • %ProgramFiles%\malwarebytes\anti-malware\sdk\mbam.tmf
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-06072021155329455-ntuser.dat.log1
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\e68bb3ce7519c66adba495fce5bf3ac263baa7f2.qmlc.igekih
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\c198f0c2881f097600d1b3012b73018bbc3f3bba.qmlc.ohhxvz
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\8b85013b4a727e198afd3098f8c51997e1186e94.qmlc.fffozf
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\0c1c4c6d0e59d32b1769fda3306a5fc35b5c46ae.qmlc.umsguw
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\a235b6cb39d237e9031d2af38d4ef4e42d233f7d.jsc.rsxqkq
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\54b70be8bcab69154c413c91e0b268fdb74c577b.jsc.yuejyx
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\88633ebc09e01de9f49d6b3ab673e053cb2bb854.jsc.kvxbyc
  • %TEMP%\mbsetup.log
  • %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\index.dat
  • %APPDATA%\microsoft\windows\cookies\low\index.dat
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\ucm3oxc1\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\fi13pldq\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\kgumxoox\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\13dp6lbr\desktop.ini
  • %TEMP%\nss2839.tmp\nact.dll
  • %TEMP%\mbsetup\mbsetup.exe
  • %LOCALAPPDATA%\mbsetup\uninst.exe
  • %TEMP%\nss2839.tmp\uac.dll
  • %WINDIR%\temp\udd1f35.tmp
  • %WINDIR%\temp\udd23d9.tmp
  • %WINDIR%\temp\uddeff.tmp
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\index.dat
  • %WINDIR%\temp\udd22ee.tmp
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\77b4b8bbba0e157816ea298b22236c3a65392e1b.qmlc.vnxgtd
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\655cfd833a30de37f12c3a61e1e14e5e1cc58ced.qmlc.uuplca
  • %ProgramFiles%\malwarebytes\anti-malware\sdk\mbam.cat
  • %ProgramFiles%\malwarebytes\anti-malware\sdk\mbam.inf
  • %ProgramFiles%\malwarebytes\anti-malware\sdk\mbam.sys
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\3011392f12f3c5a120af563415ba0ad5059cda87.qmlc.riosyj
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\0283258965cb55bb28e15f6a9ad347a80f1f3fec.qmlc.tfuosg
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\566bf63794cc7e9fb60d7c5da0d7ad819e902813.qmlc.vqwuhj
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\2649059b782b5a4de0845560c783e7e6e0e95a85.qmlc.wrijea
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\909a5cce104452b2a317aaea2b62afa2187d8de6.qmlc.yazkja
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\66313613a1f5034f646ff0a506e93bb7165bbddf.qmlc.debmaz
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\0e362568b8a42d04c42aefdbefa5436373d4e508.qmlc.mktiyy
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\4945467a9e60b8b7d90cc4ec41d9fb443d86c974.qmlc.odydia
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021155331468-usrclass.dat
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\22d792fdf7bd24284136d03912c65cd3704770ba.qmlc.hkjiig
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\7c4df26bc2fba74da45d9149bb1bfb9d188a340c.qmlc.xufwof
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\e9e4e9d85119eb6e673c6a92ab07688f2d72dd97.qmlc.yeowiu
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\da21f476df2fd37078fdac3f17e23cfae1657bff.qmlc.fwpiub
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\022e99faa6c614f64ff074c87508dcdd90881360.qmlc.rkrstr
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\6d34553728176a9793c40b22095281a3a9e4cfef.qmlc.xjnriz
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\442bc378a66318259c32c9581aac4bd6b2be1581.qmlc.nkxraf
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\4a794e884f0df25f79e3eeede046b16286851525.qmlc.nwxutq
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\a534d6757c6f2b18aea42382c0c82fb73971f8db.qmlc.kujzrm
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\8950bdf367c79c841d6147e1d01b0509a747d5ca.qmlc.wxqqia
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\installdataconfig.json.bak
  • %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\history\low\desktop.ini
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021155343760-usrclass.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021155343760-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-06072021155343714-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-06072021155343667-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-06072021155342715-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-06072021155342715-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\spconfigfile.json.bak
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\spconfigfile.json
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\aeconfig.json.bak
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\aeconfig.json
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\arwcontrollerconfig.json.bak
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\arwcontrollerconfig.json
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021155331468-usrclass.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021155331468-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-06072021155331421-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-06072021155331358-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-06072021155331312-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021155329642-usrclass.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021155329642-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-06072021155329502-ntuser.dat.log1
  • %ProgramFiles%\malwarebytes\anti-malware\sdk\mwac.inf
  • %ProgramFiles%\malwarebytes\anti-malware\sdk\mwac.cat
  • %ProgramFiles%\malwarebytes\anti-malware\sdk\mwac.sys
  • %ProgramFiles%\malwarebytes\anti-malware\sdk\mwac.tmf
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\desktop.ini
  • <DRIVERS>\setfa75.tmp
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\desktop.ini
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\installdataconfig.json
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\arw\mbarwind.arw
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021155343760-usrclass.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\arw\arwfi.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\arw\arwfi.dat-journal
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021155343760-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\logs\mbae-protector.xpe
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-06072021155343714-ntuser.dat.log1
  • %ProgramFiles%\malwarebytes\anti-malware\is-g65ue.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-06072021155329252-ntuser.dat.log1
  • <DRIVERS>\set10c.tmp
  • <DRIVERS>\setff95.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\sdk\farflt.cat
  • %ProgramFiles%\malwarebytes\anti-malware\sdk\farflt.inf
  • %ProgramFiles%\malwarebytes\anti-malware\sdk\farflt.sys
  • %ProgramFiles%\malwarebytes\anti-malware\sdk\mbamchameleon.tmf
  • %ProgramFiles%\malwarebytes\anti-malware\sdk\mbamchameleon.cat
  • %ProgramFiles%\malwarebytes\anti-malware\sdk\mbamchameleon.inf
  • %ProgramFiles%\malwarebytes\anti-malware\sdk\mbamchameleon.sys
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\logs\mbae-default.log
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-06072021155343667-ntuser.dat.log1
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\4462ce15e1afc2a1bb48d43e42b34a14f3255556.qmlc.dyiusf
  • %ProgramFiles%\malwarebytes\anti-malware\is-mfpru.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-uv6ch.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-q2h8b.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\styles\flat\is-ntk6c.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\styles\flat\is-ubi3r.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\is-elutp.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\is-ku2h7.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\is-v19hi.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\is-rah09.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\is-ph94s.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\is-bfko1.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\is-u5vp4.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\is-9riop.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\is-afa7v.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\is-klde2.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\is-2pmda.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\is-vc2gk.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\styles\is-rom1b.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\scenegraph\is-dkroh.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\platforms\is-3b22d.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\imageformats\is-polv1.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\imageformats\is-852f7.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\iconengines\is-5c2gn.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\is-qj7f9.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\is-16egl.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-cd7sf.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-1frk7.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\is-clbq6.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\is-o3g1i.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-6ra8s.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-mevpj.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-j6spj.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-6jink.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-9rq13.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-j05vr.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-kf7je.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-hh4sj.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-oj8oj.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-ifcm0.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-ska0v.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-jgh8n.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-ddl2g.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-8t964.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-fsffg.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-m5bo7.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-2r9m7.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-u9uel.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-l1r06.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-jpjbb.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\is-j2pjs.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-9023r.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-4c0k9.tmp
  • %TEMP%\is-5nbtm.tmp\_isetup\_setup64.tmp
  • %TEMP%\setup log 2021-06-07 #001.txt
  • %TEMP%\is-fskl4.tmp\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11402.tmp
  • %ALLUSERSPROFILE%\mb2migration\exclusions.dat
  • %ALLUSERSPROFILE%\mb2migration\configuration\license.conf
  • nul
  • %TEMP%\ea0.tmp\g.bat
  • C:\gecici_proje_klasoru\r.reg
  • %TEMP%\autc55.tmp
  • C:\gecici_proje_klasoru\mbsetup_sib.exe
  • %TEMP%\autb4b.tmp
  • C:\gecici_proje_klasoru\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11402.exe
  • %TEMP%\autf1b2.tmp
  • C:\gecici_proje_klasoru\m.exe
  • %TEMP%\autf163.tmp
  • C:\gecici_proje_klasoru\g.exe
  • %TEMP%\autf133.tmp
  • C:\gecici_proje_klasoru\klp.png
  • %TEMP%\autf103.tmp
  • C:\gecici_proje_klasoru\grey.gif
  • %TEMP%\is-5nbtm.tmp\suhlpr.dll
  • %TEMP%\is-5nbtm.tmp\innocallback.dll
  • %TEMP%\is-5nbtm.tmp\_isetup\_shfoldr.dll
  • %TEMP%\mb_setup2804.log
  • %ProgramFiles%\malwarebytes\anti-malware\is-7dg0k.tmp
  • %TEMP%\is-5nbtm.tmp\languages.txt
  • %ProgramFiles%\malwarebytes\anti-malware\is-hvblh.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-3o2j5.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-1eodh.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-5p169.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-r10uf.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-cltjv.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-2cj0n.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-hbv7g.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-61bst.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-hgp5s.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\is-r0p7k.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-iqqvi.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-jor34.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-gbu2s.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-m72pm.tmp
  • %TEMP%\is-5nbtm.tmp\mb-header-options100.bmp
  • %TEMP%\is-5nbtm.tmp\mb-work-image100.bmp
  • %TEMP%\is-5nbtm.tmp\mb-personal-image100.bmp
  • %TEMP%\is-5nbtm.tmp\mb-header100.bmp
  • %TEMP%\is-5nbtm.tmp\malwarebytes_privacypolicy.htm
  • %TEMP%\is-5nbtm.tmp\malwarebytes_enduserlicenseagreement.htm
  • %ProgramFiles%\malwarebytes\anti-malware\is-4r8fe.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-9leo5.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-bfa76.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-1eqg0.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-s1200.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-0dpl8.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-s5eqo.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-f3ps4.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-d0ise.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-k8gji.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-1p5de.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-360mr.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-gb96c.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-srk4h.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-ba0q7.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-dh00d.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-s4fg3.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-d0b5f.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-k5qdd.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-v2r81.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-soufq.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-r7c7k.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-then8.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-p0mh0.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-dsevq.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-m4vbv.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-b57g7.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-1vekv.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-1l4q0.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-4dqb8.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-ugdqa.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-gbgpp.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-d66l4.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-2gdlr.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-2abek.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-2ocgr.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-udcn4.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-cmvke.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-474a5.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-24jgf.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-1eh60.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-k101a.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-9tji4.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-aof14.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-ggsoc.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-ir0qm.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-j37vq.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-58e6s.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-l2eq4.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-s682r.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-0qe0e.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-ffgii.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-n8bua.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-hbgoh.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-a7sra.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-8rfvp.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-3bu1n.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-a52iv.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-aale8.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\is-8bkpo.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\is-m42qn.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\is-vmopb.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\is-sm384.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\is-n2o54.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\is-uva0p.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\is-6f5op.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\is-cb4a7.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\is-t5o25.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\is-pcb76.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\is-sjvre.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\is-0o89o.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-1rfl2.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-v9gl6.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-gd7fl.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-a2smi.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-n76qu.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-rc4va.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-ii323.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-7gl3q.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-ac7s7.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-71snu.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-2b4dj.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-rv9dp.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-gr1r2.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-rat0c.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-4otjs.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-isah8.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-082hv.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-55rv5.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-aenn3.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-utp64.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-2p1co.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-v36rg.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-1d1ig.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-61sbo.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-blnjl.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-ea7gm.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-qr7bb.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-57f9b.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-refiv.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-uvudv.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-4d4re.tmp
  • <DRIVERS>\mbam.sys
Присваивает атрибут 'скрытый' для следующих файлов
  • <SYSTEM32>\catroot\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\mwac.cat
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\13dp6lbr\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\kgumxoox\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\fi13pldq\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\ucm3oxc1\desktop.ini
  • %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\desktop.ini
Удаляет следующие файлы
  • %TEMP%\autf0d3.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-06072021155343667-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-06072021155343667-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-06072021155342715-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-06072021155342715-ntuser.dat
  • %ALLUSERSPROFILE%\mb2migration\exclusions.dat
  • %ALLUSERSPROFILE%\mb2migration\configuration\license.conf
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-06072021155343714-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021155331468-usrclass.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021155331468-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021155331468-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-06072021155331421-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-06072021155331421-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-06072021155331358-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-06072021155331358-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021155331468-usrclass.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-06072021155343714-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021155343760-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021155343760-ntuser.dat.log1
  • %WINDIR%\temp\udd23d9.tmp
  • %TEMP%\is-fskl4.tmp\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11402.tmp
  • %WINDIR%\temp\udd22ee.tmp
  • %TEMP%\is-5nbtm.tmp\_isetup\_shfoldr.dll
  • %TEMP%\is-5nbtm.tmp\_isetup\_setup64.tmp
  • %TEMP%\is-5nbtm.tmp\suhlpr.dll
  • %TEMP%\is-5nbtm.tmp\malwarebytes_privacypolicy.htm
  • %TEMP%\is-5nbtm.tmp\malwarebytes_enduserlicenseagreement.htm
  • %TEMP%\is-5nbtm.tmp\languages.txt
  • %TEMP%\is-5nbtm.tmp\innocallback.dll
  • %TEMP%\is-5nbtm.tmp\digicertevroot.crt
  • %TEMP%\is-5nbtm.tmp\baltimorecybertrustroot.crt
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021155343760-usrclass.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021155343760-usrclass.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\arw\arwfi.dat-journal
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-06072021155331312-ntuser.dat.log1
  • %WINDIR%\temp\uddeff.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-06072021155331312-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021155329642-usrclass.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\dynconfig.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\dbmanifest2.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\clean.mbdb
  • %ProgramFiles%\malwarebytes\anti-malware\languages\lang_es.qm
  • %TEMP%\is-5nbtm.tmp\mb-header-options100.bmp
  • %TEMP%\is-5nbtm.tmp\mb-work-image100.bmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\exclusions.txt
  • %TEMP%\is-5nbtm.tmp\mb-personal-image100.bmp
  • %TEMP%\autc55.tmp
  • %TEMP%\autb4b.tmp
  • %TEMP%\autf1b2.tmp
  • %TEMP%\autf163.tmp
  • %TEMP%\autf133.tmp
  • %TEMP%\autf103.tmp
  • %TEMP%\is-5nbtm.tmp\mb-header100.bmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\mbdigsig2.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\prot.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\rdefs.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021155329642-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021155329642-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-06072021155329502-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-06072021155329502-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-06072021155329455-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-06072021155329455-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-06072021155329252-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-06072021155329252-ntuser.dat
  • %WINDIR%\temp\uddb9dc.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\version.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\pkgvers.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\wprot2.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\tids.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\scan.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\rules.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021155329642-usrclass.dat.log1
  • %WINDIR%\temp\udd1f35.tmp
Перемещает следующие файлы
  • %ProgramFiles%\malwarebytes\anti-malware\is-m72pm.tmp в %ProgramFiles%\malwarebytes\anti-malware\unins000.exe
  • %ProgramFiles%\malwarebytes\anti-malware\is-uv6ch.tmp в %ProgramFiles%\malwarebytes\anti-malware\mbamwsc.exe
  • %ProgramFiles%\malwarebytes\anti-malware\is-474a5.tmp в %ProgramFiles%\malwarebytes\anti-malware\mbamservice.exe
  • %ProgramFiles%\malwarebytes\anti-malware\is-cmvke.tmp в %ProgramFiles%\malwarebytes\anti-malware\arwcontrollerimpl.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-udcn4.tmp в %ProgramFiles%\malwarebytes\anti-malware\cleancontrollerimpl.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-2ocgr.tmp в %ProgramFiles%\malwarebytes\anti-malware\cloudcontrollerimpl.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-2abek.tmp в %ProgramFiles%\malwarebytes\anti-malware\licensecontrollerimpl.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-2gdlr.tmp в %ProgramFiles%\malwarebytes\anti-malware\mwaccontrollerimpl.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-d66l4.tmp в %ProgramFiles%\malwarebytes\anti-malware\policiescontrollerimpl.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-gbgpp.tmp в %ProgramFiles%\malwarebytes\anti-malware\rtpcontrollerimpl.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-ugdqa.tmp в %ProgramFiles%\malwarebytes\anti-malware\scancontrollerimpl.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-4dqb8.tmp в %ProgramFiles%\malwarebytes\anti-malware\telemetrycontrollerimpl.dll
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-k101a.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_sk.qm
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-24jgf.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_bg.qm
  • %ProgramFiles%\malwarebytes\anti-malware\is-bfa76.tmp в %ProgramFiles%\malwarebytes\anti-malware\aecontrollerimpl.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-g65ue.tmp в %ProgramFiles%\malwarebytes\anti-malware\actions.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-jtgu2.tmp в %ProgramFiles%\malwarebytes\anti-malware\actionsshim.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-ciosi.tmp в %ProgramFiles%\malwarebytes\anti-malware\browsersdkdll.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-r7tm9.tmp в %ProgramFiles%\malwarebytes\anti-malware\browsersdkdllshim.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-nhet4.tmp в %ProgramFiles%\malwarebytes\anti-malware\aeshim.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-7eaui.tmp в %ProgramFiles%\malwarebytes\anti-malware\mbae64.dll
  • <DRIVERS>\is-s7t1u.tmp в <DRIVERS>\mbae64.sys
  • %ProgramFiles%\malwarebytes\anti-malware\is-4pt03.tmp в %ProgramFiles%\malwarebytes\anti-malware\mbae-api-na.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-p3vp3.tmp в %ProgramFiles%\malwarebytes\anti-malware\arwsdkshim.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-nh51b.tmp в %ProgramFiles%\malwarebytes\anti-malware\arwlib.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-2bs2u.tmp в %ProgramFiles%\malwarebytes\anti-malware\mbamshim.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-aenn3.tmp в %ProgramFiles%\malwarebytes\anti-malware\updatecontrollerimpl.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-mfpru.tmp в %ProgramFiles%\malwarebytes\anti-malware\spcontrollerimpl.dll
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-9tji4.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_sl.qm
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-aof14.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_hr.qm
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-ggsoc.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_ro.qm
  • %ProgramFiles%\malwarebytes\anti-malware\is-then8.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-runtime-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-r7c7k.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-stdio-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-soufq.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-string-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-v2r81.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-time-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-k5qdd.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-utility-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-d0b5f.tmp в %ProgramFiles%\malwarebytes\anti-malware\ucrtbase.dll
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-s4fg3.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_en_gb.qm
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-dh00d.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_en_us.qm
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-ba0q7.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_de.qm
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-srk4h.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_es.qm
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-gb96c.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_fr.qm
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-360mr.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_it.qm
  • %ProgramFiles%\malwarebytes\anti-malware\is-p0mh0.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-process-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-1p5de.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_nl.qm
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-d0ise.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_pt_br.qm
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-f3ps4.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_pt_pt.qm
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-s5eqo.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_ru.qm
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-s1200.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_sv.qm
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-1vekv.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_da.qm
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-1l4q0.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_no.qm
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-0qe0e.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_fi.qm
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-s682r.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_ja.qm
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-l2eq4.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_hu.qm
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-58e6s.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_cs.qm
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-j37vq.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_zh_tw.qm
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-ir0qm.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_ko.qm
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-k8gji.tmp в %ProgramFiles%\malwarebytes\anti-malware\languages\lang_pl.qm
  • %ProgramFiles%\malwarebytes\anti-malware\is-fe742.tmp в %ProgramFiles%\malwarebytes\anti-malware\mbamcore.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-rlej7.tmp в %ProgramFiles%\malwarebytes\anti-malware\mwaclib.dll
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\0283258965cb55bb28e15f6a9ad347a80f1f3fec.qmlc.tfuosg в %LOCALAPPDATA%\mbamtray\cache\qmlcache\0283258965cb55bb28e15f6a9ad347a80f1f3fec.qmlc
  • %ProgramFiles%\malwarebytes\anti-malware\is-sgqva.tmp в %ProgramFiles%\malwarebytes\anti-malware\swissarmyshim.dll
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\54b70be8bcab69154c413c91e0b268fdb74c577b.jsc.yuejyx в %LOCALAPPDATA%\mbamtray\cache\qmlcache\54b70be8bcab69154c413c91e0b268fdb74c577b.jsc
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\a235b6cb39d237e9031d2af38d4ef4e42d233f7d.jsc.rsxqkq в %LOCALAPPDATA%\mbamtray\cache\qmlcache\a235b6cb39d237e9031d2af38d4ef4e42d233f7d.jsc
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\0c1c4c6d0e59d32b1769fda3306a5fc35b5c46ae.qmlc.umsguw в %LOCALAPPDATA%\mbamtray\cache\qmlcache\0c1c4c6d0e59d32b1769fda3306a5fc35b5c46ae.qmlc
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\8b85013b4a727e198afd3098f8c51997e1186e94.qmlc.fffozf в %LOCALAPPDATA%\mbamtray\cache\qmlcache\8b85013b4a727e198afd3098f8c51997e1186e94.qmlc
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\c198f0c2881f097600d1b3012b73018bbc3f3bba.qmlc.ohhxvz в %LOCALAPPDATA%\mbamtray\cache\qmlcache\c198f0c2881f097600d1b3012b73018bbc3f3bba.qmlc
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\e68bb3ce7519c66adba495fce5bf3ac263baa7f2.qmlc.igekih в %LOCALAPPDATA%\mbamtray\cache\qmlcache\e68bb3ce7519c66adba495fce5bf3ac263baa7f2.qmlc
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\77b4b8bbba0e157816ea298b22236c3a65392e1b.qmlc.vnxgtd в %LOCALAPPDATA%\mbamtray\cache\qmlcache\77b4b8bbba0e157816ea298b22236c3a65392e1b.qmlc
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\655cfd833a30de37f12c3a61e1e14e5e1cc58ced.qmlc.uuplca в %LOCALAPPDATA%\mbamtray\cache\qmlcache\655cfd833a30de37f12c3a61e1e14e5e1cc58ced.qmlc
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\8950bdf367c79c841d6147e1d01b0509a747d5ca.qmlc.wxqqia в %LOCALAPPDATA%\mbamtray\cache\qmlcache\8950bdf367c79c841d6147e1d01b0509a747d5ca.qmlc
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\a534d6757c6f2b18aea42382c0c82fb73971f8db.qmlc.kujzrm в %LOCALAPPDATA%\mbamtray\cache\qmlcache\a534d6757c6f2b18aea42382c0c82fb73971f8db.qmlc
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\4a794e884f0df25f79e3eeede046b16286851525.qmlc.nwxutq в %LOCALAPPDATA%\mbamtray\cache\qmlcache\4a794e884f0df25f79e3eeede046b16286851525.qmlc
  • <DRIVERS>\set10c.tmp в <DRIVERS>\farflt.sys
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\88633ebc09e01de9f49d6b3ab673e053cb2bb854.jsc.kvxbyc в %LOCALAPPDATA%\mbamtray\cache\qmlcache\88633ebc09e01de9f49d6b3ab673e053cb2bb854.jsc
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\442bc378a66318259c32c9581aac4bd6b2be1581.qmlc.nkxraf в %LOCALAPPDATA%\mbamtray\cache\qmlcache\442bc378a66318259c32c9581aac4bd6b2be1581.qmlc
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\da21f476df2fd37078fdac3f17e23cfae1657bff.qmlc.fwpiub в %LOCALAPPDATA%\mbamtray\cache\qmlcache\da21f476df2fd37078fdac3f17e23cfae1657bff.qmlc
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\e9e4e9d85119eb6e673c6a92ab07688f2d72dd97.qmlc.yeowiu в %LOCALAPPDATA%\mbamtray\cache\qmlcache\e9e4e9d85119eb6e673c6a92ab07688f2d72dd97.qmlc
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\7c4df26bc2fba74da45d9149bb1bfb9d188a340c.qmlc.xufwof в %LOCALAPPDATA%\mbamtray\cache\qmlcache\7c4df26bc2fba74da45d9149bb1bfb9d188a340c.qmlc
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\22d792fdf7bd24284136d03912c65cd3704770ba.qmlc.hkjiig в %LOCALAPPDATA%\mbamtray\cache\qmlcache\22d792fdf7bd24284136d03912c65cd3704770ba.qmlc
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\4945467a9e60b8b7d90cc4ec41d9fb443d86c974.qmlc.odydia в %LOCALAPPDATA%\mbamtray\cache\qmlcache\4945467a9e60b8b7d90cc4ec41d9fb443d86c974.qmlc
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\4462ce15e1afc2a1bb48d43e42b34a14f3255556.qmlc.dyiusf в %LOCALAPPDATA%\mbamtray\cache\qmlcache\4462ce15e1afc2a1bb48d43e42b34a14f3255556.qmlc
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\0e362568b8a42d04c42aefdbefa5436373d4e508.qmlc.mktiyy в %LOCALAPPDATA%\mbamtray\cache\qmlcache\0e362568b8a42d04c42aefdbefa5436373d4e508.qmlc
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\66313613a1f5034f646ff0a506e93bb7165bbddf.qmlc.debmaz в %LOCALAPPDATA%\mbamtray\cache\qmlcache\66313613a1f5034f646ff0a506e93bb7165bbddf.qmlc
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\909a5cce104452b2a317aaea2b62afa2187d8de6.qmlc.yazkja в %LOCALAPPDATA%\mbamtray\cache\qmlcache\909a5cce104452b2a317aaea2b62afa2187d8de6.qmlc
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\2649059b782b5a4de0845560c783e7e6e0e95a85.qmlc.wrijea в %LOCALAPPDATA%\mbamtray\cache\qmlcache\2649059b782b5a4de0845560c783e7e6e0e95a85.qmlc
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\566bf63794cc7e9fb60d7c5da0d7ad819e902813.qmlc.vqwuhj в %LOCALAPPDATA%\mbamtray\cache\qmlcache\566bf63794cc7e9fb60d7c5da0d7ad819e902813.qmlc
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\6d34553728176a9793c40b22095281a3a9e4cfef.qmlc.xjnriz в %LOCALAPPDATA%\mbamtray\cache\qmlcache\6d34553728176a9793c40b22095281a3a9e4cfef.qmlc
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\022e99faa6c614f64ff074c87508dcdd90881360.qmlc.rkrstr в %LOCALAPPDATA%\mbamtray\cache\qmlcache\022e99faa6c614f64ff074c87508dcdd90881360.qmlc
  • <DRIVERS>\setff95.tmp в <DRIVERS>\mbamchameleon.sys
  • <DRIVERS>\setfa75.tmp в <DRIVERS>\mwac.sys
  • <DRIVERS>\setb395.tmp в <DRIVERS>\mbamswissarmy.sys
  • %ProgramFiles%\malwarebytes\anti-malware\is-7pk3q.tmp в %ProgramFiles%\malwarebytes\anti-malware\rtpshim.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-3dvku.tmp в %ProgramFiles%\malwarebytes\anti-malware\rtp.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-td9qr.tmp в %ProgramFiles%\malwarebytes\anti-malware\selfprotectionshim.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-j1n9m.tmp в %ProgramFiles%\malwarebytes\anti-malware\selfprotectionsdk.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-1o7a2.tmp в %ProgramFiles%\malwarebytes\anti-malware\mbampt.exe
  • %ProgramFiles%\malwarebytes\anti-malware\is-uour7.tmp в %ProgramFiles%\malwarebytes\anti-malware\mbae.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-s51t9.tmp в %ProgramFiles%\malwarebytes\anti-malware\mbamelam.sys
  • %ProgramFiles%\malwarebytes\anti-malware\is-9vs4p.tmp в %ProgramFiles%\malwarebytes\anti-malware\mbamelam.cat
  • %ProgramFiles%\malwarebytes\anti-malware\is-i2tsj.tmp в %ProgramFiles%\malwarebytes\anti-malware\mbamelam.inf
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-tt7er.tmp в %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\clean.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-pr3ib.tmp в %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\prot.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-24ld3.tmp в %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\rdefs.mbdb
  • %ProgramFiles%\malwarebytes\anti-malware\is-fnd11.tmp в %ProgramFiles%\malwarebytes\anti-malware\swissarmy.dll
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-tah14.tmp в %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\rules.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-csk9p.tmp в %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\tids.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-spmhb.tmp в %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\wprot2.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-o5q1d.tmp в %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\exclusions.txt
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-2qd51.tmp в %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\dynconfig.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-9ksnc.tmp в %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\dbmanifest2.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-o32ka.tmp в %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\mbdigsig2.dat
  • %ProgramFiles%\malwarebytes\anti-malware\is-b40b8.tmp в %ProgramFiles%\malwarebytes\anti-malware\pkgvers.dat
  • %ProgramFiles%\malwarebytes\anti-malware\is-aott4.tmp в %ProgramFiles%\malwarebytes\anti-malware\version.dat
  • %ProgramFiles%\malwarebytes\anti-malware\is-7q6ir.tmp в %ProgramFiles%\malwarebytes\anti-malware\7z.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-802cn.tmp в %ProgramFiles%\malwarebytes\anti-malware\zlib.dll
  • %ProgramFiles%\malwarebytes\anti-malware\pkgvers.dat в %ALLUSERSPROFILE%\malwarebytes\mbamservice\pkgvers.dat
  • %ProgramFiles%\malwarebytes\anti-malware\version.dat в %ALLUSERSPROFILE%\malwarebytes\mbamservice\version.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-icfch.tmp в %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\scan.mbdb
  • %ProgramFiles%\malwarebytes\anti-malware\is-dsevq.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-private-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-8at82.tmp в %ProgramFiles%\malwarebytes\anti-malware\mwacsdkshim.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-b57g7.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-multibyte-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-9rq13.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\question.png
  • %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\is-bfko1.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\modelsplugin.dll
  • %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\is-ph94s.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\plugins.qmltypes
  • %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\is-rah09.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\qmldir
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\is-v19hi.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\plugins.qmltypes
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\is-ku2h7.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\qmldir
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\is-elutp.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\qtquickcontrolsplugin.dll
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\styles\flat\is-ubi3r.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\styles\flat\qmldir
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\styles\flat\is-ntk6c.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\styles\flat\qtquickextrasflatplugin.dll
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-q2h8b.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\defaultcolordialog.qml
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-cd7sf.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\defaultdialogwrapper.qml
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-1frk7.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\defaultfiledialog.qml
  • %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\is-9riop.tmp в %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\qmldir
  • %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\is-u5vp4.tmp в %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\qmlsettingsplugin.dll
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-jpjbb.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\defaultfontdialog.qml
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-2r9m7.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\plugins.qmltypes
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-m5bo7.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qmldir
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-fsffg.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\widgetcolordialog.qml
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-8t964.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\widgetfiledialog.qml
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-ddl2g.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\widgetfontdialog.qml
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-jgh8n.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\widgetmessagedialog.qml
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-ska0v.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\checkers.png
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-oj8oj.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\checkmark.png
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-hgp5s.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\copy.png
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-hh4sj.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\critical.png
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-kf7je.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\crosshairs.png
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-l1r06.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\defaultmessagedialog.qml
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-u9uel.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\dialogplugin.dll
  • %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\is-afa7v.tmp в %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\plugins.qmltypes
  • %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\is-klde2.tmp в %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dll
  • %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\is-2pmda.tmp в %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\qmldir
  • %ProgramFiles%\malwarebytes\anti-malware\is-jor34.tmp в %ProgramFiles%\malwarebytes\anti-malware\suhlpr.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-iqqvi.tmp в %ProgramFiles%\malwarebytes\anti-malware\mbam.exe
  • %ProgramFiles%\malwarebytes\anti-malware\is-ifcm0.tmp в %ProgramFiles%\malwarebytes\anti-malware\mbamtray.exe
  • %ProgramFiles%\malwarebytes\anti-malware\is-4r8fe.tmp в %ProgramFiles%\malwarebytes\anti-malware\assistant.exe
  • %ProgramFiles%\malwarebytes\anti-malware\is-61bst.tmp в %ProgramFiles%\malwarebytes\anti-malware\malwarebytes_assistant.exe
  • %ProgramFiles%\malwarebytes\anti-malware\is-hbv7g.tmp в %ProgramFiles%\malwarebytes\anti-malware\mbamwow.exe
  • %ProgramFiles%\malwarebytes\anti-malware\is-2cj0n.tmp в %ProgramFiles%\malwarebytes\anti-malware\mbshlext_proto
  • %ProgramFiles%\malwarebytes\anti-malware\is-cltjv.tmp в %ProgramFiles%\malwarebytes\anti-malware\mbcut.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-r10uf.tmp в %ProgramFiles%\malwarebytes\anti-malware\qt5core.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-5p169.tmp в %ProgramFiles%\malwarebytes\anti-malware\qt5gui.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-1eodh.tmp в %ProgramFiles%\malwarebytes\anti-malware\qt5network.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-3o2j5.tmp в %ProgramFiles%\malwarebytes\anti-malware\qt5qml.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-gbu2s.tmp в %ProgramFiles%\malwarebytes\anti-malware\changes.txt
  • %ProgramFiles%\malwarebytes\anti-malware\is-hvblh.tmp в %ProgramFiles%\malwarebytes\anti-malware\qt5quick.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-4c0k9.tmp в %ProgramFiles%\malwarebytes\anti-malware\qt5widgets.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-9023r.tmp в %ProgramFiles%\malwarebytes\anti-malware\qt5winextras.dll
  • %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\is-j2pjs.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\plugins.qmltypes
  • %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\is-qj7f9.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\qmldir
  • %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\is-16egl.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\qml_winextras.dll
  • %ProgramFiles%\malwarebytes\anti-malware\iconengines\is-5c2gn.tmp в %ProgramFiles%\malwarebytes\anti-malware\iconengines\qsvgicon.dll
  • %ProgramFiles%\malwarebytes\anti-malware\imageformats\is-852f7.tmp в %ProgramFiles%\malwarebytes\anti-malware\imageformats\qico.dll
  • %ProgramFiles%\malwarebytes\anti-malware\imageformats\is-polv1.tmp в %ProgramFiles%\malwarebytes\anti-malware\imageformats\qsvg.dll
  • %ProgramFiles%\malwarebytes\anti-malware\platforms\is-3b22d.tmp в %ProgramFiles%\malwarebytes\anti-malware\platforms\qwindows.dll
  • %ProgramFiles%\malwarebytes\anti-malware\scenegraph\is-dkroh.tmp в %ProgramFiles%\malwarebytes\anti-malware\scenegraph\qsgd3d12backend.dll
  • %ProgramFiles%\malwarebytes\anti-malware\styles\is-rom1b.tmp в %ProgramFiles%\malwarebytes\anti-malware\styles\qwindowsvistastyle.dll
  • %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\is-vc2gk.tmp в %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\plugins.qmltypes
  • %ProgramFiles%\malwarebytes\anti-malware\is-7dg0k.tmp в %ProgramFiles%\malwarebytes\anti-malware\qt5svg.dll
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-j05vr.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\information.png
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-6jink.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\slider_handle.png
  • %ProgramFiles%\malwarebytes\anti-malware\is-ffgii.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-locale-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-j6spj.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\sunken_frame.png
  • %ProgramFiles%\malwarebytes\anti-malware\is-ac7s7.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-file-l2-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-uvudv.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-handle-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-refiv.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-heap-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-57f9b.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-interlocked-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-qr7bb.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-libraryloader-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-ea7gm.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-localization-l1-2-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-blnjl.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-memory-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-61sbo.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-namedpipe-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-1d1ig.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-processenvironment-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-v36rg.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-processthreads-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-2p1co.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-processthreads-l1-1-1.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-n76qu.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-file-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-ii323.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-file-l1-2-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-9leo5.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-profile-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-082hv.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-synch-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-isah8.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-synch-l1-2-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-4otjs.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-sysinfo-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-rat0c.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-timezone-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-gr1r2.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-util-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-rv9dp.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-xstate-l2-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-2b4dj.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-conio-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-71snu.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-convert-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-7gl3q.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-environment-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-hbgoh.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-filesystem-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-n8bua.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-heap-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-4d4re.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-rtlsupport-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-55rv5.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-string-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-a2smi.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-errorhandling-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-rc4va.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-debug-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-a7sra.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-datetime-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-6ra8s.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\window_border.png
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\is-o3g1i.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\dialogsprivateplugin.dll
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\is-clbq6.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\plugins.qmltypes
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\is-r0p7k.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\qmldir
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-1eh60.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\colorslider.qml
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-utp64.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\defaultwindowdecoration.qml
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-1eqg0.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\iconbuttonstyle.qml
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-gd7fl.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\iconglyph.qml
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-v9gl6.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\icons.ttf
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-1rfl2.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\qmldir
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\is-0o89o.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\plugins.qmltypes
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\is-sjvre.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\qmldir
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-mevpj.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\warning.png
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\is-pcb76.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\qquicklayoutsplugin.dll
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\is-cb4a7.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\qmldir
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\is-6f5op.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\widgetsplugin.dll
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\is-uva0p.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\plugins.qmltypes
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\is-n2o54.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\qmldir
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\is-sm384.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\windowplugin.dll
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\is-vmopb.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\plugins.qmltypes
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\is-m42qn.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\qmldir
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\is-8bkpo.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\qtquick2plugin.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-aale8.tmp в %ProgramFiles%\malwarebytes\anti-malware\msvcp140.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-a52iv.tmp в %ProgramFiles%\malwarebytes\anti-malware\vcruntime140.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-3bu1n.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-console-l1-1-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\is-8rfvp.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-console-l1-2-0.dll
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\is-t5o25.tmp в %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\plugins.qmltypes
  • %ProgramFiles%\malwarebytes\anti-malware\is-m4vbv.tmp в %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-math-l1-1-0.dll
  • %LOCALAPPDATA%\mbamtray\cache\qmlcache\3011392f12f3c5a120af563415ba0ad5059cda87.qmlc.riosyj в %LOCALAPPDATA%\mbamtray\cache\qmlcache\3011392f12f3c5a120af563415ba0ad5059cda87.qmlc
Подменяет следующие файлы
  • %TEMP%\is-5nbtm.tmp\mb-header100.bmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\lang_es.qm
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\arw\arwfi.dat-journal
Изменяет файл HOSTS.
Сетевая активность
Подключается к
  • 'te######y.malwarebytes.com':443
  • 'localhost':443
  • 'li###.#alwarebytes.com':443
  • 'pr######o.malwarebytes.com':443
  • 'ar#.#wbsys.com':443
TCP
Другие
  • 'li###.#alwarebytes.com':443
  • 'pr######o.malwarebytes.com':443
  • 'ma####ebytes.com':443
  • 'ar#.#wbsys.com':443
UDP
  • DNS ASK te######y.malwarebytes.com
  • DNS ASK li###.#alwarebytes.com
  • DNS ASK pr######o.malwarebytes.com
  • DNS ASK ma####ebytes.com
  • DNS ASK ar#.#wbsys.com
Другое
Добавляет корневой сертификат
Ищет следующие окна
  • ClassName: '' WindowName: ''
  • ClassName: 'EDIT' WindowName: ''
Создает и запускает на исполнение
  • 'C:\gecici_proje_klasoru\g.exe'
  • 'C:\gecici_proje_klasoru\m.exe'
  • 'C:\gecici_proje_klasoru\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11402.exe' /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
  • '%TEMP%\is-fskl4.tmp\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11402.tmp' /SL5="$D002A,63820596,239616,C:\gecici_proje_klasoru\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11402.exe" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
  • '%ProgramFiles%\malwarebytes\anti-malware\mbamservice.exe' /service
  • '%ProgramFiles%\malwarebytes\anti-malware\mbamservice.exe'
  • '%ProgramFiles%\malwarebytes\anti-malware\mbamtray.exe'
  • 'C:\gecici_proje_klasoru\mbsetup_sib.exe' /S
  • '%TEMP%\mbsetup\mbsetup.exe'
  • '<SYSTEM32>\cmd.exe' /c "%TEMP%\EA0.tmp\G.bat C:\gecici_proje_klasoru\G.exe"' (со скрытым окном)
  • '<SYSTEM32>\certutil.exe' -f -addStore root "%TEMP%\is-5NBTM.tmp\BaltimoreCyberTrustRoot.crt"' (со скрытым окном)
  • '<SYSTEM32>\certutil.exe' -f -addStore root "%TEMP%\is-5NBTM.tmp\DigiCertEVRoot.crt"' (со скрытым окном)
  • '%ProgramFiles%\malwarebytes\anti-malware\mbamservice.exe' /service' (со скрытым окном)
Запускает на исполнение
  • '<SYSTEM32>\cmd.exe' /c "%TEMP%\EA0.tmp\G.bat C:\gecici_proje_klasoru\G.exe"
  • '<SYSTEM32>\reg.exe' delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1" /f
  • '<SYSTEM32>\reg.exe' delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1" /f
  • '<SYSTEM32>\ping.exe' 127.0.0.1 -n 4
  • '<SYSTEM32>\netsh.exe' advfirewall reset
  • '<SYSTEM32>\attrib.exe' -r <DRIVERS>\etc\hosts
  • '<SYSTEM32>\find.exe' /C /I "keystone.mwbsys.com" <DRIVERS>\etc\hosts
  • '<SYSTEM32>\certutil.exe' -f -addStore root "%TEMP%\is-5NBTM.tmp\BaltimoreCyberTrustRoot.crt"
  • '<SYSTEM32>\certutil.exe' -f -addStore root "%TEMP%\is-5NBTM.tmp\DigiCertEVRoot.crt"
  • '%WINDIR%\syswow64\rundll32.exe' "%WINDIR%\syswow64\WININET.dll",DispatchAPICall 1
  • '%WINDIR%\syswow64\ctfmon.exe'

Рекомендации по лечению

  1. В случае если операционная система способна загрузиться (в штатном режиме или режиме защиты от сбоев), скачайте лечащую утилиту Dr.Web CureIt! и выполните с ее помощью полную проверку вашего компьютера, а также используемых вами переносных носителей информации.
  2. Если загрузка операционной системы невозможна, измените настройки BIOS вашего компьютера, чтобы обеспечить возможность загрузки ПК с компакт-диска или USB-накопителя. Скачайте образ аварийного диска восстановления системы Dr.Web® LiveDisk или утилиту записи Dr.Web® LiveDisk на USB-накопитель, подготовьте соответствующий носитель. Загрузив компьютер с использованием данного носителя, выполните его полную проверку и лечение обнаруженных угроз.
Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Выполните полную проверку системы с использованием Антивируса Dr.Web Light для macOS. Данный продукт можно загрузить с официального сайта Apple App Store.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Скачать Dr.Web с Apple Store

На загруженной ОС выполните полную проверку всех дисковых разделов с использованием продукта Антивирус Dr.Web для Linux.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке

Скачать с сайта
Скачать с Google Play