DLA UŻYTKOWNIKÓW

Zamknij

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum
Profile

PL

RU CN DE EN ES FR IT JP KZ UZ PL BY
Zamknij
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Trojan.Siggen27.6477

Added to the Dr.Web virus database: 2024-03-03

Virus description added:

Technical Information

To ensure autorun and distribution
Modifies the following registry keys
  • [HKLM\Software\Classes\malwarebytes\shell\open\command] '' = '"%ProgramFiles%\Malwarebytes\Anti-Malware\assistant.exe" -uri "%1"'
Sets the following service settings
  • [HKLM\System\CurrentControlSet\Services\MBAMService] 'ImagePath' = '"%ProgramFiles%\Malwarebytes\Anti-Malware\mbamservice.exe"'
  • [HKLM\System\CurrentControlSet\Services\MBAMSwissArmy] 'ImagePath' = 'system32\DRIVERS\mbamswissarmy.sys'
  • [HKLM\System\CurrentControlSet\Services\MBAMSwissArmy] 'ImagePath' = '<DRIVERS>\mbamswissarmy.sys'
Creates the following services
  • 'MBAMService' "%ProgramFiles%\Malwarebytes\Anti-Malware\mbamservice.exe"
  • 'MBAMService' %ProgramFiles%\Malwarebytes\Anti-Malware\mbamservice.exe
  • 'MBAMSwissArmy' system32\DRIVERS\mbamswissarmy.sys
  • 'MBAMSwissArmy' <DRIVERS>\mbamswissarmy.sys
Modifies file system
Creates the following files
  • %TEMP%\aut253b.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-2djb5.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-cbrmj.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-49n8u.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-mind8.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-ddbpo.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-rfegg.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-600ca.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-ntjsu.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-g5vpg.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-lib48.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-6vsuf.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-05avi.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-h406k.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-df6h3.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-mi95k.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-4sp1c.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-6t0mc.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-b1p39.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-epbi2.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-vrfio.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-oig7d.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-5ioj6.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-39ss6.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-fntu2.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-fenf2.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-hdj7n.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-036ks.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-caf21.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-rsffe.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-61d4d.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-v2un8.tmp
  • <DRIVERS>\is-q7r9f.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-rsq5o.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-e3ulf.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-casb8.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-fuea8.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-9upc2.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-n0amm.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-qhhi2.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-7knp7.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-kgist.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-r7vnm.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-2glcg.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-0bb9g.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-v262c.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-o0n8j.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-agot9.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-2hpr2.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-3o5b9.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-8v1tc.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-c6pbk.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-u7qs4.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-6015l.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-e01vu.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-pt16e.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-iriqm.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-a6je2.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-jdekj.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-gr2mv.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-86c00.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-roq9l.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-opnkr.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-8sgih.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-cerjn.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-5nrna.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-1a2am.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-ilbc5.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-rfgte.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-0flgo.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-rc65s.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-t7774.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-gekne.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-vc7rb.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-p06cj.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\serviceconfig.json.bak
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-03032024170749717-ntuser.dat.log1
  • %ProgramFiles%\malwarebytes\anti-malware\is-j7m4n.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\cleancontrollerconfig.json.bak
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\cleancontrollerconfig.json
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\telemetry.json
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\telemctrlconfig.json.bak
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\telemctrlconfig.json
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\cloudconfig.json.bak
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\cloudconfig.json
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\irisdata.json
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\updatecontrollerconfig.json.bak
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\updatecontrollerconfig.json
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\licenseconfig.json.bak
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\licenseconfig.json
  • %ProgramFiles%\malwarebytes\anti-malware\mbshlext.dll
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\policiesconfig.json.bak
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\policiesconfig.json
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\mbdigsig2.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\logs\mbamservice.log
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\scanconfig.json
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\scanconfig.json.bak
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-3150914307-1777937420-491476919-1000-03032024170749913-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-03032024170749340-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-03032024170749043-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-3150914307-1777937420-491476919-1000-03032024170749913-usrclass.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-3150914307-1777937420-491476919-1000-03032024170749913-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\rtpconfig.json.bak
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\rtpconfig.json
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-03032024170749340-ntuser.dat
  • %ProgramFiles%\malwarebytes\anti-malware\is-32lui.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-03032024170749043-ntuser.dat
  • %WINDIR%\temp\udd2912.tmp
  • <DRIVERS>\set2480.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\sdk\mbamswissarmy.tmf
  • %ProgramFiles%\malwarebytes\anti-malware\sdk\mbamswissarmy.cat
  • %ProgramFiles%\malwarebytes\anti-malware\sdk\mbamswissarmy.inf
  • %ProgramFiles%\malwarebytes\anti-malware\sdk\mbamswissarmy.sys
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\dbmanifest2.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\dynconfig.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\exclusions.txt
  • %ProgramFiles%\malwarebytes\anti-malware\is-p1hht.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-d3dvb.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-20cnm.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-k0niq.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-hpc9f.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-2nvb2.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-lisre.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-uckc5.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-cs57u.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-m8frb.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-cn69m.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-f0eh6.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-r4j5i.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-m38rf.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-71d07.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-jd70v.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-8mubt.tmp
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\malwarebytes\malwarebytes.lnk
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\clean.mbdb
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\malwarebytes\uninstall malwarebytes.lnk
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\wprot2.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tids.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\scan.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\rules.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\rdefs.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\prot.mbdb
  • %ProgramFiles%\malwarebytes\anti-malware\is-l270s.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-6gdf7.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\serviceconfig.json
  • %TEMP%\mb_errors2740.log
  • %TEMP%\is-itaka.tmp\digicertevroot.crt
  • %TEMP%\is-itaka.tmp\baltimorecybertrustroot.crt
  • %ProgramFiles%\malwarebytes\anti-malware\unins000.dat
  • %ProgramFiles%\malwarebytes\anti-malware\unins000.msg
  • C:\users\public\desktop\malwarebytes.lnk
  • %ProgramFiles%\malwarebytes\anti-malware\securityproductinformation.ini
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-03032024170749717-ntuser.dat
  • %ProgramFiles%\malwarebytes\anti-malware\is-q98u9.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-81p6u.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-0j16o.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-hlba0.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-gk1ea.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-chu1q.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-lmnkv.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-hg48l.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-nsnal.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-6rsr9.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-n1orf.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-24vlo.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-gp4ps.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-c4clb.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-c33of.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-tmlai.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-rg6k7.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-58re8.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-ns4r7.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-mldhm.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\is-cadgk.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\is-pra39.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\is-te5pd.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\is-io8fg.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\is-2gh2v.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\is-tf60t.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\is-e19so.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\is-phcr5.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\styles\is-i7ck5.tmp
  • %TEMP%\is-itaka.tmp\_isetup\_setup64.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\scenegraph\is-r0nkd.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\platforms\is-3l1e3.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\imageformats\is-e59n3.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\imageformats\is-rob1b.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\iconengines\is-l737k.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\is-mn8mh.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\is-bh0ki.tmp
  • %TEMP%\is-itaka.tmp\mb-header-options100.bmp
  • %TEMP%\is-itaka.tmp\mb-work-image100.bmp
  • %TEMP%\is-itaka.tmp\mb-personal-image100.bmp
  • %TEMP%\aut267a.tmp
  • C:\gecici_proje_klasoru\mbam remover 1102.exe
  • %TEMP%\aut261c.tmp
  • C:\gecici_proje_klasoru\m.exe
  • %TEMP%\aut25fc.tmp
  • C:\gecici_proje_klasoru\hosts.exe
  • %TEMP%\aut25cc.tmp
  • C:\gecici_proje_klasoru\d2.exe
  • %TEMP%\aut258c.tmp
  • C:\gecici_proje_klasoru\d.exe
  • %TEMP%\aut255d.tmp
  • C:\gecici_proje_klasoru\k.png
  • %TEMP%\aut253c.tmp
  • C:\gecici_proje_klasoru\grey.gif
  • %TEMP%\aut269b.tmp
  • C:\gecici_proje_klasoru\setup.exe
  • C:\gecici_proje_klasoru\sc2.vbs
  • %TEMP%\lybimh.tmp
  • %TEMP%\is-itaka.tmp\mb-header100.bmp
  • %TEMP%\bytyhfkm.tmp
  • %TEMP%\is-itaka.tmp\malwarebytes_privacypolicy.htm
  • %TEMP%\is-itaka.tmp\malwarebytes_enduserlicenseagreement.htm
  • %TEMP%\is-itaka.tmp\languages.txt
  • %TEMP%\mb_setup2016.log
  • %TEMP%\is-itaka.tmp\innocallback.dll
  • %TEMP%\is-itaka.tmp\suhlpr.dll
  • %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\is-sdrk9.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\is-or0dr.tmp
  • %TEMP%\setup log 2024-03-03 #001.txt
  • %TEMP%\is-5qqs2.tmp\setup.tmp
  • nul
  • %ALLUSERSPROFILE%\mb2migration\exclusions.dat
  • %ALLUSERSPROFILE%\mb2migration\configuration\license.conf
  • %TEMP%\bytyhfkm.reg
  • %TEMP%\aut6b11.tmp
  • %TEMP%\is-itaka.tmp\_isetup\_shfoldr.dll
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\is-q2qsk.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-1ihuv.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\is-ia8r1.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-jt2st.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-pspud.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-2pkbb.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-b9n8p.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-u9gla.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-7p3b2.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-7nrcs.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-a42lm.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-vtjla.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\is-31n99.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\is-n49l4.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\is-vv50o.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\is-mtio4.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\is-tv2b8.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\is-4601a.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\is-ntrd0.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\is-4o9m6.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-mnoho.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-hvp78.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-36n0f.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-6m6nj.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-69f23.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-8h0pr.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-mq0r7.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-2o8pi.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-valsm.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-nipme.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\is-mgs0r.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-h1hod.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-f7gpr.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-19f4j.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-1babc.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-vgrcc.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-llg4r.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-haakv.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\is-urv77.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\is-v0f2n.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\is-r4v68.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-fu57d.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-fqm6b.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-bqfs6.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-heb2d.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-6ggog.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-c3lf5.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-2hrto.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-2p4ct.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-fug5j.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-oik76.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-3ldbu.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-rscmo.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\styles\flat\is-4378v.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\styles\flat\is-1thjl.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-eipn0.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-bh0rf.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-ei5jv.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-ocps3.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\is-f6rn7.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-919ib.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-9j8nf.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-kg0ui.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-sup57.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-ttse0.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-kubq7.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-gj3e3.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-86giq.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\is-6p9n5.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\is-0kpho.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-dghuk.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-dcekr.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-vj32b.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-8cp49.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-2avha.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-7it1v.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\is-koibb.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-3150914307-1777937420-491476919-1000-03032024170749913-usrclass.dat.log1
Sets the 'hidden' attribute to the following files
  • C:\gecici_proje_klasoru\sc2.vbs
  • C:\gecici_proje_klasoru\d2.exe
  • C:\gecici_proje_klasoru\mbam remover 1102.exe
  • C:\gecici_proje_klasoru\d.exe
  • C:\gecici_proje_klasoru\m.exe
  • C:\gecici_proje_klasoru\setup.exe
  • C:\gecici_proje_klasoru\hosts.exe
  • C:\gecici_proje_klasoru\k.png
Deletes the following files
  • %TEMP%\aut253b.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\rdefs.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\rules.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\scan.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\tids.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\wprot2.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\pkgvers.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\version.dat
  • %TEMP%\bytyhfkm.tmp
  • %WINDIR%\temp\udd2912.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-03032024170749043-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-03032024170749340-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-03032024170749340-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-03032024170749717-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-03032024170749717-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-3150914307-1777937420-491476919-1000-03032024170749913-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-3150914307-1777937420-491476919-1000-03032024170749913-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\mbdigsig2.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\prot.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\exclusions.txt
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\dynconfig.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\dbmanifest2.dat
  • %TEMP%\aut255d.tmp
  • %TEMP%\aut258c.tmp
  • %TEMP%\aut25cc.tmp
  • %TEMP%\aut25fc.tmp
  • %TEMP%\aut261c.tmp
  • %TEMP%\aut267a.tmp
  • %TEMP%\aut269b.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-3150914307-1777937420-491476919-1000-03032024170749913-usrclass.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-03032024170749043-ntuser.dat
  • %TEMP%\lybimh.tmp
  • %TEMP%\bytyhfkm.reg
  • %TEMP%\is-itaka.tmp\mb-header100.bmp
  • %TEMP%\is-itaka.tmp\mb-personal-image100.bmp
  • %TEMP%\is-itaka.tmp\mb-work-image100.bmp
  • %TEMP%\is-itaka.tmp\mb-header-options100.bmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\lang_es.qm
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\clean.mbdb
  • %TEMP%\aut253c.tmp
  • %TEMP%\aut6b11.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-3150914307-1777937420-491476919-1000-03032024170749913-usrclass.dat.log1
Moves the following files
  • from %ProgramFiles%\malwarebytes\anti-malware\is-58re8.tmp to %ProgramFiles%\malwarebytes\anti-malware\unins000.exe
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-t7774.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_pl.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-rc65s.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_pt_br.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-0flgo.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_pt_pt.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-rfgte.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_ru.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-caf21.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_sv.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-p06cj.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_da.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-cerjn.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_no.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-8sgih.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_fi.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-jdekj.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_fr.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-opnkr.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_ja.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-gekne.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_nl.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-86c00.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_cs.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-a6je2.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_ko.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-n0amm.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_ro.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-9upc2.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_hr.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-fuea8.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_sl.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-4sp1c.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_sk.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-6t0mc.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_bg.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\is-mi95k.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbamwsc.exe
  • from %ProgramFiles%\malwarebytes\anti-malware\is-df6h3.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbamservice.exe
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-roq9l.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_hu.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\is-h406k.tmp to %ProgramFiles%\malwarebytes\anti-malware\arwcontrollerimpl.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-gr2mv.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_zh_tw.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-vc7rb.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_it.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-iriqm.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_es.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-e01vu.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_de.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\is-6m6nj.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-sysinfo-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-36n0f.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-timezone-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-1ihuv.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-util-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-86giq.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-xstate-l2-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-q98u9.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-conio-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-l270s.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-convert-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-u7qs4.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-environment-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-c6pbk.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-filesystem-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-8v1tc.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-heap-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-8h0pr.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-synch-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-3o5b9.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-locale-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-agot9.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-multibyte-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-o0n8j.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-private-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-v262c.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-process-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-0bb9g.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-runtime-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-2glcg.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-stdio-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-r7vnm.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-string-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-kgist.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-time-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-7knp7.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-utility-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-qhhi2.tmp to %ProgramFiles%\malwarebytes\anti-malware\ucrtbase.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-pt16e.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_en_gb.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\is-2hpr2.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-math-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-6015l.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_en_us.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\is-mq0r7.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-string-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-69f23.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-synch-l1-2-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-05avi.tmp to %ProgramFiles%\malwarebytes\anti-malware\cleancontrollerimpl.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-ntjsu.tmp to %ProgramFiles%\malwarebytes\anti-malware\policiescontrollerimpl.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-32lui.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbampt.exe
  • from %ProgramFiles%\malwarebytes\anti-malware\is-6gdf7.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbae.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-j7m4n.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbamelam.sys
  • from %ProgramFiles%\malwarebytes\anti-malware\is-m38rf.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbamelam.cat
  • from %ProgramFiles%\malwarebytes\anti-malware\is-r4j5i.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbamelam.inf
  • from %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-f0eh6.tmp to %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\clean.mbdb
  • from %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-cn69m.tmp to %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\prot.mbdb
  • from %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-m8frb.tmp to %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\rdefs.mbdb
  • from %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-cs57u.tmp to %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\rules.mbdb
  • from %ProgramFiles%\malwarebytes\anti-malware\is-vrfio.tmp to %ProgramFiles%\malwarebytes\anti-malware\selfprotectionshim.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-1a2am.tmp to %ProgramFiles%\malwarebytes\anti-malware\selfprotectionsdk.dll
  • from %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-uckc5.tmp to %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\scan.mbdb
  • from %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-hpc9f.tmp to %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\exclusions.txt
  • from %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-k0niq.tmp to %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\dynconfig.dat
  • from %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-20cnm.tmp to %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\dbmanifest2.dat
  • from %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-d3dvb.tmp to %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\mbdigsig2.dat
  • from %ProgramFiles%\malwarebytes\anti-malware\is-p1hht.tmp to %ProgramFiles%\malwarebytes\anti-malware\pkgvers.dat
  • from %ProgramFiles%\malwarebytes\anti-malware\is-8mubt.tmp to %ProgramFiles%\malwarebytes\anti-malware\version.dat
  • from %ProgramFiles%\malwarebytes\anti-malware\is-71d07.tmp to %ProgramFiles%\malwarebytes\anti-malware\7z.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-jd70v.tmp to %ProgramFiles%\malwarebytes\anti-malware\zlib.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\pkgvers.dat to %ALLUSERSPROFILE%\malwarebytes\mbamservice\pkgvers.dat
  • from %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-lisre.tmp to %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\tids.mbdb
  • from %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-2nvb2.tmp to %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\wprot2.mbdb
  • from %ProgramFiles%\malwarebytes\anti-malware\is-oig7d.tmp to %ProgramFiles%\malwarebytes\anti-malware\rtp.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-39ss6.tmp to %ProgramFiles%\malwarebytes\anti-malware\swissarmy.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\is-4o9m6.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\widgetsplugin.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-600ca.tmp to %ProgramFiles%\malwarebytes\anti-malware\rtpcontrollerimpl.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-rfegg.tmp to %ProgramFiles%\malwarebytes\anti-malware\scancontrollerimpl.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-ddbpo.tmp to %ProgramFiles%\malwarebytes\anti-malware\telemetrycontrollerimpl.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-mind8.tmp to %ProgramFiles%\malwarebytes\anti-malware\aecontrollerimpl.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-49n8u.tmp to %ProgramFiles%\malwarebytes\anti-malware\updatecontrollerimpl.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-cbrmj.tmp to %ProgramFiles%\malwarebytes\anti-malware\spcontrollerimpl.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-2djb5.tmp to %ProgramFiles%\malwarebytes\anti-malware\actions.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-b1p39.tmp to %ProgramFiles%\malwarebytes\anti-malware\actionsshim.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-epbi2.tmp to %ProgramFiles%\malwarebytes\anti-malware\browsersdkdll.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-casb8.tmp to %ProgramFiles%\malwarebytes\anti-malware\browsersdkdllshim.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-e3ulf.tmp to %ProgramFiles%\malwarebytes\anti-malware\aeshim.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-rsq5o.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbae64.dll
  • from <DRIVERS>\is-q7r9f.tmp to <DRIVERS>\mbae64.sys
  • from %ProgramFiles%\malwarebytes\anti-malware\is-v2un8.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbae-api-na.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-61d4d.tmp to %ProgramFiles%\malwarebytes\anti-malware\arwsdkshim.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-rsffe.tmp to %ProgramFiles%\malwarebytes\anti-malware\arwlib.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-036ks.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbamshim.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-5nrna.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbamcore.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-hdj7n.tmp to %ProgramFiles%\malwarebytes\anti-malware\mwacsdkshim.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-fenf2.tmp to %ProgramFiles%\malwarebytes\anti-malware\mwaclib.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-fntu2.tmp to %ProgramFiles%\malwarebytes\anti-malware\swissarmyshim.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-6vsuf.tmp to %ProgramFiles%\malwarebytes\anti-malware\cloudcontrollerimpl.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-g5vpg.tmp to %ProgramFiles%\malwarebytes\anti-malware\mwaccontrollerimpl.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-lib48.tmp to %ProgramFiles%\malwarebytes\anti-malware\licensecontrollerimpl.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-2o8pi.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-rtlsupport-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-valsm.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-profile-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-81p6u.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-processthreads-l1-1-1.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\is-tf60t.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\plugins.qmltypes
  • from %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\is-2gh2v.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\qmldir
  • from %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\is-io8fg.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\qmlsettingsplugin.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\is-te5pd.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\modelsplugin.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\is-pra39.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\plugins.qmltypes
  • from %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\is-or0dr.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\qmldir
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\is-mgs0r.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\plugins.qmltypes
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\is-6p9n5.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\qmldir
  • from %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\is-sdrk9.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\plugins.qmltypes
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\is-ia8r1.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\qtquickcontrolsplugin.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\is-e19so.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\styles\flat\is-4378v.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\styles\flat\qtquickextrasflatplugin.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-3ldbu.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\defaultdialogwrapper.qml
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-oik76.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\defaultfiledialog.qml
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-fug5j.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\defaultfontdialog.qml
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-2p4ct.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\defaultmessagedialog.qml
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-2hrto.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\dialogplugin.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-c3lf5.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\plugins.qmltypes
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-6ggog.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qmldir
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-heb2d.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\widgetcolordialog.qml
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\styles\flat\is-1thjl.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\styles\flat\qmldir
  • from %ProgramFiles%\malwarebytes\anti-malware\styles\is-i7ck5.tmp to %ProgramFiles%\malwarebytes\anti-malware\styles\qwindowsvistastyle.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-rscmo.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\defaultcolordialog.qml
  • from %ProgramFiles%\malwarebytes\anti-malware\scenegraph\is-r0nkd.tmp to %ProgramFiles%\malwarebytes\anti-malware\scenegraph\qsgd3d12backend.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\platforms\is-3l1e3.tmp to %ProgramFiles%\malwarebytes\anti-malware\platforms\qwindows.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-ns4r7.tmp to %ProgramFiles%\malwarebytes\anti-malware\changes.txt
  • from %ProgramFiles%\malwarebytes\anti-malware\is-tmlai.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbam.exe
  • from %ProgramFiles%\malwarebytes\anti-malware\is-c33of.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbamtray.exe
  • from %ProgramFiles%\malwarebytes\anti-malware\is-c4clb.tmp to %ProgramFiles%\malwarebytes\anti-malware\assistant.exe
  • from %ProgramFiles%\malwarebytes\anti-malware\is-gp4ps.tmp to %ProgramFiles%\malwarebytes\anti-malware\malwarebytes_assistant.exe
  • from %ProgramFiles%\malwarebytes\anti-malware\is-24vlo.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbamwow.exe
  • from %ProgramFiles%\malwarebytes\anti-malware\is-n1orf.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbshlext_proto
  • from %ProgramFiles%\malwarebytes\anti-malware\is-6rsr9.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbcut.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-nsnal.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt5core.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-hg48l.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt5gui.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-lmnkv.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt5network.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-rg6k7.tmp to %ProgramFiles%\malwarebytes\anti-malware\suhlpr.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-chu1q.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt5qml.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-hlba0.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt5svg.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-0j16o.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt5widgets.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-mldhm.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt5winextras.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\is-cadgk.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\plugins.qmltypes
  • from %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\is-bh0ki.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\qmldir
  • from %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\is-mn8mh.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\qml_winextras.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\iconengines\is-l737k.tmp to %ProgramFiles%\malwarebytes\anti-malware\iconengines\qsvgicon.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\imageformats\is-rob1b.tmp to %ProgramFiles%\malwarebytes\anti-malware\imageformats\qico.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\imageformats\is-e59n3.tmp to %ProgramFiles%\malwarebytes\anti-malware\imageformats\qsvg.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-bqfs6.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\widgetfiledialog.qml
  • from %ProgramFiles%\malwarebytes\anti-malware\is-gk1ea.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt5quick.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-fqm6b.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\widgetfontdialog.qml
  • from %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\is-phcr5.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\qmldir
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-fu57d.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\widgetmessagedialog.qml
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\is-mtio4.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\windowplugin.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\is-n49l4.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\qmldir
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\is-31n99.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\qtquick2plugin.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-vtjla.tmp to %ProgramFiles%\malwarebytes\anti-malware\msvcp140.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-a42lm.tmp to %ProgramFiles%\malwarebytes\anti-malware\vcruntime140.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-7nrcs.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-console-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-7p3b2.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-console-l1-2-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-u9gla.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-datetime-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-b9n8p.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-debug-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-2pkbb.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-errorhandling-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-pspud.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-file-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-jt2st.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-file-l1-2-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-mnoho.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-file-l2-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-hvp78.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-handle-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-haakv.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-heap-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-llg4r.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-interlocked-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-vgrcc.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-libraryloader-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-1babc.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-localization-l1-2-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-19f4j.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-memory-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-f7gpr.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-namedpipe-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-h1hod.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-processenvironment-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-nipme.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-processthreads-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\is-tv2b8.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\qmldir
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-ei5jv.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\checkers.png
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\is-vv50o.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\plugins.qmltypes
  • from %ProgramFiles%\malwarebytes\anti-malware\is-5ioj6.tmp to %ProgramFiles%\malwarebytes\anti-malware\rtpshim.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\version.dat to %ALLUSERSPROFILE%\malwarebytes\mbamservice\version.dat
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\is-ntrd0.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\qmldir
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-bh0rf.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\copy.png
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-ocps3.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\critical.png
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-919ib.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\crosshairs.png
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-7it1v.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\information.png
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-2avha.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\question.png
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-8cp49.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\slider_handle.png
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-vj32b.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\sunken_frame.png
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-dcekr.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\warning.png
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-dghuk.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\window_border.png
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\is-0kpho.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\dialogsprivateplugin.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-eipn0.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\checkmark.png
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\is-q2qsk.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\plugins.qmltypes
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-gj3e3.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\colorslider.qml
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-kubq7.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\defaultwindowdecoration.qml
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-ttse0.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\iconbuttonstyle.qml
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-sup57.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\iconglyph.qml
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-kg0ui.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\icons.ttf
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-9j8nf.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\qmldir
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\is-f6rn7.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\plugins.qmltypes
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\is-r4v68.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\qmldir
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\is-v0f2n.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\qquicklayoutsplugin.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\is-urv77.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\plugins.qmltypes
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\is-koibb.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\qmldir
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\is-4601a.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\plugins.qmltypes
  • from <DRIVERS>\set2480.tmp to <DRIVERS>\mbamswissarmy.sys
Substitutes the following files
  • %TEMP%\is-itaka.tmp\mb-header100.bmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\lang_es.qm
Modifies the HOSTS file.
Network activity
Connects to
  • 'te######y.malwarebytes.com':443
TCP
Other
  • 'te######y.malwarebytes.com':443
UDP
  • DNS ASK te######y.malwarebytes.com
Miscellaneous
Adds a root certificate
Searches for the following windows
  • ClassName: 'EDIT' WindowName: ''
Creates and executes the following
  • '<SYSTEM32>\wscript.exe' "C:\gecici_proje_klasoru\Sc2.vbs"
  • '%ProgramFiles%\malwarebytes\anti-malware\mbamservice.exe' /service
  • '%TEMP%\is-5qqs2.tmp\setup.tmp' /SL5="$1B002A,63820596,239616,C:\gecici_proje_klasoru\Setup.exe" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
  • 'C:\gecici_proje_klasoru\setup.exe' /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
  • 'C:\gecici_proje_klasoru\m.exe'
  • 'C:\gecici_proje_klasoru\hosts.exe'
  • '%ProgramFiles%\malwarebytes\anti-malware\mbamservice.exe'
  • '<SYSTEM32>\wscript.exe' "C:\gecici_proje_klasoru\Sc2.vbs" /elevated
  • 'C:\gecici_proje_klasoru\mbam remover 1102.exe'
  • '%WINDIR%\syswow64\cmd.exe' /Q /C REG IMPORT "%TEMP%\bytyhfkm.reg" > NUL' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /Q /C attrib +H +S "Durdur.exe"' (with hidden window)
  • '<SYSTEM32>\certutil.exe' -f -addStore root "%TEMP%\is-ITAKA.tmp\DigiCertEVRoot.crt"' (with hidden window)
  • '<SYSTEM32>\certutil.exe' -f -addStore root "%TEMP%\is-ITAKA.tmp\BaltimoreCyberTrustRoot.crt"' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /Q /C attrib +H +S "\gecici_proje_klasoru"' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /Q /C attrib +H +S "Sc2.vbs"' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /Q /C attrib +H +S "D1.exe"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /Q /C netsh advfirewall firewall delete rule name="Malwarebytes" > NUL' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /Q /C attrib +H +S "T.exe"' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /Q /C attrib +H +S "Hosts.exe"' (with hidden window)
  • '%ProgramFiles%\malwarebytes\anti-malware\mbamservice.exe' /service' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /Q /C attrib +H +S "TR.exe"' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /Q /C attrib +H +S "K.png"' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /Q /C attrib +H +S "MBAM Remover 1102.exe"' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /Q /C attrib +H +S "Setup.exe"' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /Q /C attrib +H +S "D.exe"' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /Q /C attrib +H +S "D2.exe"' (with hidden window)
  • '%WINDIR%\syswow64\cmd.exe' /Q /C RMDIR /S /Q "%ProgramFiles%\Malwarebytes\Anti-Malware" > NUL' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /Q /C attrib +H +S "K2.png"' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /Q /C attrib +H +S "M.exe"' (with hidden window)
Executes the following
  • '<SYSTEM32>\cmd.exe' /Q /C attrib +H +S "\gecici_proje_klasoru"
  • '<SYSTEM32>\attrib.exe' +H +S "D1.exe"
  • '<SYSTEM32>\attrib.exe' +H +S "Durdur.exe"
  • '<SYSTEM32>\attrib.exe' +H +S "MBAM Remover 1102.exe"
  • '<SYSTEM32>\attrib.exe' +H +S "D.exe"
  • '<SYSTEM32>\attrib.exe' +H +S "M.exe"
  • '<SYSTEM32>\attrib.exe' +H +S "TR.exe"
  • '<SYSTEM32>\attrib.exe' +H +S "Hosts.exe"
  • '<SYSTEM32>\certutil.exe' -f -addStore root "%TEMP%\is-ITAKA.tmp\BaltimoreCyberTrustRoot.crt"
  • '<SYSTEM32>\attrib.exe' +H +S "K2.png"
  • '<SYSTEM32>\attrib.exe' +H +S "K.png"
  • '%WINDIR%\syswow64\cmd.exe' /Q /C REG IMPORT "%TEMP%\bytyhfkm.reg" > NUL
  • '%WINDIR%\syswow64\reg.exe' IMPORT "%TEMP%\bytyhfkm.reg"
  • '%WINDIR%\syswow64\cmd.exe' /Q /C netsh advfirewall firewall delete rule name="Malwarebytes" > NUL
  • '%WINDIR%\syswow64\netsh.exe' advfirewall firewall delete rule name="Malwarebytes"
  • '<SYSTEM32>\attrib.exe' +H +S "D2.exe"
  • '<SYSTEM32>\attrib.exe' +H +S "Setup.exe"
  • '<SYSTEM32>\attrib.exe' +H +S "T.exe"
  • '<SYSTEM32>\cmd.exe' /Q /C attrib +H +S "D.exe"
  • '<SYSTEM32>\attrib.exe' +H +S "\gecici_proje_klasoru"
  • '<SYSTEM32>\cmd.exe' /Q /C attrib +H +S "Sc2.vbs"
  • '<SYSTEM32>\cmd.exe' /Q /C attrib +H +S "T.exe"
  • '<SYSTEM32>\cmd.exe' /Q /C attrib +H +S "D1.exe"
  • '<SYSTEM32>\cmd.exe' /Q /C attrib +H +S "Durdur.exe"
  • '<SYSTEM32>\cmd.exe' /Q /C attrib +H +S "D2.exe"
  • '<SYSTEM32>\cmd.exe' /Q /C attrib +H +S "Setup.exe"
  • '<SYSTEM32>\cmd.exe' /Q /C attrib +H +S "K2.png"
  • '<SYSTEM32>\cmd.exe' /Q /C attrib +H +S "MBAM Remover 1102.exe"
  • '<SYSTEM32>\cmd.exe' /Q /C attrib +H +S "Hosts.exe"
  • '<SYSTEM32>\cmd.exe' /Q /C attrib +H +S "TR.exe"
  • '<SYSTEM32>\cmd.exe' /Q /C attrib +H +S "M.exe"
  • '<SYSTEM32>\attrib.exe' +H +S "Sc2.vbs"
  • '%WINDIR%\syswow64\cmd.exe' /Q /C RMDIR /S /Q "%ProgramFiles%\Malwarebytes\Anti-Malware" > NUL
  • '<SYSTEM32>\cmd.exe' /Q /C attrib +H +S "K.png"
  • '<SYSTEM32>\certutil.exe' -f -addStore root "%TEMP%\is-ITAKA.tmp\DigiCertEVRoot.crt"

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play