Trojan.MulDrop11.31275

Technical Information

To ensure autorun and distribution

Modifies the following registry keys

[<HKLM>\Software\Classes\malwarebytes\shell\open\command] '' = '"%ProgramFiles%\Malwarebytes\Anti-Malware\assistant.exe" -uri "%1"'

Sets the following service settings

[<HKLM>\System\CurrentControlSet\Services\MBAMService] 'ImagePath' = '"%ProgramFiles%\Malwarebytes\Anti-Malware\mbamservice.exe"'
[<HKLM>\System\CurrentControlSet\Services\MBAMSwissArmy] 'ImagePath' = 'system32\DRIVERS\mbamswissarmy.sys'
[<HKLM>\System\CurrentControlSet\Services\MBAMSwissArmy] 'ImagePath' = '<DRIVERS>\mbamswissarmy.sys'
[<HKLM>\System\CurrentControlSet\Services\MBAMService] 'Start' = '00000002'
[<HKLM>\System\CurrentControlSet\Services\MBAMFarflt] 'ImagePath' = 'system32\DRIVERS\farflt.sys'

Creates the following services

'MBAMService' "%ProgramFiles%\Malwarebytes\Anti-Malware\mbamservice.exe"
'MBAMService' %ProgramFiles%\Malwarebytes\Anti-Malware\mbamservice.exe
'MBAMSwissArmy' system32\DRIVERS\mbamswissarmy.sys
'MBAMSwissArmy' <DRIVERS>\mbamswissarmy.sys
'MBAMFarflt' system32\DRIVERS\farflt.sys

Malicious functions

Executes the following

'<SYSTEM32>\netsh.exe' firewall set opmode enable
'<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="Malwarebytes" dir=out action=block program="%ProgramFiles%\Malwarebytes\Anti-Malware\MBAMService.exe"

Registers file system filter

[<HKLM>\System\CurrentControlSet\Services\MBAMFarflt] 'Group' = 'FSFilter Activity Monitor'

Modifies file system

Creates the following files

%TEMP%\aut190c.tmp
%ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-ugoae.tmp
%ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-di9it.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-jult8.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-81sci.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-kq4i9.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-0qip2.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-gmu72.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-4foua.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-8jreg.tmp
%ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-tfpnk.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-s90ac.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-l7ui0.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-9omu5.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-v2q1e.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-0v5gb.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-psdfp.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-shq4n.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-ko6me.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-459ob.tmp
%ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-dbjho.tmp
%ProgramFiles%\malwarebytes\anti-malware\serviceconfig.json
%TEMP%\mb_errors2656.log
%TEMP%\is-mpdvc.tmp\digicertevroot.crt
%TEMP%\is-mpdvc.tmp\baltimorecybertrustroot.crt
%ProgramFiles%\malwarebytes\anti-malware\unins000.dat
%ProgramFiles%\malwarebytes\anti-malware\unins000.msg
C:\users\public\desktop\malwarebytes.lnk
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\malwarebytes\uninstall malwarebytes.lnk
%ProgramFiles%\malwarebytes\anti-malware\is-nd145.tmp
%ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-ja7oe.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-8a00e.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-2hm9g.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-nqt7v.tmp
%ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-i61c3.tmp
%ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-d93mp.tmp
%ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-dhsfc.tmp
%ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-jedku.tmp
%ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-fhn1m.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-5qmvd.tmp
%ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-fssbm.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-8vsm9.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-tn73v.tmp
<DRIVERS>\is-60rpb.tmp
%ProgramFiles%\malwarebytes\anti-malware\languages\is-pkc79.tmp
%ProgramFiles%\malwarebytes\anti-malware\languages\is-3r2aq.tmp
%ProgramFiles%\malwarebytes\anti-malware\languages\is-3n6li.tmp
%ProgramFiles%\malwarebytes\anti-malware\languages\is-r14vi.tmp
%ProgramFiles%\malwarebytes\anti-malware\languages\is-sc2h7.tmp
%ProgramFiles%\malwarebytes\anti-malware\languages\is-n3qt0.tmp
%ProgramFiles%\malwarebytes\anti-malware\languages\is-edh7d.tmp
%ProgramFiles%\malwarebytes\anti-malware\languages\is-27c25.tmp
%ProgramFiles%\malwarebytes\anti-malware\serviceconfig.json.bak
%ProgramFiles%\malwarebytes\anti-malware\languages\is-871mv.tmp
%ProgramFiles%\malwarebytes\anti-malware\languages\is-1rn19.tmp
%ProgramFiles%\malwarebytes\anti-malware\languages\is-t6qft.tmp
%ProgramFiles%\malwarebytes\anti-malware\languages\is-sheag.tmp
%ProgramFiles%\malwarebytes\anti-malware\languages\is-1ufcs.tmp
%ProgramFiles%\malwarebytes\anti-malware\languages\is-do1tc.tmp
%ProgramFiles%\malwarebytes\anti-malware\languages\is-dqte4.tmp
%ProgramFiles%\malwarebytes\anti-malware\languages\is-uocgb.tmp
%ProgramFiles%\malwarebytes\anti-malware\languages\is-k2851.tmp
%ProgramFiles%\malwarebytes\anti-malware\languages\is-snuhh.tmp
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\malwarebytes\malwarebytes.lnk
%ProgramFiles%\malwarebytes\anti-malware\languages\is-rttlg.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-05ub2.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-elq1f.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-h5hcs.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-pt4de.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-stfuq.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-nu7va.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-3abls.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-80kr1.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-ebhkh.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-l42th.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-pm5ds.tmp
%ProgramFiles%\malwarebytes\anti-malware\languages\is-q9kpa.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-ipstc.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-vmfg8.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-jge5l.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-edcij.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-hrblk.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-c1g5m.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-hsqku.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-b32tc.tmp
%ProgramFiles%\malwarebytes\anti-malware\securityproductinformation.ini
%ALLUSERSPROFILE%\malwarebytes\mbamservice\prot.mbdb
%ALLUSERSPROFILE%\malwarebytes\mbamservice\rdefs.mbdb
%ALLUSERSPROFILE%\malwarebytes\mbamservice\config\spconfigfile.json
%ALLUSERSPROFILE%\malwarebytes\mbamservice\config\aeconfig.json.bak
%ALLUSERSPROFILE%\malwarebytes\mbamservice\config\aeconfig.json
%ALLUSERSPROFILE%\malwarebytes\mbamservice\config\arwcontrollerconfig.json.bak
%ALLUSERSPROFILE%\malwarebytes\mbamservice\config\arwcontrollerconfig.json
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021161414077-usrclass.dat.log1
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021161414077-ntuser.dat.log1
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-06072021161413983-ntuser.dat.log1
%ALLUSERSPROFILE%\malwarebytes\mbamservice\config\spconfigfile.json.bak
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-06072021161413921-ntuser.dat.log1
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021161414077-usrclass.dat
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021161414077-ntuser.dat
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-06072021161413983-ntuser.dat
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-06072021161413921-ntuser.dat
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-06072021161413890-ntuser.dat
%ALLUSERSPROFILE%\malwarebytes\mbamservice\config\mwaccontrollerconfig.json.bak
%ALLUSERSPROFILE%\malwarebytes\mbamservice\config\mwaccontrollerconfig.json
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021161404653-usrclass.dat.log1
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-06072021161413890-ntuser.dat.log1
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-06072021161426620-ntuser.dat
%ProgramFiles%\malwarebytes\anti-malware\languages\is-sqtq1.tmp
%LOCALAPPDATA%\microsoft\windows\history\low\desktop.ini
%ProgramFiles%\malwarebytes\anti-malware\sdk\mwac.tmf
%ProgramFiles%\malwarebytes\anti-malware\sdk\mwac.cat
%ProgramFiles%\malwarebytes\anti-malware\sdk\mwac.inf
%ProgramFiles%\malwarebytes\anti-malware\sdk\mwac.sys
%ALLUSERSPROFILE%\malwarebytes\mbamservice\logs\mbae-default.log
<DRIVERS>\set7ced.tmp
%ProgramFiles%\malwarebytes\anti-malware\sdk\farflt.cat
%ProgramFiles%\malwarebytes\anti-malware\sdk\farflt.inf
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021161404653-ntuser.dat.log1
%ProgramFiles%\malwarebytes\anti-malware\sdk\farflt.sys
%LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\index.dat
%APPDATA%\microsoft\windows\cookies\low\index.dat
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\2hnmy0jl\desktop.ini
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\hl8oye8o\desktop.ini
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\21objmam\desktop.ini
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\x9xiid05\desktop.ini
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\index.dat
%LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\desktop.ini
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\desktop.ini
%ProgramFiles%\malwarebytes\anti-malware\sdk\mbamswissarmy.tmf
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-06072021161404575-ntuser.dat.log1
%ALLUSERSPROFILE%\malwarebytes\mbamservice\config\telemctrlconfig.json
%ALLUSERSPROFILE%\malwarebytes\mbamservice\config\irisdata.json
%ALLUSERSPROFILE%\malwarebytes\mbamservice\config\updatecontrollerconfig.json.bak
%ALLUSERSPROFILE%\malwarebytes\mbamservice\config\updatecontrollerconfig.json
%ALLUSERSPROFILE%\malwarebytes\mbamservice\config\licenseconfig.json.bak
%ALLUSERSPROFILE%\malwarebytes\mbamservice\config\licenseconfig.json
%ALLUSERSPROFILE%\malwarebytes\mbamservice\logs\mbamservice.log
%ProgramFiles%\malwarebytes\anti-malware\mbshlext.dll
%ALLUSERSPROFILE%\malwarebytes\mbamservice\config\policiesconfig.json.bak
%ALLUSERSPROFILE%\malwarebytes\mbamservice\config\cloudconfig.json
%ALLUSERSPROFILE%\malwarebytes\mbamservice\config\policiesconfig.json
%ALLUSERSPROFILE%\malwarebytes\mbamservice\dbmanifest2.dat
%ALLUSERSPROFILE%\malwarebytes\mbamservice\dynconfig.dat
%ALLUSERSPROFILE%\malwarebytes\mbamservice\exclusions.txt
%ALLUSERSPROFILE%\malwarebytes\mbamservice\clean.mbdb
%ALLUSERSPROFILE%\malwarebytes\mbamservice\wprot2.mbdb
%ALLUSERSPROFILE%\malwarebytes\mbamservice\tids.mbdb
%ALLUSERSPROFILE%\malwarebytes\mbamservice\scan.mbdb
%ALLUSERSPROFILE%\malwarebytes\mbamservice\rules.mbdb
%ALLUSERSPROFILE%\malwarebytes\mbamservice\mbdigsig2.dat
%ProgramFiles%\malwarebytes\anti-malware\sdk\mbamchameleon.sys
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-06072021161404450-ntuser.dat.log1
%ALLUSERSPROFILE%\malwarebytes\mbamservice\config\telemctrlconfig.json.bak
%WINDIR%\temp\udd2be0.tmp
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021161404653-usrclass.dat
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021161404653-ntuser.dat
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-06072021161404575-ntuser.dat
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-06072021161404481-ntuser.dat
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-06072021161404450-ntuser.dat
%ALLUSERSPROFILE%\malwarebytes\mbamservice\config\rtpconfig.json.bak
%ALLUSERSPROFILE%\malwarebytes\mbamservice\config\rtpconfig.json
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-06072021161404481-ntuser.dat.log1
<DRIVERS>\set203c.tmp
%ProgramFiles%\malwarebytes\anti-malware\sdk\mbamswissarmy.cat
%ProgramFiles%\malwarebytes\anti-malware\sdk\mbamswissarmy.inf
%ProgramFiles%\malwarebytes\anti-malware\sdk\mbamswissarmy.sys
%ALLUSERSPROFILE%\malwarebytes\mbamservice\config\scanconfig.json.bak
%ALLUSERSPROFILE%\malwarebytes\mbamservice\config\scanconfig.json
%ALLUSERSPROFILE%\malwarebytes\mbamservice\config\cleancontrollerconfig.json.bak
%ALLUSERSPROFILE%\malwarebytes\mbamservice\config\cleancontrollerconfig.json
%ALLUSERSPROFILE%\malwarebytes\mbamservice\config\telemetry.json
%ALLUSERSPROFILE%\malwarebytes\mbamservice\config\cloudconfig.json.bak
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\desktop.ini
%ProgramFiles%\malwarebytes\anti-malware\languages\is-jelm2.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-vr5a6.tmp
%ProgramFiles%\malwarebytes\anti-malware\iconengines\is-t7ah0.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtwinextras\is-2qrg5.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtwinextras\is-cmtue.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtwinextras\is-1j5ji.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-qbl1q.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-ulcgu.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-rm6sq.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-k0nrq.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-3asl1.tmp
%ProgramFiles%\malwarebytes\anti-malware\imageformats\is-so8g3.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-flh5d.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-t4tsh.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-90apk.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-bj3jm.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-gocmi.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-4jcev.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-qnad3.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-rclj9.tmp
%TEMP%\is-mpdvc.tmp\innocallback.dll
%ProgramFiles%\malwarebytes\anti-malware\platforms\is-5rsff.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-4hmpt.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-4a7le.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-ak6pq.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\styles\flat\is-8hi8h.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\styles\flat\is-f9rlt.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\is-7m8t8.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\is-q5hb5.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\is-gp5pd.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-mjto6.tmp
%ProgramFiles%\malwarebytes\anti-malware\imageformats\is-3i5uf.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\is-0odjt.tmp
%ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\is-ecp5b.tmp
%ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\is-7cvef.tmp
%ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\is-k2vsv.tmp
%ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\is-4t4ka.tmp
%ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\is-pgivk.tmp
%ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\is-do8rh.tmp
%ProgramFiles%\malwarebytes\anti-malware\styles\is-cs1bc.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\is-tlva0.tmp
%ProgramFiles%\malwarebytes\anti-malware\scenegraph\is-dncgj.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-fttie.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-g7m0b.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-l339v.tmp
C:\gecici_proje_klasoru\e.link.exe
C:\gecici_proje_klasoru\r.reg
%TEMP%\aut5f85.tmp
C:\gecici_proje_klasoru\mГ§ik.exe
%TEMP%\aut58d0.tmp
C:\gecici_proje_klasoru\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11402.exe
%TEMP%\aut4417.tmp
C:\gecici_proje_klasoru\m.exe
%ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-do0jf.tmp
C:\gecici_proje_klasoru\si̇l.bat
%TEMP%\aut4000.tmp
C:\gecici_proje_klasoru\2.exe
%TEMP%\aut3101.tmp
C:\gecici_proje_klasoru\1.exe
%TEMP%\aut1b01.tmp
C:\gecici_proje_klasoru\klp.png
%TEMP%\aut1a06.tmp
C:\gecici_proje_klasoru\grey.gif
%TEMP%\aut4261.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\is-0foqm.tmp
%TEMP%\aut6236.tmp
nul
C:\gecici_proje_klasoru\si̇l.exe
%ProgramFiles%\malwarebytes\anti-malware\is-8s61o.tmp
%TEMP%\is-mpdvc.tmp\mb-header-options100.bmp
%TEMP%\is-mpdvc.tmp\mb-work-image100.bmp
%TEMP%\is-mpdvc.tmp\mb-personal-image100.bmp
%TEMP%\is-mpdvc.tmp\mb-header100.bmp
%TEMP%\is-mpdvc.tmp\malwarebytes_privacypolicy.htm
%TEMP%\is-mpdvc.tmp\malwarebytes_enduserlicenseagreement.htm
%TEMP%\69ba.tmp\sГЅl.bat
%TEMP%\is-mpdvc.tmp\languages.txt
%TEMP%\aut60dd.tmp
%TEMP%\is-mpdvc.tmp\suhlpr.dll
%TEMP%\is-mpdvc.tmp\_isetup\_shfoldr.dll
%TEMP%\is-mpdvc.tmp\_isetup\_setup64.tmp
%TEMP%\setup log 2021-06-07 #001.txt
%TEMP%\is-usgp0.tmp\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11402.tmp
%ALLUSERSPROFILE%\mb2migration\exclusions.dat
%ALLUSERSPROFILE%\mb2migration\configuration\license.conf
%TEMP%\mb_setup2060.log
%ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-p7g3j.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-osu5b.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-s9f4d.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-fl0f6.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-jqdvd.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-7b35t.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-66re8.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-jdbl5.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-oboh6.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-jl87l.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-tvhgp.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-unjfd.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-5jli9.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-jo3e6.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-6594a.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-q7q2p.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-58nbh.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-jljvn.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-13da0.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-9406t.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-k5s6h.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-6tqaq.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-37ugi.tmp
%ProgramFiles%\malwarebytes\anti-malware\languages\is-jlara.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-6e184.tmp
%ProgramFiles%\malwarebytes\anti-malware\languages\is-2mapd.tmp
%ProgramFiles%\malwarebytes\anti-malware\languages\is-ur1ku.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-lvk7m.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-e6qe3.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-2ef1r.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-hi7c1.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-aceln.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-lsqhg.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-8s16h.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-j38tg.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-pmt9k.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-7rhcg.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-dr0qn.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-f6qbq.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-6h2bm.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-85tqa.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-qtrbm.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-l2jr0.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-pib6l.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\is-9v3bs.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-1tan5.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-dolvj.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\is-ot16r.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\is-5lqtu.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-f8dej.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-ph44v.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-ilrh3.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-5pj0j.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-8gagh.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-f8qap.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\is-bpn0l.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-vol59.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-09dnv.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-brmr8.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-m7ibi.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-hsq3s.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-oedn6.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-uqsjm.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-eeog8.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-bd1f0.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-2haeq.tmp
%ProgramFiles%\malwarebytes\anti-malware\languages\is-o3ur1.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-4co35.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-4s127.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-iocgr.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-nbpl1.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-magv4.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick.2\is-o4msj.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick.2\is-tq3gu.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick.2\is-tn80r.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\is-iqj7m.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\is-vrr23.tmp
%ProgramFiles%\malwarebytes\anti-malware\is-gcs2u.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\is-5nht1.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\is-hbacs.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\is-8inmu.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\is-r3jfd.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\is-8u2rb.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\is-3fj2v.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-qdaib.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-p4669.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-krh8h.tmp
%ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-vps3u.tmp
<DRIVERS>\set8103.tmp

Sets the 'hidden' attribute to the following files

%LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\desktop.ini
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\desktop.ini
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\x9xiid05\desktop.ini
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\21objmam\desktop.ini
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\hl8oye8o\desktop.ini
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\2hnmy0jl\desktop.ini
%LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\desktop.ini

Deletes the following files

%TEMP%\aut190c.tmp
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-06072021161404481-ntuser.dat.log1
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-06072021161404575-ntuser.dat
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-06072021161404575-ntuser.dat.log1
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021161404653-ntuser.dat
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021161404653-ntuser.dat.log1
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021161404653-usrclass.dat
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021161404653-usrclass.dat.log1
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-06072021161413890-ntuser.dat
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-06072021161413890-ntuser.dat.log1
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-06072021161413921-ntuser.dat
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-06072021161413921-ntuser.dat.log1
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-06072021161413983-ntuser.dat
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-06072021161413983-ntuser.dat.log1
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021161414077-ntuser.dat.log1
%TEMP%\is-mpdvc.tmp\_isetup\_shfoldr.dll
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021161414077-usrclass.dat
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021161414077-usrclass.dat.log1
%ALLUSERSPROFILE%\mb2migration\configuration\license.conf
%ALLUSERSPROFILE%\mb2migration\exclusions.dat
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-06072021161426620-ntuser.dat
%TEMP%\is-mpdvc.tmp\baltimorecybertrustroot.crt
%TEMP%\is-mpdvc.tmp\digicertevroot.crt
%TEMP%\is-mpdvc.tmp\innocallback.dll
%TEMP%\is-mpdvc.tmp\languages.txt
%TEMP%\is-mpdvc.tmp\malwarebytes_enduserlicenseagreement.htm
%TEMP%\is-mpdvc.tmp\malwarebytes_privacypolicy.htm
%TEMP%\is-mpdvc.tmp\suhlpr.dll
%TEMP%\is-mpdvc.tmp\_isetup\_setup64.tmp
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-06072021161404481-ntuser.dat
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1960123792-2022915161-3775307078-1001-06072021161414077-ntuser.dat
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-06072021161404450-ntuser.dat.log1
%TEMP%\is-mpdvc.tmp\mb-header-options100.bmp
%TEMP%\aut1a06.tmp
%TEMP%\aut1b01.tmp
%TEMP%\aut3101.tmp
%TEMP%\aut4000.tmp
%TEMP%\aut4261.tmp
%TEMP%\aut4417.tmp
%TEMP%\aut58d0.tmp
%TEMP%\aut5f85.tmp
%TEMP%\aut60dd.tmp
%TEMP%\aut6236.tmp
%TEMP%\is-mpdvc.tmp\mb-header100.bmp
%TEMP%\is-mpdvc.tmp\mb-personal-image100.bmp
%TEMP%\is-mpdvc.tmp\mb-work-image100.bmp
%ProgramFiles%\malwarebytes\anti-malware\languages\lang_es.qm
%WINDIR%\temp\udd2be0.tmp
%ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\clean.mbdb
%ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\dbmanifest2.dat
%ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\dynconfig.dat
%ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\exclusions.txt
%ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\mbdigsig2.dat
%ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\prot.mbdb
%ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\rdefs.mbdb
%ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\rules.mbdb
%ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\scan.mbdb
%ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\tids.mbdb
%ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\wprot2.mbdb
%ALLUSERSPROFILE%\malwarebytes\mbamservice\pkgvers.dat
%ALLUSERSPROFILE%\malwarebytes\mbamservice\version.dat
%ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-06072021161404450-ntuser.dat
%TEMP%\is-usgp0.tmp\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11402.tmp

Moves the following files

from %ProgramFiles%\malwarebytes\anti-malware\is-8s61o.tmp to %ProgramFiles%\malwarebytes\anti-malware\unins000.exe
from %ProgramFiles%\malwarebytes\anti-malware\languages\is-uocgb.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_pl.qm
from %ProgramFiles%\malwarebytes\anti-malware\languages\is-dqte4.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_pt_br.qm
from %ProgramFiles%\malwarebytes\anti-malware\languages\is-do1tc.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_pt_pt.qm
from %ProgramFiles%\malwarebytes\anti-malware\languages\is-1ufcs.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_ru.qm
from %ProgramFiles%\malwarebytes\anti-malware\languages\is-t6qft.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_sv.qm
from %ProgramFiles%\malwarebytes\anti-malware\languages\is-1rn19.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_da.qm
from %ProgramFiles%\malwarebytes\anti-malware\languages\is-pkc79.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_no.qm
from %ProgramFiles%\malwarebytes\anti-malware\languages\is-snuhh.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_fi.qm
from %ProgramFiles%\malwarebytes\anti-malware\languages\is-27c25.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_ja.qm
from %ProgramFiles%\malwarebytes\anti-malware\languages\is-sqtq1.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_it.qm
from %ProgramFiles%\malwarebytes\anti-malware\languages\is-k2851.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_nl.qm
from %ProgramFiles%\malwarebytes\anti-malware\languages\is-edh7d.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_hu.qm
from %ProgramFiles%\malwarebytes\anti-malware\languages\is-r14vi.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_ko.qm
from %ProgramFiles%\malwarebytes\anti-malware\languages\is-3n6li.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_ro.qm
from %ProgramFiles%\malwarebytes\anti-malware\languages\is-3r2aq.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_hr.qm
from %ProgramFiles%\malwarebytes\anti-malware\languages\is-q9kpa.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_sl.qm
from %ProgramFiles%\malwarebytes\anti-malware\languages\is-871mv.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_sk.qm
from %ProgramFiles%\malwarebytes\anti-malware\languages\is-rttlg.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_bg.qm
from %ProgramFiles%\malwarebytes\anti-malware\is-elq1f.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbamwsc.exe
from %ProgramFiles%\malwarebytes\anti-malware\is-l42th.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbamservice.exe
from %ProgramFiles%\malwarebytes\anti-malware\is-05ub2.tmp to %ProgramFiles%\malwarebytes\anti-malware\arwcontrollerimpl.dll
from %ProgramFiles%\malwarebytes\anti-malware\languages\is-n3qt0.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_cs.qm
from %ProgramFiles%\malwarebytes\anti-malware\languages\is-sc2h7.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_zh_tw.qm
from %ProgramFiles%\malwarebytes\anti-malware\languages\is-jelm2.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_fr.qm
from %ProgramFiles%\malwarebytes\anti-malware\languages\is-o3ur1.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_de.qm
from %ProgramFiles%\malwarebytes\anti-malware\is-c1g5m.tmp to %ProgramFiles%\malwarebytes\anti-malware\cloudcontrollerimpl.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-pib6l.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-timezone-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-vr5a6.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-util-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-6e184.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-xstate-l2-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-l2jr0.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-conio-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-qtrbm.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-convert-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-85tqa.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-environment-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-6h2bm.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-filesystem-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-f6qbq.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-heap-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-dr0qn.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-locale-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-7rhcg.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-math-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-pmt9k.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-multibyte-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-37ugi.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-private-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-j38tg.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-process-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-lsqhg.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-runtime-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-aceln.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-stdio-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-hi7c1.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-string-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-2ef1r.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-time-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-e6qe3.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-utility-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-lvk7m.tmp to %ProgramFiles%\malwarebytes\anti-malware\ucrtbase.dll
from %ProgramFiles%\malwarebytes\anti-malware\languages\is-ur1ku.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_en_gb.qm
from %ProgramFiles%\malwarebytes\anti-malware\languages\is-2mapd.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_en_us.qm
from %ProgramFiles%\malwarebytes\anti-malware\is-hsqku.tmp to %ProgramFiles%\malwarebytes\anti-malware\cleancontrollerimpl.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-fl0f6.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-synch-l1-2-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\languages\is-jlara.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_es.qm
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\is-5nht1.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\plugins.qmltypes
from %ProgramFiles%\malwarebytes\anti-malware\is-hrblk.tmp to %ProgramFiles%\malwarebytes\anti-malware\licensecontrollerimpl.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-gmu72.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbampt.exe
from %ProgramFiles%\malwarebytes\anti-malware\is-0qip2.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbae.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-kq4i9.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbamelam.sys
from %ProgramFiles%\malwarebytes\anti-malware\is-81sci.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbamelam.cat
from %ProgramFiles%\malwarebytes\anti-malware\is-jult8.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbamelam.inf
from %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-di9it.tmp to %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\clean.mbdb
from %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-ugoae.tmp to %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\prot.mbdb
from %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-ja7oe.tmp to %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\rdefs.mbdb
from %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-tfpnk.tmp to %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\rules.mbdb
from %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-dbjho.tmp to %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\scan.mbdb
from %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-fssbm.tmp to %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\tids.mbdb
from %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-fhn1m.tmp to %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\wprot2.mbdb
from %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-jedku.tmp to %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\exclusions.txt
from %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-dhsfc.tmp to %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\dynconfig.dat
from %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-d93mp.tmp to %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\dbmanifest2.dat
from %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-i61c3.tmp to %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\mbdigsig2.dat
from %ProgramFiles%\malwarebytes\anti-malware\is-nqt7v.tmp to %ProgramFiles%\malwarebytes\anti-malware\pkgvers.dat
from %ProgramFiles%\malwarebytes\anti-malware\is-2hm9g.tmp to %ProgramFiles%\malwarebytes\anti-malware\version.dat
from %ProgramFiles%\malwarebytes\anti-malware\is-8a00e.tmp to %ProgramFiles%\malwarebytes\anti-malware\7z.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-5qmvd.tmp to %ProgramFiles%\malwarebytes\anti-malware\zlib.dll
from %ProgramFiles%\malwarebytes\anti-malware\pkgvers.dat to %ALLUSERSPROFILE%\malwarebytes\mbamservice\pkgvers.dat
from %ProgramFiles%\malwarebytes\anti-malware\version.dat to %ALLUSERSPROFILE%\malwarebytes\mbamservice\version.dat
from <DRIVERS>\set203c.tmp to <DRIVERS>\mbamswissarmy.sys
from %ProgramFiles%\malwarebytes\anti-malware\is-4foua.tmp to %ProgramFiles%\malwarebytes\anti-malware\selfprotectionsdk.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-jqdvd.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-synch-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-unjfd.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-sysinfo-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-s90ac.tmp to %ProgramFiles%\malwarebytes\anti-malware\rtpshim.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-jge5l.tmp to %ProgramFiles%\malwarebytes\anti-malware\policiescontrollerimpl.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-vmfg8.tmp to %ProgramFiles%\malwarebytes\anti-malware\rtpcontrollerimpl.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-ipstc.tmp to %ProgramFiles%\malwarebytes\anti-malware\scancontrollerimpl.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-459ob.tmp to %ProgramFiles%\malwarebytes\anti-malware\telemetrycontrollerimpl.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-b32tc.tmp to %ProgramFiles%\malwarebytes\anti-malware\aecontrollerimpl.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-pm5ds.tmp to %ProgramFiles%\malwarebytes\anti-malware\updatecontrollerimpl.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-ebhkh.tmp to %ProgramFiles%\malwarebytes\anti-malware\spcontrollerimpl.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-80kr1.tmp to %ProgramFiles%\malwarebytes\anti-malware\actions.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-3abls.tmp to %ProgramFiles%\malwarebytes\anti-malware\actionsshim.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-nu7va.tmp to %ProgramFiles%\malwarebytes\anti-malware\browsersdkdll.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-stfuq.tmp to %ProgramFiles%\malwarebytes\anti-malware\browsersdkdllshim.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-pt4de.tmp to %ProgramFiles%\malwarebytes\anti-malware\aeshim.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-h5hcs.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbae64.dll
from <DRIVERS>\is-60rpb.tmp to <DRIVERS>\mbae64.sys
from %ProgramFiles%\malwarebytes\anti-malware\is-tn73v.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbae-api-na.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-8vsm9.tmp to %ProgramFiles%\malwarebytes\anti-malware\arwsdkshim.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-nd145.tmp to %ProgramFiles%\malwarebytes\anti-malware\arwlib.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-shq4n.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbamshim.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-psdfp.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbamcore.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-0v5gb.tmp to %ProgramFiles%\malwarebytes\anti-malware\mwacsdkshim.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-v2q1e.tmp to %ProgramFiles%\malwarebytes\anti-malware\mwaclib.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-9omu5.tmp to %ProgramFiles%\malwarebytes\anti-malware\swissarmyshim.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-l7ui0.tmp to %ProgramFiles%\malwarebytes\anti-malware\swissarmy.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-8jreg.tmp to %ProgramFiles%\malwarebytes\anti-malware\rtp.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-edcij.tmp to %ProgramFiles%\malwarebytes\anti-malware\mwaccontrollerimpl.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-7b35t.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-string-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-66re8.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-rtlsupport-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-jdbl5.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-profile-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\is-k2vsv.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\plugins.qmltypes
from %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\is-7cvef.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\qmldir
from %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\is-ecp5b.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\qmlsettingsplugin.dll
from %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\is-0odjt.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\modelsplugin.dll
from %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\is-tlva0.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\plugins.qmltypes
from %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\is-0foqm.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\qmldir
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\is-gp5pd.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\plugins.qmltypes
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\is-q5hb5.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\qmldir
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\is-7m8t8.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\qtquickcontrolsplugin.dll
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\styles\flat\is-f9rlt.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\styles\flat\qmldir
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\styles\flat\is-8hi8h.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\styles\flat\qtquickextrasflatplugin.dll
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-ak6pq.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\defaultcolordialog.qml
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-4a7le.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\defaultdialogwrapper.qml
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-4hmpt.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\defaultfiledialog.qml
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-do0jf.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\defaultfontdialog.qml
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-p7g3j.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\defaultmessagedialog.qml
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-osu5b.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\dialogplugin.dll
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-s9f4d.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\plugins.qmltypes
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-bd1f0.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qmldir
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-eeog8.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\widgetcolordialog.qml
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-uqsjm.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\widgetfiledialog.qml
from %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\is-do8rh.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\plugins.qmltypes
from %ProgramFiles%\malwarebytes\anti-malware\scenegraph\is-dncgj.tmp to %ProgramFiles%\malwarebytes\anti-malware\scenegraph\qsgd3d12backend.dll
from %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\is-4t4ka.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dll
from <DRIVERS>\set7ced.tmp to <DRIVERS>\farflt.sys
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-oedn6.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\widgetfontdialog.qml
from %ProgramFiles%\malwarebytes\anti-malware\platforms\is-5rsff.tmp to %ProgramFiles%\malwarebytes\anti-malware\platforms\qwindows.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-g7m0b.tmp to %ProgramFiles%\malwarebytes\anti-malware\suhlpr.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-fttie.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbam.exe
from %ProgramFiles%\malwarebytes\anti-malware\is-mjto6.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbamtray.exe
from %ProgramFiles%\malwarebytes\anti-malware\is-qnad3.tmp to %ProgramFiles%\malwarebytes\anti-malware\assistant.exe
from %ProgramFiles%\malwarebytes\anti-malware\is-4jcev.tmp to %ProgramFiles%\malwarebytes\anti-malware\malwarebytes_assistant.exe
from %ProgramFiles%\malwarebytes\anti-malware\is-gocmi.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbamwow.exe
from %ProgramFiles%\malwarebytes\anti-malware\is-bj3jm.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbshlext_proto
from %ProgramFiles%\malwarebytes\anti-malware\is-90apk.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbcut.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-t4tsh.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt5core.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-flh5d.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt5gui.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-l339v.tmp to %ProgramFiles%\malwarebytes\anti-malware\changes.txt
from %ProgramFiles%\malwarebytes\anti-malware\is-3asl1.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt5network.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-k0nrq.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt5quick.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-rm6sq.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt5svg.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-ulcgu.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt5widgets.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-qbl1q.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt5winextras.dll
from %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\is-1j5ji.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\plugins.qmltypes
from %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\is-cmtue.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\qmldir
from %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\is-2qrg5.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\qml_winextras.dll
from %ProgramFiles%\malwarebytes\anti-malware\iconengines\is-t7ah0.tmp to %ProgramFiles%\malwarebytes\anti-malware\iconengines\qsvgicon.dll
from %ProgramFiles%\malwarebytes\anti-malware\imageformats\is-3i5uf.tmp to %ProgramFiles%\malwarebytes\anti-malware\imageformats\qico.dll
from %ProgramFiles%\malwarebytes\anti-malware\imageformats\is-so8g3.tmp to %ProgramFiles%\malwarebytes\anti-malware\imageformats\qsvg.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-rclj9.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt5qml.dll
from %ProgramFiles%\malwarebytes\anti-malware\styles\is-cs1bc.tmp to %ProgramFiles%\malwarebytes\anti-malware\styles\qwindowsvistastyle.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-ko6me.tmp to %ProgramFiles%\malwarebytes\anti-malware\selfprotectionshim.dll
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-hsq3s.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\widgetmessagedialog.qml
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-09dnv.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\copy.png
from %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\is-tq3gu.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\qmldir
from %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\is-o4msj.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\qtquick2plugin.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-magv4.tmp to %ProgramFiles%\malwarebytes\anti-malware\msvcp140.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-nbpl1.tmp to %ProgramFiles%\malwarebytes\anti-malware\vcruntime140.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-iocgr.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-console-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-4co35.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-console-l1-2-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-gcs2u.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-datetime-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-1tan5.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-debug-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-8s16h.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-errorhandling-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-k5s6h.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-file-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-9406t.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-file-l1-2-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-13da0.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-file-l2-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-jljvn.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-handle-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-58nbh.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-heap-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-q7q2p.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-interlocked-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-6594a.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-libraryloader-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-jo3e6.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-localization-l1-2-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-6tqaq.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-memory-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-5jli9.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-namedpipe-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-tvhgp.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-processenvironment-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-jl87l.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-processthreads-l1-1-0.dll
from %ProgramFiles%\malwarebytes\anti-malware\is-oboh6.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-processthreads-l1-1-1.dll
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-m7ibi.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\checkers.png
from %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\is-tn80r.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\plugins.qmltypes
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-brmr8.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\checkmark.png
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\is-iqj7m.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\windowplugin.dll
from %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\is-pgivk.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\qmldir
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-2haeq.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\critical.png
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-vol59.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\crosshairs.png
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-f8qap.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\information.png
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-8gagh.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\question.png
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-5pj0j.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\slider_handle.png
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-ilrh3.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\sunken_frame.png
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-ph44v.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\warning.png
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-f8dej.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\window_border.png
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\is-5lqtu.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\dialogsprivateplugin.dll
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\is-ot16r.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\plugins.qmltypes
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\is-bpn0l.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\qmldir
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-vps3u.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\colorslider.qml
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-dolvj.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\defaultwindowdecoration.qml
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-4s127.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\iconbuttonstyle.qml
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-krh8h.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\iconglyph.qml
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-p4669.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\icons.ttf
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-qdaib.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\qmldir
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\is-3fj2v.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\plugins.qmltypes
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\is-8u2rb.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\qmldir
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\is-r3jfd.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\qquicklayoutsplugin.dll
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\is-8inmu.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\plugins.qmltypes
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\is-hbacs.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\qmldir
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\is-9v3bs.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\widgetsplugin.dll
from %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\is-vrr23.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\qmldir
from <DRIVERS>\set8103.tmp to <DRIVERS>\mwac.sys

Substitutes the following files

%TEMP%\is-mpdvc.tmp\mb-header100.bmp
%ProgramFiles%\malwarebytes\anti-malware\languages\lang_es.qm

Modifies the HOSTS file.

Network activity

Connects to

'te######y.malwarebytes.com':443
'localhost':443

UDP

DNS ASK te######y.malwarebytes.com

Miscellaneous

Adds a root certificate

Searches for the following windows

ClassName: 'EDIT' WindowName: ''

Creates and executes the following

'C:\gecici_proje_klasoru\si̇l.exe'
'C:\gecici_proje_klasoru\m.exe'
'C:\gecici_proje_klasoru\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11402.exe' /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
'%TEMP%\is-usgp0.tmp\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11402.tmp' /SL5="$D0214,63820596,239616,C:\gecici_proje_klasoru\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11402.exe" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
'%ProgramFiles%\malwarebytes\anti-malware\mbamservice.exe' /service
'%ProgramFiles%\malwarebytes\anti-malware\mbamservice.exe'
'%ProgramFiles%\malwarebytes\anti-malware\mbamtray.exe'
'C:\gecici_proje_klasoru\mГ§ik.exe'
'<SYSTEM32>\cmd.exe' /c "%TEMP%\69BA.tmp\SГќL.bat C:\gecici_proje_klasoru\SIL.exe"' (with hidden window)
'<SYSTEM32>\certutil.exe' -f -addStore root "%TEMP%\is-MPDVC.tmp\BaltimoreCyberTrustRoot.crt"' (with hidden window)
'<SYSTEM32>\certutil.exe' -f -addStore root "%TEMP%\is-MPDVC.tmp\DigiCertEVRoot.crt"' (with hidden window)
'%ProgramFiles%\malwarebytes\anti-malware\mbamservice.exe' /service' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "%TEMP%\DBBE.tmp\MГ‡IK.bat C:\gecici_proje_klasoru\MГ‡IK.exe"' (with hidden window)

Executes the following

'<SYSTEM32>\cmd.exe' /c "%TEMP%\69BA.tmp\SГќL.bat C:\gecici_proje_klasoru\SIL.exe"
'<SYSTEM32>\ping.exe' 127.0.0.1 -n 4
'<SYSTEM32>\netsh.exe' advfirewall reset
'<SYSTEM32>\attrib.exe' -r <DRIVERS>\etc\hosts
'<SYSTEM32>\find.exe' /C /I "keystone.mwbsys.com" <DRIVERS>\etc\hosts
'<SYSTEM32>\certutil.exe' -f -addStore root "%TEMP%\is-MPDVC.tmp\BaltimoreCyberTrustRoot.crt"
'<SYSTEM32>\certutil.exe' -f -addStore root "%TEMP%\is-MPDVC.tmp\DigiCertEVRoot.crt"
'%WINDIR%\syswow64\rundll32.exe' "%WINDIR%\syswow64\WININET.dll",DispatchAPICall 1
'<SYSTEM32>\cmd.exe' /c "%TEMP%\DBBE.tmp\MГ‡IK.bat C:\gecici_proje_klasoru\MГ‡IK.exe"
'<SYSTEM32>\ping.exe' 127.0.0.1 -n 30

TECHNOLOGIES

TERMINOLOGIE

COURS ET EDU

MYTHES

Technical Information

Recommandations pour le traitement

Free trial