PARA USUARIOS

Cerrar

Mi biblioteca
Mi biblioteca

+ Añadir a la biblioteca

Buscar
Buscar

Soporte
Soporte 24 horas | Normas de contactar

Escribir

una solicitud al rellenar un formulario

Llamar

+7 (495) 789-45-86

Foro

Sus solicitudes

Crear una nueva solicitud

Llamar

+7 (495) 789-45-86

Perfil

ES

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Cerrar
Servicios
Escáneres
Dr.Web vxCube
Demo
Biblioteca de virus
Base de conocimiento

Tecnologías

Términos

Formación y educación

Mitos

Noticias

Trojan.Siggen21.29081

Added to the Dr.Web virus database: 2023-09-15

Virus description added:

Technical Information

To ensure autorun and distribution
Modifies the following registry keys
  • [HKLM\Software\Classes\malwarebytes\shell\open\command] '' = '"%ProgramFiles%\Malwarebytes\Anti-Malware\assistant.exe" -uri "%1"'
Sets the following service settings
  • [HKLM\System\CurrentControlSet\Services\MBAMService] 'ImagePath' = '"%ProgramFiles%\Malwarebytes\Anti-Malware\mbamservice.exe"'
  • [HKLM\System\CurrentControlSet\Services\MBAMSwissArmy] 'ImagePath' = 'system32\DRIVERS\mbamswissarmy.sys'
  • [HKLM\System\CurrentControlSet\Services\MBAMSwissArmy] 'ImagePath' = '<DRIVERS>\mbamswissarmy.sys'
  • [HKLM\System\CurrentControlSet\Services\MBAMService] 'Start' = '00000002'
Creates the following services
  • 'MBAMService' "%ProgramFiles%\Malwarebytes\Anti-Malware\mbamservice.exe"
  • 'MBAMService' %ProgramFiles%\Malwarebytes\Anti-Malware\mbamservice.exe
  • 'MBAMSwissArmy' system32\DRIVERS\mbamswissarmy.sys
  • 'MBAMSwissArmy' <DRIVERS>\mbamswissarmy.sys
Malicious functions
Hooks functions
in browsers
  • firefox.exe process, wininet.dll module
  • firefox.exe process, urlmon.dll module
Modifies file system
Creates the following files
  • %TEMP%\43wy8996.bat
  • %ProgramFiles%\malwarebytes\anti-malware\is-q1965.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-vmfpl.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-s837p.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-fu6j2.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-ja9cp.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-dcf5v.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-3g2vl.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-4gi18.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-hapg7.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-k9382.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-9kq0k.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-d0l51.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-6rbvn.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-db7m5.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-notag.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-8krj0.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-af3ui.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-km8ah.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-eosjv.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-t8tr3.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-94f3v.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-38j3d.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-lrn5f.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-0cju2.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-bn7gr.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-9buvr.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-n796e.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-f6atq.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-fv1tu.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-0deiq.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-740fk.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-769c8.tmp
  • <DRIVERS>\is-scfnq.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-j6cfp.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-rr2u1.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-et95a.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-gjbn1.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-8prh1.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-e42ms.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-dn5t9.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-rm6iq.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-cdgkp.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-ccljd.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-pt2cd.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-165me.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-594ta.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-3uv0u.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-q3aet.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-b1fr5.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-u9rrq.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-c76cb.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-favr7.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-d3a32.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-36sv8.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-av1vs.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-lkf59.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-jfe51.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-l3j9q.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-e9q6k.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-45v01.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-1qbqv.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-uhrvj.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-ul1jj.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-p0aie.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-pugel.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-7fda5.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-tlus0.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-ubo0n.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-f6qp3.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-18k57.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-js493.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-lksj4.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\is-o8r3p.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\is-3qmli.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\is-orpo6.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\is-5eulu.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-6pc64.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-k5t15.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-rv21u.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-khrb3.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-5cd31.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\is-hrfd9.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-tgi2v.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-ne73i.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-0ilfn.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-rdrbj.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-t4ov7.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-jleg7.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-b7ljl.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-um5bd.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-9qg5d.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-i8i8e.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-gikt3.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-ddqls.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-70btm.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-29r7g.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-7epua.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-bce8a.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-qn1kc.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-7kosk.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-qepdh.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-in2jv.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-7k9pn.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-fq851.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-2pn9o.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-cq4h6.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-jir0k.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-09152023190013173-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-09152023190012738-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1238866942-1249195528-555854008-1000-09152023190014161-usrclass.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1238866942-1249195528-555854008-1000-09152023190014161-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-09152023190013769-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-09152023190013173-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-09152023190012738-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\rtpconfig.json.bak
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\rtpconfig.json
  • %WINDIR%\temp\udde9f1.tmp
  • <DRIVERS>\sete57e.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\sdk\mbamswissarmy.tmf
  • %ProgramFiles%\malwarebytes\anti-malware\sdk\mbamswissarmy.cat
  • %ProgramFiles%\malwarebytes\anti-malware\sdk\mbamswissarmy.inf
  • %ProgramFiles%\malwarebytes\anti-malware\sdk\mbamswissarmy.sys
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\scanconfig.json.bak
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\scanconfig.json
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\cleancontrollerconfig.json.bak
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\cleancontrollerconfig.json
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\telemetry.json
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\telemctrlconfig.json.bak
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\telemctrlconfig.json
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\cloudconfig.json.bak
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-09152023190013769-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1238866942-1249195528-555854008-1000-09152023190014161-usrclass.dat.log1
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\is-2vaei.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\mwaccontrollerconfig.json
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\index.dat
  • <DRIVERS>\set63b3.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\sdk\mbamchameleon.tmf
  • %ProgramFiles%\malwarebytes\anti-malware\sdk\mbamchameleon.cat
  • %ProgramFiles%\malwarebytes\anti-malware\sdk\mbamchameleon.inf
  • %ProgramFiles%\malwarebytes\anti-malware\sdk\mbamchameleon.sys
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\spconfigfile.json.bak
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\spconfigfile.json
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\aeconfig.json.bak
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\aeconfig.json
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\arwcontrollerconfig.json.bak
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\arwcontrollerconfig.json
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1238866942-1249195528-555854008-1000-09152023190025586-usrclass.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1238866942-1249195528-555854008-1000-09152023190025586-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-09152023190025456-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-09152023190022104-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-09152023190021544-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1238866942-1249195528-555854008-1000-09152023190025586-usrclass.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1238866942-1249195528-555854008-1000-09152023190025586-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-09152023190025456-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-09152023190022104-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-09152023190021544-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\mwaccontrollerconfig.json.bak
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\cloudconfig.json
  • %ProgramFiles%\malwarebytes\anti-malware\unins000.msg
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\irisdata.json
  • C:\users\public\desktop\malwarebytes.lnk
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\malwarebytes\malwarebytes.lnk
  • %ProgramFiles%\malwarebytes\anti-malware\is-0r65l.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-ehg4t.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-e23qd.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-stveh.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-qqegk.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-hdukg.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-8ktog.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-84i6o.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-9km8f.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-8pvml.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-mp1n5.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-ncv8m.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-duv5e.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-ssbml.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-s0voh.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-eml1i.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-3543q.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-h2pjn.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-5pe2v.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-829il.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-2or3r.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-vhp14.tmp
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\malwarebytes\uninstall malwarebytes.lnk
  • %APPDATA%\microsoft\windows\cookies\low\index.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\updatecontrollerconfig.json
  • %ProgramFiles%\malwarebytes\anti-malware\unins000.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\licenseconfig.json.bak
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\licenseconfig.json
  • %ProgramFiles%\malwarebytes\anti-malware\mbshlext.dll
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\policiesconfig.json.bak
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\policiesconfig.json
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\logs\mbamservice.log
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\mbdigsig2.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\dbmanifest2.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\dynconfig.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\exclusions.txt
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\clean.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\wprot2.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tids.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\scan.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\rules.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\rdefs.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\prot.mbdb
  • %ProgramFiles%\malwarebytes\anti-malware\securityproductinformation.ini
  • %ProgramFiles%\malwarebytes\anti-malware\serviceconfig.json.bak
  • %ProgramFiles%\malwarebytes\anti-malware\serviceconfig.json
  • %TEMP%\mb_errors992.log
  • %TEMP%\is-kjal8.tmp\digicertevroot.crt
  • %TEMP%\is-kjal8.tmp\baltimorecybertrustroot.crt
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\config\updatecontrollerconfig.json.bak
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1238866942-1249195528-555854008-1000-09152023190014161-ntuser.dat.log1
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\is-0v5lu.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-jotdr.tmp
  • %ProgramFiles(x86)%\7-zip\lang\pt-br.txt
  • %ProgramFiles(x86)%\7-zip\lang\ps.txt
  • %ProgramFiles(x86)%\7-zip\lang\pl.txt
  • %ProgramFiles(x86)%\7-zip\lang\pa-in.txt
  • %ProgramFiles(x86)%\7-zip\lang\nn.txt
  • %ProgramFiles(x86)%\7-zip\lang\nl.txt
  • %ProgramFiles(x86)%\7-zip\lang\ne.txt
  • %ProgramFiles(x86)%\7-zip\lang\nb.txt
  • %ProgramFiles(x86)%\7-zip\lang\ms.txt
  • %ProgramFiles(x86)%\7-zip\lang\mr.txt
  • %ProgramFiles(x86)%\7-zip\lang\ro.txt
  • %ProgramFiles(x86)%\7-zip\lang\pt.txt
  • %ProgramFiles(x86)%\7-zip\lang\mn.txt
  • %ProgramFiles(x86)%\7-zip\lang\mk.txt
  • %ProgramFiles(x86)%\7-zip\lang\lv.txt
  • %ProgramFiles(x86)%\7-zip\lang\lt.txt
  • %ProgramFiles(x86)%\7-zip\lang\lij.txt
  • %ProgramFiles(x86)%\7-zip\lang\ky.txt
  • %ProgramFiles(x86)%\7-zip\lang\ku.txt
  • %ProgramFiles(x86)%\7-zip\lang\ku-ckb.txt
  • %ProgramFiles(x86)%\7-zip\lang\ko.txt
  • %ProgramFiles(x86)%\7-zip\lang\kk.txt
  • %ProgramFiles(x86)%\7-zip\lang\mng2.txt
  • %ProgramFiles(x86)%\7-zip\lang\de.txt
  • %ProgramFiles(x86)%\7-zip\lang\ru.txt
  • %ProgramFiles(x86)%\7-zip\lang\zh-tw.txt
  • %ProgramFiles(x86)%\7-zip\lang\zh-cn.txt
  • %ProgramFiles(x86)%\7-zip\lang\yo.txt
  • %ProgramFiles(x86)%\7-zip\lang\vi.txt
  • %ProgramFiles(x86)%\7-zip\lang\va.txt
  • %ProgramFiles(x86)%\7-zip\lang\uz.txt
  • %ProgramFiles(x86)%\7-zip\lang\uz-cyrl.txt
  • %ProgramFiles(x86)%\7-zip\lang\uk.txt
  • %ProgramFiles(x86)%\7-zip\lang\ug.txt
  • %ProgramFiles(x86)%\7-zip\lang\tt.txt
  • %ProgramFiles(x86)%\7-zip\lang\tr.txt
  • %ProgramFiles(x86)%\7-zip\lang\tk.txt
  • %ProgramFiles(x86)%\7-zip\lang\th.txt
  • %ProgramFiles(x86)%\7-zip\lang\tg.txt
  • %ProgramFiles(x86)%\7-zip\lang\ta.txt
  • %ProgramFiles(x86)%\7-zip\lang\sw.txt
  • %ProgramFiles(x86)%\7-zip\lang\sv.txt
  • %ProgramFiles(x86)%\7-zip\lang\sr-spl.txt
  • %ProgramFiles(x86)%\7-zip\lang\sr-spc.txt
  • %ProgramFiles(x86)%\7-zip\lang\sq.txt
  • %ProgramFiles(x86)%\7-zip\lang\sl.txt
  • %ProgramFiles(x86)%\7-zip\lang\sk.txt
  • %ProgramFiles(x86)%\7-zip\lang\si.txt
  • %ProgramFiles(x86)%\7-zip\lang\kab.txt
  • %ProgramFiles(x86)%\7-zip\lang\mng.txt
  • %ProgramFiles(x86)%\7-zip\lang\kaa.txt
  • %ProgramFiles(x86)%\7-zip\lang\ka.txt
  • %ProgramFiles(x86)%\7-zip\lang\ja.txt
  • %ProgramFiles(x86)%\7-zip\lang\an.txt
  • %ProgramFiles(x86)%\7-zip\lang\co.txt
  • %ProgramFiles(x86)%\7-zip\lang\ca.txt
  • %ProgramFiles(x86)%\7-zip\lang\br.txt
  • %ProgramFiles(x86)%\7-zip\lang\bn.txt
  • %ProgramFiles(x86)%\7-zip\lang\bg.txt
  • %ProgramFiles(x86)%\7-zip\lang\be.txt
  • %ProgramFiles(x86)%\7-zip\lang\ba.txt
  • %ProgramFiles(x86)%\7-zip\lang\az.txt
  • %ProgramFiles(x86)%\7-zip\lang\ast.txt
  • %ProgramFiles(x86)%\7-zip\lang\ar.txt
  • %ProgramFiles(x86)%\7-zip\lang\af.txt
  • %ProgramFiles(x86)%\7-zip\lang\cy.txt
  • %ProgramFiles(x86)%\7-zip\history.txt
  • %ProgramFiles(x86)%\7-zip\descript.ion
  • %ProgramFiles(x86)%\7-zip\7-zip.chm
  • %TEMP%\cnf
  • %TEMP%\qb0ef9d8.99\getlic.7z
  • %TEMP%\qb0ef9d8.99\pb.cmd
  • %TEMP%\qb0ef9d8.99\ck.7z
  • %TEMP%\qb0ef9d8.99\rs.7z
  • %TEMP%\qb0ef9d8.99\cnf
  • %TEMP%\qb0ef9d8.99\7z2201.exe
  • %ProgramFiles(x86)%\7-zip\license.txt
  • %ProgramFiles(x86)%\7-zip\lang\sa.txt
  • %ProgramFiles(x86)%\7-zip\lang\da.txt
  • %ProgramFiles(x86)%\7-zip\lang\en.ttt
  • %ProgramFiles(x86)%\7-zip\lang\cs.txt
  • %ProgramFiles(x86)%\7-zip\lang\it.txt
  • %ProgramFiles(x86)%\7-zip\lang\is.txt
  • %ProgramFiles(x86)%\7-zip\lang\io.txt
  • %ProgramFiles(x86)%\7-zip\lang\id.txt
  • %ProgramFiles(x86)%\7-zip\lang\hy.txt
  • %ProgramFiles(x86)%\7-zip\lang\hu.txt
  • %ProgramFiles(x86)%\7-zip\lang\hr.txt
  • %ProgramFiles(x86)%\7-zip\lang\hi.txt
  • %ProgramFiles(x86)%\7-zip\lang\he.txt
  • %ProgramFiles(x86)%\7-zip\lang\gu.txt
  • %ProgramFiles(x86)%\7-zip\lang\gl.txt
  • %ProgramFiles(x86)%\7-zip\lang\ga.txt
  • %ProgramFiles(x86)%\7-zip\lang\fy.txt
  • %ProgramFiles(x86)%\7-zip\lang\fur.txt
  • %ProgramFiles(x86)%\7-zip\lang\fr.txt
  • %ProgramFiles(x86)%\7-zip\lang\fi.txt
  • %ProgramFiles(x86)%\7-zip\lang\fa.txt
  • %ProgramFiles(x86)%\7-zip\lang\ext.txt
  • %ProgramFiles(x86)%\7-zip\lang\eu.txt
  • %ProgramFiles(x86)%\7-zip\lang\et.txt
  • %ProgramFiles(x86)%\7-zip\lang\es.txt
  • %ProgramFiles(x86)%\7-zip\lang\eo.txt
  • %ProgramFiles(x86)%\7-zip\lang\el.txt
  • %ProgramFiles(x86)%\7-zip\readme.txt
  • %ProgramFiles(x86)%\7-zip\7-zip.dll
  • %ProgramFiles(x86)%\7-zip\7z.dll
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-s2n0h.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-7hklf.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-fqgfa.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-m2ttu.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-279i3.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-bunj6.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-k9gt2.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-07ap9.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-bsvai.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\styles\flat\is-klqlf.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\styles\flat\is-e6nla.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\is-5iu0a.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\is-f4v26.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\is-qpn7j.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\is-en1qb.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\is-b2f0b.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\is-stol6.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\is-s8l8q.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\is-942ic.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\is-6scqh.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\is-pq73q.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\is-rk5ca.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\is-2dl7m.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-lvdl1.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-b4d53.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\is-t56qe.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-rt81j.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\is-ms5sl.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\is-e5v0h.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\is-fosl5.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\is-humho.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-7hl5a.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-lb2jm.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-2901j.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-jc0n7.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-s84jq.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-ve4hi.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\is-lnjcv.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\is-pcl63.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\is-4ov7c.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-8av0g.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-320oi.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-2uduk.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-hu8j9.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-034al.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-p93pj.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-vv251.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-g7mup.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-68guc.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-k6jpb.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\styles\is-81846.tmp
  • %TEMP%\is-kjal8.tmp\mb-work-image100.bmp
  • %ProgramFiles%\malwarebytes\anti-malware\scenegraph\is-5hiib.tmp
  • %TEMP%\is-kjal8.tmp\mb-personal-image100.bmp
  • %TEMP%\is-kjal8.tmp\malwarebytes_privacypolicy.htm
  • %TEMP%\is-kjal8.tmp\malwarebytes_enduserlicenseagreement.htm
  • %TEMP%\is-kjal8.tmp\languages.txt
  • %TEMP%\mb_setup2492.log
  • %TEMP%\is-kjal8.tmp\innocallback.dll
  • %TEMP%\is-kjal8.tmp\suhlpr.dll
  • %TEMP%\is-kjal8.tmp\_isetup\_shfoldr.dll
  • %TEMP%\is-kjal8.tmp\_isetup\_setup64.tmp
  • %TEMP%\setup log 2023-09-15 #001.txt
  • %TEMP%\is-q8dhj.tmp\rs.tmp
  • %TEMP%\rs.exe
  • %ALLUSERSPROFILE%\mb2migration\exclusions.dat
  • %ALLUSERSPROFILE%\mb2migration\configuration\license.conf
  • nul
  • %TEMP%\pb.cmd
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\7-zip\7-zip help.lnk
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\7-zip\7-zip file manager.lnk
  • %ProgramFiles(x86)%\7-zip\uninstall.exe
  • %ProgramFiles(x86)%\7-zip\7zg.exe
  • %ProgramFiles(x86)%\7-zip\7zfm.exe
  • %ProgramFiles(x86)%\7-zip\7zcon.sfx
  • %ProgramFiles(x86)%\7-zip\7z.sfx
  • %ProgramFiles(x86)%\7-zip\7z.exe
  • %TEMP%\is-kjal8.tmp\mb-header100.bmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\is-7unpd.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\imageformats\is-usf8g.tmp
  • %TEMP%\is-kjal8.tmp\mb-header-options100.bmp
  • %ProgramFiles%\malwarebytes\anti-malware\imageformats\is-a8t6i.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\iconengines\is-hoi91.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\is-l95bc.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\is-25i73.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\is-0stus.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-gjek3.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-eibhc.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-uetpm.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-avrud.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-bh33p.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-0q4en.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-n51qi.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-bhiac.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-qv0cc.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-kmhqk.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-3hg7u.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-80fs2.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-v6e64.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-2oq0c.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-62f43.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-no10m.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-32dd8.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\is-eo1v7.tmp
  • %ProgramFiles%\malwarebytes\anti-malware\platforms\is-ltqpe.tmp
  • %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\index.dat
Deletes the following files
  • %TEMP%\is-kjal8.tmp\mb-header100.bmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-09152023190013173-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-09152023190013173-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-09152023190013769-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-09152023190013769-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1238866942-1249195528-555854008-1000-09152023190014161-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1238866942-1249195528-555854008-1000-09152023190014161-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1238866942-1249195528-555854008-1000-09152023190014161-usrclass.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-09152023190021544-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1238866942-1249195528-555854008-1000-09152023190025586-usrclass.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-09152023190021544-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-09152023190022104-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-19-09152023190022104-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-09152023190025456-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-20-09152023190025456-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1238866942-1249195528-555854008-1000-09152023190025586-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1238866942-1249195528-555854008-1000-09152023190025586-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-09152023190012738-ntuser.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1238866942-1249195528-555854008-1000-09152023190014161-usrclass.dat.log1
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-18-09152023190012738-ntuser.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\exclusions.txt
  • %TEMP%\is-kjal8.tmp\mb-personal-image100.bmp
  • %TEMP%\is-kjal8.tmp\mb-work-image100.bmp
  • %TEMP%\is-kjal8.tmp\mb-header-options100.bmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\lang_es.qm
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\clean.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\dbmanifest2.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\dynconfig.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\mbdigsig2.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\version.dat
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\prot.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\rdefs.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\rules.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\scan.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\tids.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\wprot2.mbdb
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\pkgvers.dat
  • %WINDIR%\temp\udde9f1.tmp
  • %ALLUSERSPROFILE%\malwarebytes\mbamservice\s-1-5-21-1238866942-1249195528-555854008-1000-09152023190025586-usrclass.dat.log1
Moves the following files
  • from %ProgramFiles%\malwarebytes\anti-malware\is-eo1v7.tmp to %ProgramFiles%\malwarebytes\anti-malware\unins000.exe
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-94f3v.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_nl.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-t8tr3.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_pl.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-eosjv.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_pt_br.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-km8ah.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_pt_pt.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-af3ui.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_ru.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-notag.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_sv.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-db7m5.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_da.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-6rbvn.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_no.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-u9rrq.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_fi.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-b1fr5.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_fr.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-38j3d.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_it.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-lrn5f.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_ja.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-4gi18.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_zh_tw.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-3g2vl.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_ko.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-dcf5v.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_ro.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-ja9cp.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_hr.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-fu6j2.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_sl.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-s837p.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_sk.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-vmfpl.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_bg.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\is-q1965.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbamwsc.exe
  • from %ProgramFiles%\malwarebytes\anti-malware\is-d0l51.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbamservice.exe
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-k9382.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_hu.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-hapg7.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_cs.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-c76cb.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_es.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-favr7.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_de.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-d3a32.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_en_us.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\is-7k9pn.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-synch-l1-2-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-in2jv.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-sysinfo-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-qepdh.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-timezone-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-7kosk.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-util-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-qn1kc.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-xstate-l2-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-bce8a.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-conio-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-7epua.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-convert-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-29r7g.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-environment-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-70btm.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-filesystem-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-ddqls.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-heap-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-khrb3.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-synch-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-gikt3.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-locale-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-9qg5d.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-multibyte-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-um5bd.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-private-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-b7ljl.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-process-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-jleg7.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-runtime-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-t4ov7.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-stdio-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-rdrbj.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-string-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-0ilfn.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-time-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-ne73i.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-utility-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-tgi2v.tmp to %ProgramFiles%\malwarebytes\anti-malware\ucrtbase.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\languages\is-hrfd9.tmp to %ProgramFiles%\malwarebytes\anti-malware\languages\lang_en_gb.qm
  • from %ProgramFiles%\malwarebytes\anti-malware\is-i8i8e.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-crt-math-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-9kq0k.tmp to %ProgramFiles%\malwarebytes\anti-malware\arwcontrollerimpl.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-bn7gr.tmp to %ProgramFiles%\malwarebytes\anti-malware\cleancontrollerimpl.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-k5t15.tmp to %ProgramFiles%\malwarebytes\anti-malware\cloudcontrollerimpl.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-q3aet.tmp to %ProgramFiles%\malwarebytes\anti-malware\licensecontrollerimpl.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-2or3r.tmp to %ProgramFiles%\malwarebytes\anti-malware\selfprotectionsdk.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-829il.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbampt.exe
  • from %ProgramFiles%\malwarebytes\anti-malware\is-5pe2v.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbae.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-h2pjn.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbamelam.sys
  • from %ProgramFiles%\malwarebytes\anti-malware\is-3543q.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbamelam.cat
  • from %ProgramFiles%\malwarebytes\anti-malware\is-eml1i.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbamelam.inf
  • from %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-s0voh.tmp to %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\clean.mbdb
  • from %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-ssbml.tmp to %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\prot.mbdb
  • from %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-duv5e.tmp to %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\rdefs.mbdb
  • from %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-ncv8m.tmp to %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\rules.mbdb
  • from %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-mp1n5.tmp to %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\scan.mbdb
  • from %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-8pvml.tmp to %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\tids.mbdb
  • from %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-9km8f.tmp to %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\wprot2.mbdb
  • from %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-84i6o.tmp to %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\exclusions.txt
  • from %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-8ktog.tmp to %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\dynconfig.dat
  • from %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-hdukg.tmp to %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\dbmanifest2.dat
  • from %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\is-qqegk.tmp to %ALLUSERSPROFILE%\malwarebytes\mbamservice\tempdb\mbdigsig2.dat
  • from %ProgramFiles%\malwarebytes\anti-malware\is-stveh.tmp to %ProgramFiles%\malwarebytes\anti-malware\pkgvers.dat
  • from %ProgramFiles%\malwarebytes\anti-malware\is-e23qd.tmp to %ProgramFiles%\malwarebytes\anti-malware\version.dat
  • from %ProgramFiles%\malwarebytes\anti-malware\is-ehg4t.tmp to %ProgramFiles%\malwarebytes\anti-malware\7z.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-0r65l.tmp to %ProgramFiles%\malwarebytes\anti-malware\zlib.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\pkgvers.dat to %ALLUSERSPROFILE%\malwarebytes\mbamservice\pkgvers.dat
  • from %ProgramFiles%\malwarebytes\anti-malware\version.dat to %ALLUSERSPROFILE%\malwarebytes\mbamservice\version.dat
  • from %ProgramFiles%\malwarebytes\anti-malware\is-vhp14.tmp to %ProgramFiles%\malwarebytes\anti-malware\selfprotectionshim.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-cq4h6.tmp to %ProgramFiles%\malwarebytes\anti-malware\rtpshim.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-jir0k.tmp to %ProgramFiles%\malwarebytes\anti-malware\rtp.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-2pn9o.tmp to %ProgramFiles%\malwarebytes\anti-malware\swissarmy.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-3uv0u.tmp to %ProgramFiles%\malwarebytes\anti-malware\mwaccontrollerimpl.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-594ta.tmp to %ProgramFiles%\malwarebytes\anti-malware\policiescontrollerimpl.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-165me.tmp to %ProgramFiles%\malwarebytes\anti-malware\rtpcontrollerimpl.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-pt2cd.tmp to %ProgramFiles%\malwarebytes\anti-malware\scancontrollerimpl.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-ccljd.tmp to %ProgramFiles%\malwarebytes\anti-malware\telemetrycontrollerimpl.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-cdgkp.tmp to %ProgramFiles%\malwarebytes\anti-malware\aecontrollerimpl.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-rm6iq.tmp to %ProgramFiles%\malwarebytes\anti-malware\updatecontrollerimpl.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-dn5t9.tmp to %ProgramFiles%\malwarebytes\anti-malware\spcontrollerimpl.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-e42ms.tmp to %ProgramFiles%\malwarebytes\anti-malware\actions.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-8prh1.tmp to %ProgramFiles%\malwarebytes\anti-malware\actionsshim.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-gjbn1.tmp to %ProgramFiles%\malwarebytes\anti-malware\browsersdkdll.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-et95a.tmp to %ProgramFiles%\malwarebytes\anti-malware\browsersdkdllshim.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-rr2u1.tmp to %ProgramFiles%\malwarebytes\anti-malware\aeshim.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-j6cfp.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbae64.dll
  • from <DRIVERS>\is-scfnq.tmp to <DRIVERS>\mbae64.sys
  • from %ProgramFiles%\malwarebytes\anti-malware\is-769c8.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbae-api-na.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-740fk.tmp to %ProgramFiles%\malwarebytes\anti-malware\arwsdkshim.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-0deiq.tmp to %ProgramFiles%\malwarebytes\anti-malware\arwlib.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-fv1tu.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbamshim.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-f6atq.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbamcore.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-n796e.tmp to %ProgramFiles%\malwarebytes\anti-malware\mwacsdkshim.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-9buvr.tmp to %ProgramFiles%\malwarebytes\anti-malware\mwaclib.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-6pc64.tmp to %ProgramFiles%\malwarebytes\anti-malware\swissarmyshim.dll
  • from <DRIVERS>\sete57e.tmp to <DRIVERS>\mbamswissarmy.sys
  • from %ProgramFiles%\malwarebytes\anti-malware\is-fq851.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-string-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-0cju2.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-rtlsupport-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-rv21u.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-profile-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\is-pq73q.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\is-6scqh.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\plugins.qmltypes
  • from %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\is-942ic.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\qmldir
  • from %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\is-s8l8q.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt\labs\settings\qmlsettingsplugin.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\is-stol6.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\modelsplugin.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\is-b2f0b.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\plugins.qmltypes
  • from %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\is-en1qb.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtqml\models.2\qmldir
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\is-qpn7j.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\plugins.qmltypes
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\is-f4v26.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\qmldir
  • from %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\is-2dl7m.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\plugins.qmltypes
  • from %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\is-rk5ca.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt\labs\folderlistmodel\qmldir
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\is-5iu0a.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\qtquickcontrolsplugin.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-bsvai.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\defaultcolordialog.qml
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-07ap9.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\defaultdialogwrapper.qml
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-k9gt2.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\defaultfiledialog.qml
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-bunj6.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\defaultfontdialog.qml
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-279i3.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\defaultmessagedialog.qml
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-m2ttu.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\dialogplugin.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-fqgfa.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\plugins.qmltypes
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-7hklf.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qmldir
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-s2n0h.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\widgetcolordialog.qml
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\styles\flat\is-e6nla.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\styles\flat\qmldir
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\styles\flat\is-klqlf.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\controls\styles\flat\qtquickextrasflatplugin.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\styles\is-81846.tmp to %ProgramFiles%\malwarebytes\anti-malware\styles\qwindowsvistastyle.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\scenegraph\is-5hiib.tmp to %ProgramFiles%\malwarebytes\anti-malware\scenegraph\qsgd3d12backend.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\platforms\is-ltqpe.tmp to %ProgramFiles%\malwarebytes\anti-malware\platforms\qwindows.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-no10m.tmp to %ProgramFiles%\malwarebytes\anti-malware\suhlpr.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-62f43.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbam.exe
  • from %ProgramFiles%\malwarebytes\anti-malware\is-2oq0c.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbamtray.exe
  • from %ProgramFiles%\malwarebytes\anti-malware\is-v6e64.tmp to %ProgramFiles%\malwarebytes\anti-malware\assistant.exe
  • from %ProgramFiles%\malwarebytes\anti-malware\is-80fs2.tmp to %ProgramFiles%\malwarebytes\anti-malware\malwarebytes_assistant.exe
  • from %ProgramFiles%\malwarebytes\anti-malware\is-3hg7u.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbamwow.exe
  • from %ProgramFiles%\malwarebytes\anti-malware\is-kmhqk.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbshlext_proto
  • from %ProgramFiles%\malwarebytes\anti-malware\is-qv0cc.tmp to %ProgramFiles%\malwarebytes\anti-malware\mbcut.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-bhiac.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt5core.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-n51qi.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt5gui.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-32dd8.tmp to %ProgramFiles%\malwarebytes\anti-malware\changes.txt
  • from %ProgramFiles%\malwarebytes\anti-malware\is-0q4en.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt5network.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-avrud.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt5quick.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-uetpm.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt5svg.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-eibhc.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt5widgets.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-gjek3.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt5winextras.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\is-0stus.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\plugins.qmltypes
  • from %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\is-25i73.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\qmldir
  • from %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\is-l95bc.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtwinextras\qml_winextras.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\iconengines\is-hoi91.tmp to %ProgramFiles%\malwarebytes\anti-malware\iconengines\qsvgicon.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\imageformats\is-a8t6i.tmp to %ProgramFiles%\malwarebytes\anti-malware\imageformats\qico.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\imageformats\is-usf8g.tmp to %ProgramFiles%\malwarebytes\anti-malware\imageformats\qsvg.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-bh33p.tmp to %ProgramFiles%\malwarebytes\anti-malware\qt5qml.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-lvdl1.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\widgetfiledialog.qml
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-jotdr.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\widgetfontdialog.qml
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\is-b4d53.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\widgetmessagedialog.qml
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-rt81j.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\checkers.png
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\is-5eulu.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\windowplugin.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\is-orpo6.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\plugins.qmltypes
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\is-3qmli.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\qmldir
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\is-o8r3p.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick.2\qtquick2plugin.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-lksj4.tmp to %ProgramFiles%\malwarebytes\anti-malware\msvcp140.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-js493.tmp to %ProgramFiles%\malwarebytes\anti-malware\vcruntime140.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-18k57.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-console-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-f6qp3.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-console-l1-2-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-ubo0n.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-datetime-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-tlus0.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-debug-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-pugel.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-errorhandling-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-36sv8.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-file-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-p0aie.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-file-l1-2-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-ul1jj.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-file-l2-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-uhrvj.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-handle-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-1qbqv.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-heap-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-45v01.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-interlocked-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-e9q6k.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-libraryloader-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-l3j9q.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-localization-l1-2-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-jfe51.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-memory-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-lkf59.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-namedpipe-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-av1vs.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-processenvironment-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\is-5cd31.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-processthreads-l1-1-0.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\is-2vaei.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\qmldir
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\is-t56qe.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\widgetsplugin.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\is-0v5lu.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\window.2\plugins.qmltypes
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\is-7unpd.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\qmldir
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-k6jpb.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\checkmark.png
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-68guc.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\copy.png
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-g7mup.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\critical.png
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-vv251.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\crosshairs.png
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-p93pj.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\information.png
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-034al.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\question.png
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-hu8j9.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\slider_handle.png
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-2uduk.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\sunken_frame.png
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-320oi.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\warning.png
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\is-8av0g.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\images\window_border.png
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\is-4ov7c.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\dialogsprivateplugin.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\is-pcl63.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\plugins.qmltypes
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\is-lnjcv.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\private\qmldir
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-ve4hi.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\colorslider.qml
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-s84jq.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\defaultwindowdecoration.qml
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-jc0n7.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\iconbuttonstyle.qml
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-2901j.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\iconglyph.qml
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-lb2jm.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\icons.ttf
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\is-7hl5a.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\dialogs\qml\qmldir
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\is-humho.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\plugins.qmltypes
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\is-fosl5.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\qmldir
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\is-e5v0h.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\layouts\qquicklayoutsplugin.dll
  • from %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\is-ms5sl.tmp to %ProgramFiles%\malwarebytes\anti-malware\qtquick\privatewidgets\plugins.qmltypes
  • from %ProgramFiles%\malwarebytes\anti-malware\is-7fda5.tmp to %ProgramFiles%\malwarebytes\anti-malware\api-ms-win-core-processthreads-l1-1-1.dll
  • from <DRIVERS>\set63b3.tmp to <DRIVERS>\mbamchameleon.sys
Substitutes the following files
  • %TEMP%\is-kjal8.tmp\mb-header100.bmp
  • %ProgramFiles%\malwarebytes\anti-malware\languages\lang_es.qm
Modifies the HOSTS file.
Network activity
Connects to
  • 'te######y.malwarebytes.com':443
  • 'localhost':443
TCP
Other
  • 'te######y.malwarebytes.com':443
UDP
  • DNS ASK te######y.malwarebytes.com
Miscellaneous
Adds a root certificate
Creates and executes the following
  • '%TEMP%\qb0ef9d8.99\7z2201.exe' /S
  • '%ProgramFiles(x86)%\7-zip\7z.exe' x "%TEMP%\qb0EF9D8.99\ck.7z" -o"%ALLUSERSPROFILE%" -pFDGFD676tgdfsjbfskhfdfgkjnfdDJfgdkjhf76 -y
  • '%ProgramFiles(x86)%\7-zip\7z.exe' x "%TEMP%\qb0EF9D8.99\rs.7z" -o"%LOCALAPPDATA%\Temp" -pFHFiuhyt6gfhjdgdgfduh675rgkhidfgHFDSSyg6f5s7dg -y
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' start-process -FilePath '%TEMP%\rs.exe' -ArgumentList '/VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-' -NoNewWindow -Wait
  • '%TEMP%\rs.exe' /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
  • '%TEMP%\is-q8dhj.tmp\rs.tmp' /SL5="$C019E,63820596,239616,%TEMP%\rs.exe" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
  • '%ProgramFiles%\malwarebytes\anti-malware\mbamservice.exe' /service
  • '%ProgramFiles%\malwarebytes\anti-malware\mbamservice.exe'
  • '%ProgramFiles%\malwarebytes\anti-malware\mbamtray.exe'
  • '<SYSTEM32>\cmd.exe' /c ""%TEMP%\43WY8996.bat" "<Full path to file>" "' (with hidden window)
  • '<SYSTEM32>\certutil.exe' -f -addStore root "%TEMP%\is-KJAL8.tmp\BaltimoreCyberTrustRoot.crt"' (with hidden window)
  • '<SYSTEM32>\certutil.exe' -f -addStore root "%TEMP%\is-KJAL8.tmp\DigiCertEVRoot.crt"' (with hidden window)
  • '%ProgramFiles%\malwarebytes\anti-malware\mbamservice.exe' /service' (with hidden window)
Executes the following
  • '<SYSTEM32>\cmd.exe' /c ""%TEMP%\43WY8996.bat" "<Full path to file>" "
  • '<SYSTEM32>\cmd.exe' /c tasklist /fi "imagename eq mbamtray.exe" /fo csv /nh
  • '<SYSTEM32>\certutil.exe' -f -addStore root "%TEMP%\is-KJAL8.tmp\DigiCertEVRoot.crt"
  • '<SYSTEM32>\certutil.exe' -f -addStore root "%TEMP%\is-KJAL8.tmp\BaltimoreCyberTrustRoot.crt"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' start-process -FilePath '%ProgramFiles%\Malwarebytes\Anti-Malware\unins000.exe' -ArgumentList '/VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-' -NoNewWindow -Wait
  • '<SYSTEM32>\timeout.exe' 5
  • '<SYSTEM32>\cmd.exe'
  • '<SYSTEM32>\cmd.exe' /S /D /c" echo prompt $H"
  • '<SYSTEM32>\cmd.exe' /c echo prompt $H|cmd
  • '<SYSTEM32>\tasklist.exe' /fi "imagename eq mbamtray.exe" /fo csv /nh
  • '<SYSTEM32>\cmd.exe' /c copy/Z "%TEMP%\pb.cmd" nul
  • '<SYSTEM32>\chcp.com' 65001
  • '<SYSTEM32>\mode.com' con:cols=86 lines=36
  • '<SYSTEM32>\cmd.exe' /K "%TEMP%\pb.cmd"
  • '<SYSTEM32>\findstr.exe' "holocron" "<DRIVERS>\etc\hosts"
  • '<SYSTEM32>\cmd.exe' /c findstr "holocron" "<DRIVERS>\etc\hosts"
  • '<SYSTEM32>\findstr.exe' "keystone" "<DRIVERS>\etc\hosts"
  • '<SYSTEM32>\cmd.exe' /c findstr "keystone" "<DRIVERS>\etc\hosts"
  • '<SYSTEM32>\attrib.exe' -r <DRIVERS>\etc\hosts
  • '<SYSTEM32>\mode.com' 70,4
  • '%WINDIR%\syswow64\rundll32.exe' "%WINDIR%\syswow64\WININET.dll",DispatchAPICall 1

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play