ThreatExpert Report

Submission Summary:

Submission details:

Submission received: 17 May 2009, 01:52:29
Processing time: 10 min 37 sec
Submitted sample:

File MD5: 0x9F606477D7FB45DC14FDCC4DE81EF3E9
File SHA-1: 0x120F16A5ACD98932530F380AC88C1EC1A7F58FC3
Filesize: 2,967,800 bytes

Summary of the findings:

What's been found	Severity Level
Registers a 32-bit in-process server DLL.

Technical Details:

The new window was created, as shown below:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash
1	%CommonAppData%\Malwarebytes\Malwarebytes' Anti-Malware\ignore.dat	0 bytes	MD5: 0xD41D8CD98F00B204E9800998ECF8427E SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
2	%CommonAppData%\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref	1,702,145 bytes	MD5: 0xDEE17ECECE89618CFE22ADEBE732D78D SHA-1: 0x731C4109CE72961FC05CD2EA356BF6FCB0298A96
3	%CommonDesktopDir%\Malwarebytes' Anti-Malware.lnk	696 bytes	MD5: 0x62AB3ECEDC5929D86BB867D4637EE79F SHA-1: 0x53632C062BC54A98D7CB0002D20DA53DA1D97A5E
4	%CommonPrograms%\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware Help.lnk	708 bytes	MD5: 0xC816EFF5E85E8247AC332016D5618B6B SHA-1: 0xA6841F647938186975B3EBA5426CAB6BB70559F4
5	%CommonPrograms%\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware.lnk	708 bytes	MD5: 0xFFBD5AD99B443537A0A2D75B4C330536 SHA-1: 0x61683CF1148A27BF0A7FCEC9603D279E5318836B
6	%CommonPrograms%\Malwarebytes' Anti-Malware\Uninstall Malwarebytes' Anti-Malware.lnk	732 bytes	MD5: 0x69C56B9B2F38D46505512F8454FD835B SHA-1: 0x50AD750FAAF7CF1970BE991BF38F11A9EFEA5E6C
7	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-00).txt	815 bytes	MD5: 0x82E32BBD62BE2348689FA5E8DB177678 SHA-1: 0x71A4621AFC5726D19CB207A6F5F40A077760BDC9
8	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-03).txt	815 bytes	MD5: 0xCF7D55AEA62782B9594197EEF3038A96 SHA-1: 0x3E6265066BEEDD34EEF86F729C016A515D4FC76F
9	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-04).txt	815 bytes	MD5: 0xC4C80B982670E611B22B05822AB7CA6E SHA-1: 0x5E9AAA9E4352996C66FEC1C635D400E5F3A88D97
10	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-05).txt	815 bytes	MD5: 0x7373752EFF2C669AC317A35E7B126615 SHA-1: 0x63CDB813731B42D5FF5C820172C822C5EA140C74
11	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-06).txt	815 bytes	MD5: 0x86B480095D779A954BC76A72C81F0FA5 SHA-1: 0xB70B46C3F680F2BAD6182B6509A2415F434D7DDE
12	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-07).txt	815 bytes	MD5: 0x9C0F5B7C3C92318CC764E2D83B55C815 SHA-1: 0xF48DF12C7F06814F321494D711F3F685726694F3
13	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-08).txt	815 bytes	MD5: 0xE58C80CA29E2AE756219EE00BBB91881 SHA-1: 0x47E2966F48FF289B9FDBE192E7CD05C04ACD1581
14	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-09).txt	815 bytes	MD5: 0x0EAC5AA20ADD76F62BEFF2501B7EAD89 SHA-1: 0x9B0B94972EB146C99CFDA3DA92023EFF9AA2AFD0
15	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-10).txt	815 bytes	MD5: 0x5F9D77CEA8C2A927B4CF764973A05600 SHA-1: 0x48AFC233FE30DA7C4B7A137A582BE45F172F55F8
16	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-11).txt	815 bytes	MD5: 0x2A23B7487D2ECDE922E1C96024935C18 SHA-1: 0x24AC5D9593A57F2311747CEDD5FBB317A65F45FD
17	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-12).txt	815 bytes	MD5: 0xBD1057E756E11CB1263FF631175B6440 SHA-1: 0xFB1D50DDEEF1A3BFAC2D25AC71EAF243BDD9EC97
18	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-13).txt	815 bytes	MD5: 0x96C6A0C650491A3859D4F63B87B15454 SHA-1: 0x4DAF7642D6B89D9D9B5AE09FB4ACB144973C227A
19	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-14).txt	815 bytes	MD5: 0xC6C383C9C8902C7B96D410BE31BDA245 SHA-1: 0xE615440D87E0161C4DEF495F0C804C1364B9F882
20	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-15).txt	815 bytes	MD5: 0x4ECB91B29E8463322E15D9EB40B55680 SHA-1: 0xFE34B056F502CCF7240364193E5E9759903A4CBD
21	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-16).txt	815 bytes	MD5: 0xF7E0CD2B96D59D583628E18BDA2A2F20 SHA-1: 0x54F3735011C0AF4B04967E10669B1AECAD3D1995
22	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-17).txt	815 bytes	MD5: 0x26AB84C69AE6DD7C2550D86F9AA1C82A SHA-1: 0xAB2DD25A43D24F5FAE4F637E3C9FC425AF5926E4
23	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-18).txt	815 bytes	MD5: 0xCBBFD0FD3E752DBB9226CD3FAC12EC0B SHA-1: 0x4969DCE1D37F038B91DDBA34E594E795015E351D
24	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-19).txt	815 bytes	MD5: 0xDC2890C9BBB3763101F46858811177C0 SHA-1: 0x9C7CBAEC09AC36F8FAAB6AE1B6C6E5001A57F545
25	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-20).txt	815 bytes	MD5: 0x7E3CE2489C3D72A6E79CFB7F6D558F4D SHA-1: 0x524445A258F01B45396B2C13E7311A18C1B132A3
26	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-21).txt	815 bytes	MD5: 0x6FD0F2B7CF526AA8BDB1BC528299C7B3 SHA-1: 0x09A4D89B7F763016B43B4D22D8147E5C447CE8CB
27	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-22).txt	815 bytes	MD5: 0x30386AB676C2829C2DAF9EC2250D2E80 SHA-1: 0x51F6A2A77FAF09468731AC8B0D18A3FBA905BFA3
28	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-23).txt	815 bytes	MD5: 0x858D1775B4E03CF2A9A43E2DCA115021 SHA-1: 0xD4B58F102FFC27AEE4A177790FF51DB4E5556C26
29	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-24).txt	815 bytes	MD5: 0xD44393447333F6FD02F677845A487B26 SHA-1: 0x875AFAA35617E3E7103717E784305F9F1AA31E2C
30	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-25).txt	815 bytes	MD5: 0xD0B6F6E61125B1BB7719540B36500D16 SHA-1: 0xC8F9996F3CE5B8423BA8E2A12D07CA4BCEE973A1
31	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-26).txt	815 bytes	MD5: 0x850B3CAEA47113EC3B4E1258A188A84B SHA-1: 0xBAF23C9EDA29E48972C73D7A1CC4D8CD1614ECE4
32	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-27).txt	815 bytes	MD5: 0x1CBBE84AF023200A61E521B15E1BB918 SHA-1: 0x5B439090EA1E56439C68E8E5233EF313C8E52AFA
33	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-28).txt	815 bytes	MD5: 0x0B1DF6D8A60CB875205491E03241A3F3 SHA-1: 0x15A3D80290674D4AC15BFBBEF4BE53361E7A7302
34	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-29).txt	815 bytes	MD5: 0x3620DF82FF9469AD3AA1BF2B5B1DF176 SHA-1: 0x3B58EFA81CFE49FEE0057D3A18CB416C21D77EC8
35	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-30).txt	815 bytes	MD5: 0xA61FFB5B373D15C78CCD9EFBF20FBA8E SHA-1: 0x3F043BB4E71C805C737587FA7D765FCB0A383018
36	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-31).txt	815 bytes	MD5: 0x6680C521A728139C3803279D53750456 SHA-1: 0xA331C79B27F84DB9FF320ADAC0BF0D320FE72067
37	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-32).txt	815 bytes	MD5: 0x6855C7D440924D8B9E576B3E3B33CC12 SHA-1: 0xEA333021959D6416B752678CC92090392B15B405
38	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-33).txt	815 bytes	MD5: 0xE665CC0483415089833ABF6EDBFA990D SHA-1: 0xF3F5B7CBBCA8BA75C8A7AF4FD36B7088279AAE1F
39	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-34).txt	815 bytes	MD5: 0xF7572B26811A73487FE8852BFE3BFCA5 SHA-1: 0x8D069A9D8376B3B57CF7CA734D0A57FDE0A1D33F
40	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-35).txt	815 bytes	MD5: 0x990316551A1C3007CE62DEA10AA22640 SHA-1: 0xC70C8AE4105275C5BB0B22EFF790177F1F94AE87
41	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-36).txt	815 bytes	MD5: 0xC4084EBF308BE638B122E2DB39C0A51C SHA-1: 0x048ED88CA684FBC7F88DD3F94AE2EBF1370F8010
42	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-37).txt	815 bytes	MD5: 0xBDC23605A9B508AC0A374D83302A96E4 SHA-1: 0xA9836E0FB47D7709EB9015DF1A9D240AFC6CF8D7
43	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-38).txt	815 bytes	MD5: 0xFE1F9E80D773AC36F0390E1A477CA5E3 SHA-1: 0x71AB089898D4080A2C90A39CCED5625099ACE732
44	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-39).txt	815 bytes	MD5: 0x21B000A2F30512EB0A924DC2113B9DBB SHA-1: 0xB71C1D8A5977AFE9FFCE1BA70A08F202EF82920C
45	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-40).txt	815 bytes	MD5: 0xC68AD7647E8A17796AEAB0D5FB5D1BED SHA-1: 0xCE5CE9D9580F85FC0CB45CC19B4F082E8ED758C4
46	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-41).txt	815 bytes	MD5: 0x9FF49A1F18EDB004C011A80AB324D020 SHA-1: 0xF89EC401D167BE295733BB120C7D7F209253AE66
47	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-42).txt	815 bytes	MD5: 0xE43C549FA8F12D9E40AE9EDE7EFE3AE1 SHA-1: 0xD78952A493F05049BE7FE468A93B4CEB6702B91E
48	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-43).txt	815 bytes	MD5: 0x3A768B834C989DD5879ACB159EA3B96A SHA-1: 0xCB186BD3D093536DF8205AF6105BFDD75FE3E708
49	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-44).txt	815 bytes	MD5: 0x02614D9589779149E75EBB88E230C560 SHA-1: 0x7C0265D9ADC1B47A0483FF9BE55AD3EB3830D707
50	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-45).txt	815 bytes	MD5: 0xBBE0B1F53EDD0508920D39CDD6C25BEB SHA-1: 0x031FA8D9780F33BCDC867540F41F5CACF025BDD1
51	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-46).txt	815 bytes	MD5: 0x42DDBA31B19F5373DBB389E2EBB46829 SHA-1: 0xB582A0496BDCCC02177914F50364C44BCDCB9B19
52	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-47).txt	815 bytes	MD5: 0xF26990578A25BCD76BB33FF3449FD289 SHA-1: 0x1E60C4234C0A1D168A5824A8EFF298B2B2076C86
53	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-48).txt	815 bytes	MD5: 0xE3D2AC36DBF6B3720E02323695AEB511 SHA-1: 0x489DAFF27A414D9B8B162179570BD1F850B47ADB
54	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-49).txt	815 bytes	MD5: 0x7A514C7A91ED2B0F4A3736CCE7C9DCBE SHA-1: 0xC8DCD4F5BE1D0838F34E97331041A6D2922807AF
55	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-50).txt	815 bytes	MD5: 0x35C9F7149C7B8784F1BF4885665DAB04 SHA-1: 0xB728FC9E955B7F1496B109EB6EA479E71B9493E0
56	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-51).txt	815 bytes	MD5: 0xB714845C62E2AA82A24BFEEBC231ECAA SHA-1: 0xA36EB8EDD7621957F9EA92B9AC5290AF2474D40D
57	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-52).txt	815 bytes	MD5: 0x819191A69FA87F388CEF49B028075E9A SHA-1: 0x2B2C94E840DC83BBC226DBA73659E8EC4EC37523
58	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-53).txt	815 bytes	MD5: 0xBF65169690EF1E3F0C5C6807F8CBB77B SHA-1: 0xEF62AF197AF2F9959D827670A0B4EA8C30E37AEC
59	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-54).txt	815 bytes	MD5: 0x33F6EBD41BA973850BFC637ECDAA9C14 SHA-1: 0x402063D25B05B89CD19E6A9AA418A567D8B82D1C
60	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-55).txt	815 bytes	MD5: 0x1621031A9067BCFBF323DE07435E446F SHA-1: 0x9652D2CD22FF17D5A237E24E8B604826D135B3C8
61	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-56).txt	815 bytes	MD5: 0xEB4601CDD24380D23D5BD6320DB5ACC3 SHA-1: 0x82CBAB7746AF80A47F7A5767C0823E988400F57B
62	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-57).txt	815 bytes	MD5: 0xC1738A8425983F39C36E29CDF35BBBE7 SHA-1: 0x717C8D34D30D3E95F3DABD20432AF337ADA028A3
63	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-58).txt	815 bytes	MD5: 0xB7B52DFE761C0AD7A2A4CCCC44069DED SHA-1: 0x6812E9F0CC7F59F8B4C967F96E17CCDC0B2FBA79
64	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-54-59).txt	815 bytes	MD5: 0x451A10E286B61E9D0A1AB5DC59BAB159 SHA-1: 0xD4F86A24147FF442C4437C92B62D6DBE0972B9F4
65	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-55-00).txt	815 bytes	MD5: 0x1F4C2C439D7224DC2189C1FEE18CE111 SHA-1: 0xF049CA61D62BB0C723703553DB2D08F26DCB11E3
66	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-55-01).txt	815 bytes	MD5: 0x4B2DBBC47F6B6A6A3C14D5B9D26AA2BD SHA-1: 0x39E430EFA18F481AE34399BF24893396B3E222BB
67	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-55-02).txt	815 bytes	MD5: 0x4C1A30F7B5382E042DE504161AC02E23 SHA-1: 0xDE80F84515974D9253D85F25D7E013DAF875979F
68	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-55-03).txt	815 bytes	MD5: 0x4B9E637A4F3DEAEC5D9FB05B26121582 SHA-1: 0xF0A9390605F31F0CDFF168B823CC9890ABE6A420
69	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-55-04).txt	815 bytes	MD5: 0x56C41B0EEA50362B8F5F2CC9DF464218 SHA-1: 0x36CBF9D92327AA51B7957714BA5BCED24C6B12E1
70	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-55-05).txt	815 bytes	MD5: 0xA4882D765F4E5CF27F6CF0F52BCFC772 SHA-1: 0x85E7EACCBC02E4A74C94777623961D8EB425F5BB
71	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-55-06).txt	815 bytes	MD5: 0xADB2B95BA94A1CF82C2F0B92043ADC69 SHA-1: 0x16708021C81334EEE293383123085B5C24B64A2E
72	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-55-07).txt	815 bytes	MD5: 0xAD7905373BFCF6B9107E5E2A36C55A66 SHA-1: 0x9CEEEFAB91BF0D2DC9DE2C0D96BF788F6202D953
73	%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2009-05-17 (02-55-08).txt	815 bytes	MD5: 0x998A06C6D7D8A411665E7F1A56B195C0 SHA-1: 0x579B2C856AA113D9AC2DB088B5CA822D93D4B351
74	%ProgramFiles%\bhqmqss.txt	8 bytes	MD5: 0x0177945BDC504AB08208CF6FC3C00C49 SHA-1: 0xC5720D502CBE57CC8E42F2FFFF3A8BACE84EA7A1
75	%ProgramFiles%\Malwarebytes' Anti-Malware\changes.rtf	13,616 bytes	MD5: 0x9CDCF5010C388C299F737F23F3A49F14 SHA-1: 0x610450D98698797208BB8EF6CB4FFE325B7393C6
76	%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\albanian.lng	13,924 bytes	MD5: 0xAC400BCDFCCD846595D2F8089B359112 SHA-1: 0x076275B54F85D92C2CD4033CB0901001F53E6124
77	%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\bulgarian.lng	12,533 bytes	MD5: 0xE8FF15D1DFBE904CAFD1EA3E3C6DD54A SHA-1: 0xED401D3EBB779928C8754CC6656830AE651A3AAE
78	%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\catalan.lng	12,595 bytes	MD5: 0x6FAF99D775A4D3787633D6B2A24BA248 SHA-1: 0x2A1A907CCF3009BC44AF3575A4676DDDE678AAD1
79	%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\chineseSI.lng	8,045 bytes	MD5: 0x081A4582F4EDFDE258FF30A1F2B4928A SHA-1: 0xFE19A19AAA18D9A19E447F4E859DD984C84621CE
80	%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\chineseTR.lng	8,141 bytes	MD5: 0x20A74C0E7B3959EB48D3AEF00807D298 SHA-1: 0xB66CDB7CD0094C969480A14FEC0D5951164F810D
81	%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\croatian.lng	11,977 bytes	MD5: 0x944A0BC5C750DC7982F546C941B8705C SHA-1: 0xDBCECA6E307143B39FB282C1140274EBBB7F19D1
82	%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\czech.lng	11,551 bytes	MD5: 0xD437928E6996EE0FC5C7DB29E09E241F SHA-1: 0x9DA693047C0E70A0A2969303C37370436ED5B6EB
83	%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\danish.lng	11,893 bytes	MD5: 0x315FAD510331A976477C31D6887A4795 SHA-1: 0x6EF27578D7C79DEE10FCF12B673EABD5C91F872F
84	%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\dutch.lng	12,255 bytes	MD5: 0x2FB87D0A1EC303D21630D052C30FAC4B SHA-1: 0x2AC001ACF5A5D56E8F248AA8465C82C7783BBF54
85	%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\english.lng	11,232 bytes	MD5: 0x830ED275341EFC754837E43B8852BBF0 SHA-1: 0x858018BDCD89FB9B550103481179A879C04539C4
86	%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\finnish.lng	11,624 bytes	MD5: 0xC518E592F0570B4A4A7090E29B705310 SHA-1: 0x4E2BA87CA3B064176A499F519C1AF9FF84988DBB
87	%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\french.lng	13,353 bytes	MD5: 0xC69F6EE461AE5D1D30EE24DA131E6A82 SHA-1: 0x61004BDBD1BDC036CC648327ECCF961945BCA3BB
88	%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\german.lng	13,557 bytes	MD5: 0x174808DE2FD6E4406F100F2161744666 SHA-1: 0xFDF2CB90B1C5670637E5792BA62408F1037789CF
89	%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\greek.lng	13,234 bytes	MD5: 0xA0DCDA747EFFBC5DF30D0CFDF21279BA SHA-1: 0xBD06231E7D5837F7296D6C4371E93E3511FCF215
90	%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\hungarian.lng	12,048 bytes	MD5: 0x7485E4D09F46F1C898063C50FAAC8C04 SHA-1: 0xF7324E5C3D8EFA15D35A3EA37E6C6CB410C61E41
91	%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\italian.lng	13,019 bytes	MD5: 0xB8CDBA884DA3FFD9754B8FDE35AE4094 SHA-1: 0xA4A00B2A7E99042E5E644EB70A23CAD582C391A6
92	%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\latvian.lng	11,457 bytes	MD5: 0xDC9F5A3490B7A503FF98F49B8E7AC475 SHA-1: 0x76AF2AA940384147BD59C7352B8799824833B074
93	%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\macedonian.lng	13,314 bytes	MD5: 0xE19A6B2D9E79AB8C7212AF83FD774E23 SHA-1: 0x9BE835012DB7A5806CE928998AC92D21F638458B
94	%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\norwegian.lng	11,594 bytes	MD5: 0x8B4F9F5E6D3AA2F4D6E9CBF7023374CF SHA-1: 0x0DCAD9223C5A742C2857CB9986FE9F4AAFA5E9A0
95	%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\polish.lng	11,623 bytes	MD5: 0x562023374444898E7A15ED7EC67D91F9 SHA-1: 0xB72E23BB87E27A326082C7E5D00265106D898677
96	%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\portugueseBR.lng	12,245 bytes	MD5: 0xE38BD9DC798F334E3B8DFD87BCB6DE1F SHA-1: 0xE4E2657A3B95EEF5084756DE469B61B0E453B72D
97	%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\portuguesePT.lng	12,345 bytes	MD5: 0xA1B0427AA5C4948C78ADEEA054956D76 SHA-1: 0x499B76DEB66661063E3E796B5C9545B642ACBA87
98	%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\romanian.lng	12,672 bytes	MD5: 0x95EB1296F765F93236436380592D08A3 SHA-1: 0xD0CF2DDF7208C8FCA37881A055C0F782793D1B96
99	%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\russian.lng	11,779 bytes	MD5: 0xED0C7036650233E85CC07A941FFAD463 SHA-1: 0x93EB8D1D59C530AF15BFE21838748B54BAFAB19C
100	%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\serbian.lng	12,114 bytes	MD5: 0xF80F8348557EC28AA7DC3A5C8D7E99A5 SHA-1: 0x95CDD4AB99936FF73A3543F5EC4467E8B38A6D9F

Notes:

%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
%CommonDesktopDir% is a variable that refers to the file system directory that contains files and folders that appear on the desktop for all users. A typical path is C:\Documents and Settings\All Users\Desktop (Windows NT/2000/XP).
%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.

The following directories were created:

%CommonAppData%\Malwarebytes
%CommonAppData%\Malwarebytes\Malwarebytes' Anti-Malware
%CommonPrograms%\Malwarebytes' Anti-Malware
%AppData%\Malwarebytes
%AppData%\Malwarebytes\Malwarebytes' Anti-Malware
%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs
%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine
%ProgramFiles%\Malwarebytes' Anti-Malware
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages

Memory Modifications

There were new processes created in the system:

Process Name	Process Filename	Main Module Size
mbamgui.exe	%ProgramFiles%\Malwarebytes' Anti-Malware\mbamgui.exe	434,176 bytes
[generic host process]	[generic host process filename]	20,480 bytes
[filename of the sample #1 without extension].tmp	%Temp%\is-PG2S1.tmp\[filename of the sample #1 without extension].tmp	749,568 bytes
mbam.exe	%ProgramFiles%\Malwarebytes' Anti-Malware\mbam.exe	1,290,240 bytes
mbam-dor.exe	%ProgramFiles%\malwarebytes' anti-malware\mbam-dor.exe	413,696 bytes
mbamservice.exe	%ProgramFiles%\malwarebytes' anti-malware\mbamservice.exe	212,992 bytes
[filename of the sample #1]	[file and pathname of the sample #1]	81,920 bytes

Notes:

[generic host process filename] is a full path filename of [generic host process].
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

Registry Modifications

The following Registry Keys were created:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BD3A001-42A2-491E-AACA-9512F6CF4CDB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BD3A001-42A2-491E-AACA-9512F6CF4CDB}\Implemented Categories
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BD3A001-42A2-491E-AACA-9512F6CF4CDB}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BD3A001-42A2-491E-AACA-9512F6CF4CDB}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BD3A001-42A2-491E-AACA-9512F6CF4CDB}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BD3A001-42A2-491E-AACA-9512F6CF4CDB}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BD3A001-42A2-491E-AACA-9512F6CF4CDB}\VERSION
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}\Control
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}\Implemented Categories
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}\MiscStatus
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}\MiscStatus\1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}\ToolboxBitmap32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}\VERSION
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2129738-6A78-4BCB-915A-412982CAA23D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2129738-6A78-4BCB-915A-412982CAA23D}\Implemented Categories
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2129738-6A78-4BCB-915A-412982CAA23D}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2129738-6A78-4BCB-915A-412982CAA23D}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2129738-6A78-4BCB-915A-412982CAA23D}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2129738-6A78-4BCB-915A-412982CAA23D}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2129738-6A78-4BCB-915A-412982CAA23D}\VERSION
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC90EAA6-69B8-4DE4-9A7B-5B2C5B3FEACD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC90EAA6-69B8-4DE4-9A7B-5B2C5B3FEACD}\Implemented Categories
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC90EAA6-69B8-4DE4-9A7B-5B2C5B3FEACD}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC90EAA6-69B8-4DE4-9A7B-5B2C5B3FEACD}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC90EAA6-69B8-4DE4-9A7B-5B2C5B3FEACD}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC90EAA6-69B8-4DE4-9A7B-5B2C5B3FEACD}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC90EAA6-69B8-4DE4-9A7B-5B2C5B3FEACD}\VERSION
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\MBAMShlExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E9FB490-7EE2-46E9-B52A-9DE91DD218F4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E9FB490-7EE2-46E9-B52A-9DE91DD218F4}\Forward
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E9FB490-7EE2-46E9-B52A-9DE91DD218F4}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E9FB490-7EE2-46E9-B52A-9DE91DD218F4}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{459A91BC-193F-4A70-959C-BFF69D781142}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{459A91BC-193F-4A70-959C-BFF69D781142}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{459A91BC-193F-4A70-959C-BFF69D781142}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{459A91BC-193F-4A70-959C-BFF69D781142}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{464D3E06-7D5B-416F-A6EE-0FFB1A5E931B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{464D3E06-7D5B-416F-A6EE-0FFB1A5E931B}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{464D3E06-7D5B-416F-A6EE-0FFB1A5E931B}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{464D3E06-7D5B-416F-A6EE-0FFB1A5E931B}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{497B84D4-FB2F-4AB0-A280-8AACFB4B355F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{497B84D4-FB2F-4AB0-A280-8AACFB4B355F}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{497B84D4-FB2F-4AB0-A280-8AACFB4B355F}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{497B84D4-FB2F-4AB0-A280-8AACFB4B355F}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66718B8E-A382-4FE2-AA7A-926F9D8C4621}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66718B8E-A382-4FE2-AA7A-926F9D8C4621}\Forward
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66718B8E-A382-4FE2-AA7A-926F9D8C4621}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66718B8E-A382-4FE2-AA7A-926F9D8C4621}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71A27031-C7D8-11D2-BEF8-525400DFB47A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71A27031-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71A27031-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

The newly created Registry Values are:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt]

(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID]

(Default) = "MBAMExt.MBAMShlExt"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib]

(Default) = "{AFF1A83B-6C83-4342-8E68-1648DE06CB65}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID]

(Default) = "MBAMExt.MBAMShlExt.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32]

(Default) = "%ProgramFiles%\malwarebytes' anti-malware\mbamext.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}]

(Default) = "MBAMShlExt Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION]

(Default) = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib]

(Default) = "{71A2702D-C7D8-11D2-BEF8-525400DFB47A}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID]

(Default) = "SSubTimer6.ISubclass"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}]

(Default) = "SSubTimer6.ISubclass"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION]

(Default) = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib]

(Default) = "{71A2702D-C7D8-11D2-BEF8-525400DFB47A}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID]

(Default) = "SSubTimer6.GSubclass"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32]

(Default) = "%ProgramFiles%\Malwarebytes' Anti-Malware\ssubtmr6.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}]

(Default) = "SSubTimer6.GSubclass"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION]

(Default) = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib]

(Default) = "{71A2702D-C7D8-11D2-BEF8-525400DFB47A}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID]

(Default) = "SSubTimer6.CTimer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32]

(Default) = "%ProgramFiles%\Malwarebytes' Anti-Malware\ssubtmr6.dll"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}]

(Default) = "SSubTimer6.CTimer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BD3A001-42A2-491E-AACA-9512F6CF4CDB}\VERSION]

(Default) = "1.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BD3A001-42A2-491E-AACA-9512F6CF4CDB}\TypeLib]

(Default) = "{DE8CE233-DD83-481D-844C-C07B96589D3A}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BD3A001-42A2-491E-AACA-9512F6CF4CDB}\ProgID]

(Default) = "vbAcceleratorSGrid6.cGridCell"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BD3A001-42A2-491E-AACA-9512F6CF4CDB}]

(Default) = "vbAcceleratorSGrid6.cGridCell"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}\MiscStatus\1]

(Default) = "131473"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}\VERSION]

(Default) = "1.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}\TypeLib]

(Default) = "{DE8CE233-DD83-481D-844C-C07B96589D3A}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}\ToolboxBitmap32]

(Default) = "%ProgramFiles%\Malwarebytes' Anti-Malware\vbalsgrid6.ocx, 30000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}\ProgID]

(Default) = "vbAcceleratorSGrid6.vbalGrid"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}\MiscStatus]

(Default) = "0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}\InprocServer32]

(Default) = "%ProgramFiles%\Malwarebytes' Anti-Malware\vbalsgrid6.ocx"
ThreadingModel = "Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}\Control]

(Default) = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}]

(Default) = "vbAccelerator Grid Control"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2129738-6A78-4BCB-915A-412982CAA23D}\VERSION]

(Default) = "1.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2129738-6A78-4BCB-915A-412982CAA23D}\TypeLib]

(Default) = "{DE8CE233-DD83-481D-844C-C07B96589D3A}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2129738-6A78-4BCB-915A-412982CAA23D}\ProgID]

(Default) = "vbAcceleratorSGrid6.cGridSortObject"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2129738-6A78-4BCB-915A-412982CAA23D}]

(Default) = "vbAcceleratorSGrid6.cGridSortObject"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC90EAA6-69B8-4DE4-9A7B-5B2C5B3FEACD}\VERSION]

(Default) = "1.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC90EAA6-69B8-4DE4-9A7B-5B2C5B3FEACD}\TypeLib]

(Default) = "{DE8CE233-DD83-481D-844C-C07B96589D3A}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC90EAA6-69B8-4DE4-9A7B-5B2C5B3FEACD}\ProgID]

(Default) = "vbAcceleratorSGrid6.IGridCellOwnerDraw"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC90EAA6-69B8-4DE4-9A7B-5B2C5B3FEACD}]

(Default) = "vbAcceleratorSGrid6.IGridCellOwnerDraw"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\MBAMShlExt]

(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib]

(Default) = "{AFF1A83B-6C83-4342-8E68-1648DE06CB65}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}]

(Default) = "IMBAMShlExt"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib]

(Default) = "{DE8CE233-DD83-481D-844C-C07B96589D3A}"
Version = "1.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32]

(Default) = "{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid]

(Default) = "{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}]

(Default) = "vbalGrid"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E9FB490-7EE2-46E9-B52A-9DE91DD218F4}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E9FB490-7EE2-46E9-B52A-9DE91DD218F4}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E9FB490-7EE2-46E9-B52A-9DE91DD218F4}\Forward]

(Default) = "{464D3E06-7D5B-416F-A6EE-0FFB1A5E931B}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E9FB490-7EE2-46E9-B52A-9DE91DD218F4}]

(Default) = "cGridCell"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{459A91BC-193F-4A70-959C-BFF69D781142}\TypeLib]

(Default) = "{DE8CE233-DD83-481D-844C-C07B96589D3A}"
Version = "1.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{459A91BC-193F-4A70-959C-BFF69D781142}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{459A91BC-193F-4A70-959C-BFF69D781142}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{459A91BC-193F-4A70-959C-BFF69D781142}]

(Default) = "IGridCellOwnerDraw"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{464D3E06-7D5B-416F-A6EE-0FFB1A5E931B}\TypeLib]

(Default) = "{DE8CE233-DD83-481D-844C-C07B96589D3A}"
Version = "1.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{464D3E06-7D5B-416F-A6EE-0FFB1A5E931B}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{464D3E06-7D5B-416F-A6EE-0FFB1A5E931B}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{464D3E06-7D5B-416F-A6EE-0FFB1A5E931B}]

(Default) = "cGridCell"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{497B84D4-FB2F-4AB0-A280-8AACFB4B355F}\TypeLib]

(Default) = "{DE8CE233-DD83-481D-844C-C07B96589D3A}"
Version = "1.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{497B84D4-FB2F-4AB0-A280-8AACFB4B355F}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{497B84D4-FB2F-4AB0-A280-8AACFB4B355F}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{497B84D4-FB2F-4AB0-A280-8AACFB4B355F}]

(Default) = "cGridSortObject"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66718B8E-A382-4FE2-AA7A-926F9D8C4621}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66718B8E-A382-4FE2-AA7A-926F9D8C4621}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66718B8E-A382-4FE2-AA7A-926F9D8C4621}\Forward]

(Default) = "{459A91BC-193F-4A70-959C-BFF69D781142}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66718B8E-A382-4FE2-AA7A-926F9D8C4621}]

(Default) = "IGridCellOwnerDraw"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib]

(Default) = "{71A2702D-C7D8-11D2-BEF8-525400DFB47A}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}]

(Default) = "ISubclass"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71A27031-C7D8-11D2-BEF8-525400DFB47A}\TypeLib]

(Default) = "{71A2702D-C7D8-11D2-BEF8-525400DFB47A}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71A27031-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71A27031-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71A27031-C7D8-11D2-BEF8-525400DFB47A}]

(Default) = "GSubclass"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71A27033-C7D8-11D2-BEF8-525400DFB47A}\TypeLib]

(Default) = "{71A2702D-C7D8-11D2-BEF8-525400DFB47A}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71A27033-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71A27033-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71A27033-C7D8-11D2-BEF8-525400DFB47A}]

(Default) = "CTimer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib]

(Default) = "{71A2702D-C7D8-11D2-BEF8-525400DFB47A}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32]

(Default) = "{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid]

(Default) = "{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}]

(Default) = "CTimer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BC39A57D-DF2C-45B4-BFFD-7D55E911C1B2}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

Other details

To mark the presence in the system, the following Mutex object was created:

DBWinMutex

There was application-defined hook procedure installed into the hook chain (e.g. to monitor keystrokes). The installed hook is handled by the following module:

%System%\MSVBVM60.DLL

Notes:

%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.