Техническая информация
- firefox.exe
- [HKCU\Software\Microsoft\IdentityCRL]
- [HKLM\Software\Microsoft\IdentityCRL]
- [HKLM\Software\Microsoft\Internet Account Manager]
- [HKLM\Software\Microsoft\Windows Mail]
- [HKLM\Software\WOW6432Node\Microsoft\IdentityCRL]
- [HKLM\Software\WOW6432Node\Microsoft\Internet Account Manager]
- [HKLM\Software\WOW6432Node\Microsoft\Windows Mail]
- %LOCALAPPDATA%\google\chrome\user data\default\cookies
- %LOCALAPPDATA%\google\chrome\user data\default\login data
- %LOCALAPPDATA%\google\chrome\user data\default\web data
- %LOCALAPPDATA%\microsoft\edge\user data\default\login data
- %LOCALAPPDATA%\microsoft\edge\user data\default\web data
- %TEMP%\xe9pad5ibco6.exe
- %TEMP%\_mei9042\81d243bd2c585b0f4821__mypyc.cp314-win_amd64.pyd
- %TEMP%\_mei9042\crypto\cipher\_arc4.pyd
- %TEMP%\_mei9042\crypto\cipher\_salsa20.pyd
- %TEMP%\_mei9042\crypto\cipher\_chacha20.pyd
- %TEMP%\_mei9042\crypto\cipher\_pkcs1_decode.pyd
- %TEMP%\_mei9042\crypto\cipher\_raw_aes.pyd
- %TEMP%\_mei9042\crypto\cipher\_raw_aesni.pyd
- %TEMP%\_mei9042\crypto\cipher\_raw_arc2.pyd
- %TEMP%\_mei9042\crypto\cipher\_raw_blowfish.pyd
- %TEMP%\_mei9042\crypto\cipher\_raw_cast.pyd
- %TEMP%\_mei9042\crypto\cipher\_raw_cbc.pyd
- %TEMP%\_mei9042\crypto\cipher\_raw_cfb.pyd
- %TEMP%\_mei9042\crypto\cipher\_raw_ctr.pyd
- %TEMP%\_mei9042\crypto\cipher\_raw_des.pyd
- %TEMP%\_mei9042\crypto\cipher\_raw_des3.pyd
- %TEMP%\_mei9042\crypto\cipher\_raw_ecb.pyd
- %TEMP%\_mei9042\crypto\cipher\_raw_eksblowfish.pyd
- %TEMP%\_mei9042\crypto\cipher\_raw_ocb.pyd
- %TEMP%\_mei9042\crypto\cipher\_raw_ofb.pyd
- %TEMP%\_mei9042\crypto\hash\_blake2b.pyd
- %TEMP%\_mei9042\crypto\hash\_blake2s.pyd
- %TEMP%\_mei9042\crypto\hash\_md2.pyd
- %TEMP%\_mei9042\crypto\hash\_md4.pyd
- %TEMP%\_mei9042\crypto\hash\_md5.pyd
- %TEMP%\_mei9042\crypto\hash\_ripemd160.pyd
- %TEMP%\_mei9042\crypto\hash\_sha1.pyd
- %TEMP%\_mei9042\crypto\hash\_sha224.pyd
- %TEMP%\_mei9042\crypto\hash\_sha256.pyd
- %TEMP%\_mei9042\crypto\hash\_sha384.pyd
- %TEMP%\_mei9042\crypto\hash\_sha512.pyd
- %TEMP%\_mei9042\crypto\hash\_ghash_clmul.pyd
- %TEMP%\_mei9042\crypto\hash\_ghash_portable.pyd
- %TEMP%\_mei9042\crypto\hash\_keccak.pyd
- %TEMP%\_mei9042\crypto\hash\_poly1305.pyd
- %TEMP%\_mei9042\crypto\math\_modexp.pyd
- %TEMP%\_mei9042\crypto\protocol\_scrypt.pyd
- %TEMP%\_mei9042\crypto\publickey\_curve25519.pyd
- %TEMP%\_mei9042\crypto\publickey\_curve448.pyd
- %TEMP%\_mei9042\crypto\publickey\_ec_ws.pyd
- %TEMP%\_mei9042\crypto\publickey\_ed25519.pyd
- %TEMP%\_mei9042\crypto\publickey\_ed448.pyd
- %TEMP%\_mei9042\crypto\util\_cpuid_c.pyd
- %TEMP%\_mei9042\crypto\util\_strxor.pyd
- %TEMP%\_mei9042\pyqt6\qt6\bin\msvcp140.dll
- %TEMP%\_mei9042\pyqt6\qt6\bin\msvcp140_1.dll
- %TEMP%\_mei9042\pyqt6\qt6\bin\msvcp140_2.dll
- %TEMP%\_mei9042\pyqt6\qt6\bin\qt6core.dll
- %TEMP%\_mei9042\pyqt6\qt6\bin\qt6gui.dll
- %TEMP%\_mei9042\pyqt6\qt6\bin\qt6multimedia.dll
- %TEMP%\_mei9042\pyqt6\qt6\bin\qt6network.dll
- %TEMP%\_mei9042\pyqt6\qt6\bin\qt6pdf.dll
- %TEMP%\_mei9042\pyqt6\qt6\bin\qt6svg.dll
- %TEMP%\_mei9042\pyqt6\qt6\bin\qt6widgets.dll
- %TEMP%\_mei9042\pyqt6\qt6\bin\vcruntime140.dll
- %TEMP%\_mei9042\pyqt6\qt6\bin\vcruntime140_1.dll
- %TEMP%\_mei9042\pyqt6\qt6\bin\avcodec-61.dll
- %TEMP%\_mei9042\pyqt6\qt6\bin\avformat-61.dll
- %TEMP%\_mei9042\pyqt6\qt6\bin\avutil-59.dll
- %TEMP%\_mei9042\pyqt6\qt6\bin\opengl32sw.dll
- %TEMP%\_mei9042\pyqt6\qt6\bin\swresample-5.dll
- %TEMP%\_mei9042\pyqt6\qt6\bin\swscale-8.dll
- %TEMP%\_mei9042\pyqt6\qt6\plugins\generic\qtuiotouchplugin.dll
- %TEMP%\_mei9042\pyqt6\qt6\plugins\iconengines\qsvgicon.dll
- %TEMP%\_mei9042\pyqt6\qt6\plugins\imageformats\qgif.dll
- %TEMP%\_mei9042\pyqt6\qt6\plugins\imageformats\qicns.dll
- %TEMP%\_mei9042\pyqt6\qt6\plugins\imageformats\qico.dll
- %TEMP%\_mei9042\pyqt6\qt6\plugins\imageformats\qjpeg.dll
- %TEMP%\_mei9042\pyqt6\qt6\plugins\imageformats\qpdf.dll
- %TEMP%\_mei9042\pyqt6\qt6\plugins\imageformats\qsvg.dll
- %TEMP%\_mei9042\pyqt6\qt6\plugins\imageformats\qtga.dll
- %TEMP%\_mei9042\pyqt6\qt6\plugins\imageformats\qtiff.dll
- %TEMP%\_mei9042\pyqt6\qt6\plugins\imageformats\qwbmp.dll
- %TEMP%\_mei9042\pyqt6\qt6\plugins\imageformats\qwebp.dll
- %TEMP%\_mei9042\pyqt6\qt6\plugins\multimedia\ffmpegmediaplugin.dll
- %TEMP%\_mei9042\pyqt6\qt6\plugins\multimedia\windowsmediaplugin.dll
- %TEMP%\_mei9042\pyqt6\qt6\plugins\networkinformation\qnetworklistmanager.dll
- %TEMP%\_mei9042\pyqt6\qt6\plugins\platforms\qminimal.dll
- %TEMP%\_mei9042\pyqt6\qt6\plugins\platforms\qoffscreen.dll
- %TEMP%\_mei9042\pyqt6\qt6\plugins\platforms\qwindows.dll
- %TEMP%\_mei9042\pyqt6\qt6\plugins\styles\qmodernwindowsstyle.dll
- %TEMP%\_mei9042\pyqt6\qt6\plugins\tls\qcertonlybackend.dll
- %TEMP%\_mei9042\pyqt6\qt6\plugins\tls\qopensslbackend.dll
- %TEMP%\_mei9042\pyqt6\qt6\plugins\tls\qschannelbackend.dll
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_ar.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_bg.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_ca.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_cs.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_da.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_de.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_en.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_es.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_fa.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_fi.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_fr.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_gd.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_gl.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_he.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_help_ar.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_help_bg.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_help_ca.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_help_cs.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_help_da.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_help_de.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_help_en.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_help_es.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_help_fr.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_help_gl.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_help_hr.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_help_hu.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_help_it.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_help_ja.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_help_ka.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_help_ko.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_help_nl.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_help_nn.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_help_pl.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_help_pt_br.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_help_ru.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_help_sk.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_help_sl.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_help_sv.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_help_tr.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_help_uk.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_help_zh_cn.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_help_zh_tw.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_hr.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_hu.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_it.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_ja.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_ka.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_ko.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_lg.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_lt.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_lv.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_nl.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_nn.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_pl.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_pt_br.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_pt_pt.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_ru.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_sk.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_sl.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_sv.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_tr.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_uk.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_zh_cn.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qt_zh_tw.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtbase_ar.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtbase_bg.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtbase_ca.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtbase_cs.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtbase_da.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtbase_de.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtbase_en.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtbase_es.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtbase_fa.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtbase_fi.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtbase_fr.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtbase_gd.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtbase_he.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtbase_hr.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtbase_hu.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtbase_it.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtbase_ja.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtbase_ka.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtbase_ko.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtbase_lg.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtbase_lv.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtbase_nl.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtbase_nn.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtbase_pl.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtbase_pt_br.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtbase_ru.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtbase_sk.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtbase_sv.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtbase_tr.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtbase_uk.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtbase_zh_cn.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtbase_zh_tw.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtmultimedia_ar.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtmultimedia_bg.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtmultimedia_ca.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtmultimedia_cs.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtmultimedia_da.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtmultimedia_de.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtmultimedia_en.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtmultimedia_es.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtmultimedia_fa.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtmultimedia_fi.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtmultimedia_fr.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtmultimedia_hr.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtmultimedia_hu.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtmultimedia_it.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtmultimedia_ja.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtmultimedia_ka.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtmultimedia_ko.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtmultimedia_nl.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtmultimedia_nn.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtmultimedia_pl.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtmultimedia_pt_br.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtmultimedia_ru.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtmultimedia_sk.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtmultimedia_sv.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtmultimedia_tr.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtmultimedia_uk.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtmultimedia_zh_cn.qm
- %TEMP%\_mei9042\pyqt6\qt6\translations\qtmultimedia_zh_tw.qm
- %TEMP%\_mei9042\pyqt6\qtcore.pyd
- %TEMP%\_mei9042\pyqt6\qtgui.pyd
- %TEMP%\_mei9042\pyqt6\qtmultimedia.pyd
- %TEMP%\_mei9042\pyqt6\qtnetwork.pyd
- %TEMP%\_mei9042\pyqt6\qtwidgets.pyd
- %TEMP%\_mei9042\pyqt6\sip.cp314-win_amd64.pyd
- %TEMP%\_mei9042\vcruntime140.dll
- %TEMP%\_mei9042\vcruntime140_1.dll
- %TEMP%\_mei9042\_asyncio.pyd
- %TEMP%\_mei9042\_bz2.pyd
- %TEMP%\_mei9042\_cffi_backend.cp314-win_amd64.pyd
- %TEMP%\_mei9042\_ctypes.pyd
- %TEMP%\_mei9042\_decimal.pyd
- %TEMP%\_mei9042\_hashlib.pyd
- %TEMP%\_mei9042\_lzma.pyd
- %TEMP%\_mei9042\_multiprocessing.pyd
- %TEMP%\_mei9042\_overlapped.pyd
- %TEMP%\_mei9042\_queue.pyd
- %TEMP%\_mei9042\_socket.pyd
- %TEMP%\_mei9042\_sqlite3.pyd
- %TEMP%\_mei9042\_ssl.pyd
- %TEMP%\_mei9042\_uuid.pyd
- %TEMP%\_mei9042\_wmi.pyd
- %TEMP%\_mei9042\_zstd.pyd
- %TEMP%\_mei9042\base_library.zip
- %TEMP%\_mei9042\certifi\cacert.pem
- %TEMP%\_mei9042\charset_normalizer\cd.cp314-win_amd64.pyd
- %TEMP%\_mei9042\charset_normalizer\md.cp314-win_amd64.pyd
- %TEMP%\_mei9042\cryptography-49.0.0.dist-info\installer
- %TEMP%\_mei9042\cryptography-49.0.0.dist-info\metadata
- %TEMP%\_mei9042\cryptography-49.0.0.dist-info\record
- %TEMP%\_mei9042\cryptography-49.0.0.dist-info\wheel
- %TEMP%\_mei9042\cryptography-49.0.0.dist-info\licenses\license
- %TEMP%\_mei9042\cryptography-49.0.0.dist-info\licenses\license.apache
- %TEMP%\_mei9042\cryptography-49.0.0.dist-info\licenses\license.bsd
- %TEMP%\_mei9042\cryptography-49.0.0.dist-info\sboms\cryptography-rust.cyclonedx.json
- %TEMP%\_mei9042\cryptography-49.0.0.dist-info\sboms\sbom.json
- %TEMP%\_mei9042\cryptography\hazmat\bindings\_rust.pyd
- %TEMP%\_mei9042\libcrypto-3.dll
- %TEMP%\_mei9042\libffi-8.dll
- %TEMP%\_mei9042\libssl-3.dll
- %TEMP%\_mei9042\pyexpat.pyd
- %TEMP%\_mei9042\python3.dll
- %TEMP%\_mei9042\python314.dll
- %TEMP%\_mei9042\pythonwin\win32ui.pyd
- %TEMP%\_mei9042\pywin32_system32\pythoncom314.dll
- %TEMP%\_mei9042\pywin32_system32\pywintypes314.dll
- %TEMP%\_mei9042\select.pyd
- %TEMP%\_mei9042\setuptools\_vendor\importlib_metadata-8.7.1.dist-info\installer
- %TEMP%\_mei9042\setuptools\_vendor\importlib_metadata-8.7.1.dist-info\metadata
- %TEMP%\_mei9042\setuptools\_vendor\importlib_metadata-8.7.1.dist-info\record
- %TEMP%\_mei9042\setuptools\_vendor\importlib_metadata-8.7.1.dist-info\wheel
- %TEMP%\_mei9042\setuptools\_vendor\importlib_metadata-8.7.1.dist-info\licenses\license
- %TEMP%\_mei9042\setuptools\_vendor\importlib_metadata-8.7.1.dist-info\top_level.txt
- %TEMP%\_mei9042\setuptools\_vendor\jaraco\text\lorem ipsum.txt
- %TEMP%\_mei9042\sqlite3.dll
- %TEMP%\_mei9042\unicodedata.pyd
- %TEMP%\_mei9042\win32\_win32sysloader.pyd
- %TEMP%\_mei9042\win32\win32api.pyd
- %TEMP%\_mei9042\win32\win32crypt.pyd
- %TEMP%\_mei9042\win32\win32event.pyd
- %TEMP%\_mei9042\win32\win32trace.pyd
- %TEMP%\_mei9042\win32com\propsys\propsys.pyd
- %TEMP%\_mei9042\winsound.pyd
- %TEMP%\ul0694xa
- %TEMP%\mooncloud\icon.ico
- %APPDATA%\microsoft\windows\start menu\programs\mooncloud.lnk
- %TEMP%\mooncloud_sounds\connect.wav
- %TEMP%\mooncloud_sounds\disconnect.wav
- %TEMP%\mooncloud_sounds\notify.wav
- %TEMP%\_a083dfa7c5
- %TEMP%\_c4f832efe2
- %TEMP%\_7de4893b68
- %TEMP%\_802475413f
- %TEMP%\_bb06ec7a1f
- %TEMP%\_f3fd19f038
- %TEMP%\_3979f37ec4
- %TEMP%\_ada26b3ab3
- %TEMP%\_fec796d94e
- %TEMP%\_2edaa2d4d1
- %TEMP%\_6227d16ede
- %TEMP%\_36a5850c91
- %TEMP%\_99218f8028
- %TEMP%\_a91dc5e68d
- %TEMP%\_cab1b0ae1f
- %TEMP%\_9b0047d1a1
- %TEMP%\_a84f5b89d4
- %TEMP%\_38fdea3bce
- %TEMP%\_38fdea3bce-shm
- %TEMP%\ \system\system info.txt
- %TEMP%\ \system\mac addresses.txt
- %TEMP%\ \system\antivirus.txt
- %TEMP%\ \system\task list.txt
- %TEMP%\xe9pad5ibco6.exe
- %TEMP%\ul0694xa
- %TEMP%\_a083dfa7c5
- %TEMP%\_c4f832efe2
- %TEMP%\_7de4893b68
- %TEMP%\_802475413f
- %TEMP%\_bb06ec7a1f
- %TEMP%\_f3fd19f038
- %TEMP%\_3979f37ec4
- %TEMP%\_ada26b3ab3
- %TEMP%\_fec796d94e
- %TEMP%\_2edaa2d4d1
- %TEMP%\_6227d16ede
- %TEMP%\_36a5850c91
- %TEMP%\_99218f8028
- %TEMP%\_a91dc5e68d
- %TEMP%\_cab1b0ae1f
- %TEMP%\_9b0047d1a1
- %TEMP%\_a84f5b89d4
- %TEMP%\_38fdea3bce-shm
- %TEMP%\_38fdea3bce
- '%TEMP%\xe9pad5ibco6.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -NoProfile -ExecutionPolicy Bypass -Command " $lnk = '%APPDATA%\Microsoft\Windows\Start Menu\Programs\MoonCloud.lnk' $ws = New-Object -ComObject WScript.Shell $s = $ws.CreateShortcut($lnk) $s.T...
- '<SYSTEM32>\cmd.exe' /c "wmic computersystem get model" (со скрытым окном)
- '<SYSTEM32>\wbem\wmic.exe' computersystem get model
- '<SYSTEM32>\cmd.exe' /c "wmic path win32_shortcutfile where name="C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Telegram Desktop\\Telegram.lnk" get target /value" (со скрытым окном)
- '<SYSTEM32>\wbem\wmic.exe' path win32_shortcutfile where name="C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Telegram Desktop\\Telegram.lnk" get target /value
- '<SYSTEM32>\cmd.exe' /c "netsh wlan show profile" (со скрытым окном)
- '<SYSTEM32>\netsh.exe' wlan show profile
- '<SYSTEM32>\cmd.exe' /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY" (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
- '<SYSTEM32>\cmd.exe' /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY" (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
- '<SYSTEM32>\cmd.exe' /c "wmic path win32_shortcutfile where name="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Steam\\Steam.lnk" get target /value" (со скрытым окном)
- '<SYSTEM32>\wbem\wmic.exe' path win32_shortcutfile where name="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Steam\\Steam.lnk" get target /value
- '<SYSTEM32>\cmd.exe' /c "systeminfo" (со скрытым окном)
- '<SYSTEM32>\systeminfo.exe'
- '<SYSTEM32>\cmd.exe' /c "getmac" (со скрытым окном)
- '<SYSTEM32>\getmac.exe'
- '<SYSTEM32>\cmd.exe' /c "powershell Get-Clipboard" (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Get-Clipboard
- '<SYSTEM32>\cmd.exe' /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName" (со скрытым окном)
- '<SYSTEM32>\wbem\wmic.exe' /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
- '<SYSTEM32>\cmd.exe' /c "tasklist /FO LIST" (со скрытым окном)
- '<SYSTEM32>\tasklist.exe' /FO LIST
- '<SYSTEM32>\cmd.exe' /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbAB... (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC...
- '%TEMP%\xe9pad5ibco6.exe' (со скрытым окном)