Results of system analysis

Process List

File name	PID	Description	Copyright	MD5	Information
c:\program files\windowsapps\appleinc.itunes_12126.1.57048.0_x64__nzyj5cx40ttqa\amds64\applemobiledeviceprocess.exe Script: Quarantine, Delete, Delete via BC, Terminate	15276	MobileDeviceProcess	© 2022 Apple Inc. All rights reserved.	165ED00086283B2B0D33E7051CADC1B7	100.84 kb, rsAh,created: 25.10.2022 13:21:48,modified: 25.10.2022 13:22:15 Command line:
c:\users\labma\appdata\local\temp\iylbkybw.ytn\getsysteminfodllcache\avz\avz.exe Script: Quarantine, Delete, Delete via BC, Terminate	5772			343ED2D3905CA0C82A4E85217B4033FB	8924.64 kb, rsAh,created: 06.11.2022 21:16:28,modified: 18.10.2022 01:38:44 Command line: "C:\Users\labma\AppData\Local\Temp\iylbkybw.ytn\GetSystemInfoDllCache\avz\avz.exe" SpoolLog="C:\Users\labma\AppData\Local\Temp\iylbkybw.ytn\GetSystemInfo\avz.log" TempFolder="C:\Users\labma\AppData\Local\Temp\iylbkybw.ytn\GetSystemInfo\AvzTemp"
c:\windows\syswow64\backgroundtaskhost.exe Script: Quarantine, Delete, Delete via BC, Terminate	19732	Background Task Host	© Microsoft Corporation. All rights reserved.	F290D12F0351B56708B3DF1EC26CB45B	17.31 kb, rsAh,created: 21.03.2022 21:01:23,modified: 21.03.2022 21:01:23 Command line: "C:\WINDOWS\SysWOW64\backgroundTaskHost.exe" -ServerName:Spotify.AppXt469n91rqc91c7c1tk8hgxpvb3sxp03a.mca
c:\program files\bitdefender\bitdefender security\bdagent.exe Script: Quarantine, Delete, Delete via BC, Terminate	11612	Bitdefender agent	©1997-2022 Bitdefender	65154485AF4F058286E776C90BFC9796	966.02 kb, rsAh,created: 29.07.2022 17:23:14,modified: 04.10.2022 05:59:16 Command line:
c:\program files\bitdefender\bitdefender security\bdntwrk.exe Script: Quarantine, Delete, Delete via BC, Terminate	4912	Bitdefender Network OS Helper Process	©1997-2022 Bitdefender	D943083347399DBE020B9E23EC455457	830.52 kb, rsAh,created: 29.07.2022 17:23:15,modified: 04.10.2022 05:59:17 Command line:
c:\program files\bitdefender agent\redline\bdredline.exe Script: Quarantine, Delete, Delete via BC, Terminate	16144	Bitdefender redline update	©1997-2018 Bitdefender	B7FBABD24384C5647B925744F41DBFD0	2397.10 kb, rsAh,created: 29.07.2022 15:09:52,modified: 10.02.2022 13:17:34 Command line: "C:\Program Files\Bitdefender Agent\redline\bdredline.exe"
c:\program files\common files\bitdefender\setupinformation\bitdefender redline\bdredline.exe Script: Quarantine, Delete, Delete via BC, Terminate	18340	Bitdefender redline update	©1997-2018 Bitdefender	105FFDE9A2B88CD22B1CCF0B78F3E3E8	2925.58 kb, rsAh,created: 29.07.2022 17:23:30,modified: 28.01.2022 08:48:53 Command line:
c:\program files\bitdefender\bitdefender security\bdservicehost.exe Script: Quarantine, Delete, Delete via BC, Terminate	2660	bdservicehost	©1997-2022 Bitdefender	731269538E4C7CA9B56662AF026D02E7	802.52 kb, rsAh,created: 29.07.2022 17:23:15,modified: 04.10.2022 05:59:17 Command line:
c:\program files\bitdefender\bitdefender security\bdservicehost.exe Script: Quarantine, Delete, Delete via BC, Terminate	2028	bdservicehost	©1997-2022 Bitdefender	731269538E4C7CA9B56662AF026D02E7	802.52 kb, rsAh,created: 29.07.2022 17:23:15,modified: 04.10.2022 05:59:17 Command line:
c:\program files\bitdefender\bitdefender security\bdtrackersnmh.exe Script: Quarantine, Delete, Delete via BC, Terminate	14828	trackers blocker host	©1997-2022 Bitdefender	5BB8CE58AF335A1AC210E4EF6DF6402B	122.02 kb, rsAh,created: 29.07.2022 17:23:15,modified: 04.10.2022 05:59:17 Command line:
c:\program files\bitdefender\bitdefender vpn\bdvpnapp.exe Script: Quarantine, Delete, Delete via BC, Terminate	12140	Bitdefender Vpn App	©1997-2022 Bitdefender	BE4BED160D2C857DF8B0E1F0AE55D94A	483.05 kb, rsAh,created: 24.10.2022 13:39:30,modified: 17.08.2022 00:50:25 Command line:
c:\program files\bitdefender\bitdefender vpn\bdvpnservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	2668	Bitdefender Vpn Service	©1997-2022 Bitdefender	FB08EDD7AA88ABFFCB9A3090ECC43F3C	442.55 kb, rsAh,created: 24.10.2022 13:39:30,modified: 17.08.2022 00:50:54 Command line:
c:\program files\bitdefender\bitdefender security\bdwtxag.exe Script: Quarantine, Delete, Delete via BC, Terminate	13752	Bitdefender Wallet Agent	©1997-2022 Bitdefender	AA44095F2B8A4F62D44671586C3C53E5	2034.02 kb, rsAh,created: 29.07.2022 17:23:15,modified: 04.10.2022 05:59:18 Command line:
c:\program files\windowsapps\robloxcorporation.roblox_2.551.575.0_x86__55nm5eh3cm0pr\assets\crashhandler.exe Script: Quarantine, Delete, Delete via BC, Terminate	10748			2470505C42C4CCE6FFB7BBA6A24527D2	4069.50 kb, rsAh,created: 12.08.2022 05:28:09,modified: 12.08.2022 05:28:12 Command line: "C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.551.575.0_x86__55nm5eh3cm0pr/Assets/CrashHandler.exe" --crashHandler --baseUrl https://www.roblox.com/ --crashCounter UWP-ROBLOXPlayer-Crash --no-rate-limit --attachment=attachment_2.551.0.575_20221107T025741Z_Player_EFE79_last.log=C:\Users\labma\AppData\Local\Packages\ROBLOXCORPORATION.ROBLOX_55nm5eh3cm0pr\LocalState\logs\2.551.0.575_20221107T025741Z_Player_EFE79_last.log --database=C:\Users\labma\AppData\Local\Packages\ROBLOXCORPORATION.ROBLOX_55nm5eh3cm0pr\LocalState\logs\crashes --metrics-dir=C:\Users\labma\AppData\Local\Packages\ROBLOXCORPORATION.ROBLOX_55nm5eh3cm0pr\LocalState\logs\crashes --url=https://upload.crashes.rbxinfra.com/post?format=minidump --initial-client-data=0xd7c,0xd84,0xd88,0xd08,0xd8c,0x2e0a9f4,0x2e0aa04,0x2e0aa14
c:\users\labma\appdata\local\medal\recorder-3.580.0\dlls\crashpad_handler.exe Script: Quarantine, Delete, Delete via BC, Terminate	13268			1C5A6E6FFDA94882EB2DB1A8B91DEE33	1379.50 kb, rsAh,created: 02.11.2022 21:34:43,modified: 02.11.2022 21:34:43 Command line:
c:\users\labma\appdata\local\discord\app-1.0.9007\discord.exe Script: Quarantine, Delete, Delete via BC, Terminate	12616	Discord	Copyright (c) 2022 Discord Inc. All rights reserved.	B34E4632CC0EF454E0788C7AC55DE11B	115235.77 kb, rsAh,created: 21.10.2022 16:31:32,modified: 21.10.2022 16:31:32 Command line: "C:\Users\labma\AppData\Local\Discord\app-1.0.9007\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1592,2958870591977142523,9213100903305399212,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,HardwareMediaKeyHandling,MediaSessionService,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:8
c:\users\labma\appdata\local\discord\app-1.0.9007\discord.exe Script: Quarantine, Delete, Delete via BC, Terminate	12688	Discord	Copyright (c) 2022 Discord Inc. All rights reserved.	B34E4632CC0EF454E0788C7AC55DE11B	115235.77 kb, rsAh,created: 21.10.2022 16:31:32,modified: 21.10.2022 16:31:32 Command line: "C:\Users\labma\AppData\Local\Discord\app-1.0.9007\Discord.exe"
c:\users\labma\appdata\local\discord\app-1.0.9007\discord.exe Script: Quarantine, Delete, Delete via BC, Terminate	13308	Discord	Copyright (c) 2022 Discord Inc. All rights reserved.	B34E4632CC0EF454E0788C7AC55DE11B	115235.77 kb, rsAh,created: 21.10.2022 16:31:32,modified: 21.10.2022 16:31:32 Command line: C:\Users\labma\AppData\Local\Discord\app-1.0.9007\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\labma\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\labma\AppData\Roaming\discord\Crashpad --url=https://sentry.io/api/146342/minidump/?sentry_key=384ce4413de74fe0be270abe03b2b35a "--annotation=_companyName=Discord Inc." --annotation=_productName=Discord --annotation=_version=1.0.9007 --annotation=prod=Electron --annotation=ver=13.6.6 --initial-client-data=0x494,0x498,0x49c,0x490,0x4a0,0x7753850,0x7753860,0x775386c
c:\users\labma\appdata\local\discord\app-1.0.9007\discord.exe Script: Quarantine, Delete, Delete via BC, Terminate	3344	Discord	Copyright (c) 2022 Discord Inc. All rights reserved.	B34E4632CC0EF454E0788C7AC55DE11B	115235.77 kb, rsAh,created: 21.10.2022 16:31:32,modified: 21.10.2022 16:31:32 Command line: "C:\Users\labma\AppData\Local\Discord\app-1.0.9007\Discord.exe" --type=gpu-process --field-trial-handle=1592,2958870591977142523,9213100903305399212,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,HardwareMediaKeyHandling,MediaSessionService,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1624 /prefetch:2
c:\users\labma\appdata\local\discord\app-1.0.9007\discord.exe Script: Quarantine, Delete, Delete via BC, Terminate	5916	Discord	Copyright (c) 2022 Discord Inc. All rights reserved.	B34E4632CC0EF454E0788C7AC55DE11B	115235.77 kb, rsAh,created: 21.10.2022 16:31:32,modified: 21.10.2022 16:31:32 Command line: "C:\Users\labma\AppData\Local\Discord\app-1.0.9007\Discord.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1592,2958870591977142523,9213100903305399212,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,HardwareMediaKeyHandling,MediaSessionService,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1676 /prefetch:8
c:\users\labma\appdata\local\discord\app-1.0.9007\discord.exe Script: Quarantine, Delete, Delete via BC, Terminate	13892	Discord	Copyright (c) 2022 Discord Inc. All rights reserved.	B34E4632CC0EF454E0788C7AC55DE11B	115235.77 kb, rsAh,created: 21.10.2022 16:31:32,modified: 21.10.2022 16:31:32 Command line: "C:\Users\labma\AppData\Local\Discord\app-1.0.9007\Discord.exe" --type=renderer --autoplay-policy=no-user-gesture-required --field-trial-handle=1592,2958870591977142523,9213100903305399212,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,HardwareMediaKeyHandling,MediaSessionService,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\labma\AppData\Local\Discord\app-1.0.9007\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1 --enable-node-leakage-in-renderers
c:\program files\bitdefender agent\26.0.1.233\discoverysrv.exe Script: Quarantine, Delete, Delete via BC, Terminate	9012	DiscoverySrv	©1997-2022 Bitdefender	5A6309CA5944ED6B972F1B90F47873CE	767.58 kb, rsAh,created: 03.11.2022 14:05:18,modified: 25.07.2022 12:57:51 Command line: "C:\Program Files\Bitdefender Agent\26.0.1.233\DiscoverySrv.exe"
c:\program files (x86)\microsoft gameinput\x64\gameinputsvc.exe Script: Quarantine, Delete, Delete via BC, Terminate	5284	GameInput Host Service	© Microsoft Corporation. All rights reserved.	AA8F018827975A162DCABF72AEEA438D	89.45 kb, rsAh,created: 12.10.2022 03:39:54,modified: 12.10.2022 03:39:54 Command line:
c:\program files (x86)\microsoft gameinput\x64\gameinputsvc.exe Script: Quarantine, Delete, Delete via BC, Terminate	5148	GameInput Host Service	© Microsoft Corporation. All rights reserved.	AA8F018827975A162DCABF72AEEA438D	89.45 kb, rsAh,created: 12.10.2022 03:39:54,modified: 12.10.2022 03:39:54 Command line:
c:\program files\windowsapps\microsoft.gamingservices_7.70.13002.0_x64__8wekyb3d8bbwe\gamingservices.exe Script: Quarantine, Delete, Delete via BC, Terminate	7312	GamingServices	© Microsoft Corporation. All rights reserved.	1E64ECF8B23CE5DF3ADBFD635C58119E	73.47 kb, rsAh,created: 26.10.2022 12:23:29,modified: 26.10.2022 12:23:35 Command line:
c:\program files\windowsapps\microsoft.gamingservices_7.70.13002.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe Script: Quarantine, Delete, Delete via BC, Terminate	7300	GamingServices	© Microsoft Corporation. All rights reserved.	1E64ECF8B23CE5DF3ADBFD635C58119E	73.47 kb, rsAh,created: 26.10.2022 12:23:29,modified: 26.10.2022 12:23:35 Command line:
c:\program files (x86)\google\update\1.3.36.152\googlecrashhandler.exe Script: Quarantine, Delete, Delete via BC, Terminate	7604	Google Crash Handler	Copyright 2018 Google LLC	381C22092074255A291F4C9946A5C28F	302.46 kb, rsAh,created: 29.08.2022 11:48:23,modified: 29.08.2022 11:48:17 Command line: "C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe"
c:\users\labma\downloads\gsi-6.2.2.33.exe Script: Quarantine, Delete, Delete via BC, Terminate	18548	Kaspersky Get System Info	© 2018 AO Kaspersky Lab. All Rights Reserved.	B9B243ADCA79925A5C471B2FE27EA660	13408.27 kb, rsAh,created: 06.11.2022 21:09:28,modified: 06.11.2022 21:11:37 Command line: "C:\Users\labma\Downloads\GSI-6.2.2.33.exe"
c:\users\labma\appdata\local\temp\xeb8.0\gsi.exe Script: Quarantine, Delete, Delete via BC, Terminate	17816	Kaspersky Get System Info	2018 AO Kaspersky Lab. All Rights Reserved.	F4811C1F71D77F793FB07AFD32DA53A5	1328.77 kb, rsAh,created: 06.11.2022 21:14:09,modified: 18.10.2022 01:39:23 Command line: "C:\Users\labma\AppData\Local\Temp\xeb8.0\GSI.exe"
c:\program files (x86)\gyazo\gystation.exe Script: Quarantine, Delete, Delete via BC, Terminate	1116	GyStation	Copyright © 2018 Gyazo Team at Nota Inc.	82E10715DF567BC03F33BE07331C78A8	919.35 kb, rsAh,created: 04.08.2022 22:22:26,modified: 11.10.2022 04:59:36 Command line: "C:\Program Files (x86)\Gyazo\GyStation.exe"
c:\program files (x86)\common files\java\java update\jucheck.exe Script: Quarantine, Delete, Delete via BC, Terminate	4524	Java Update Checker	Copyright © 2022	461E52311CB85C977235DEEEC03B5C2D	1135.66 kb, rsAh,created: 16.06.2022 15:56:54,modified: 16.06.2022 15:56:54 Command line: "C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto
c:\program files (x86)\common files\java\java update\jusched.exe Script: Quarantine, Delete, Delete via BC, Terminate	16044	Java Update Scheduler	Copyright © 2022	1C522F25649BD39EE7CB1C82142F431E	694.66 kb, rsAh,created: 16.06.2022 15:57:12,modified: 16.06.2022 15:57:12 Command line: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
c:\program files (x86)\skillbrains\lightshot\5.5.0.7\lightshot.exe Script: Quarantine, Delete, Delete via BC, Terminate	15992	Lightshot	Copyright (C) 2009-2019	1E1C83B9680029AD4A9F8D3B3AC93197	487.91 kb, rsAh,created: 29.07.2022 18:30:20,modified: 21.07.2019 22:21:52 Command line: "C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe"
c:\users\labma\appdata\local\medal\app-4.1687.0\medal.exe Script: Quarantine, Delete, Delete via BC, Terminate	5024	Medal	Copyright 2020 Medal B.V.. All rights reserved.	737590E114425C10D6E1B7C354B58BF0	128158.42 kb, rsAh,created: 01.08.2022 00:11:34,modified: 01.08.2022 00:11:37 Command line:
c:\users\labma\appdata\local\medal\app-4.1687.0\medal.exe Script: Quarantine, Delete, Delete via BC, Terminate	17252	Medal	Copyright 2020 Medal B.V.. All rights reserved.	737590E114425C10D6E1B7C354B58BF0	128158.42 kb, rsAh,created: 01.08.2022 00:11:34,modified: 01.08.2022 00:11:37 Command line:
c:\users\labma\appdata\local\medal\app-4.1687.0\medal.exe Script: Quarantine, Delete, Delete via BC, Terminate	13300	Medal	Copyright 2020 Medal B.V.. All rights reserved.	737590E114425C10D6E1B7C354B58BF0	128158.42 kb, rsAh,created: 01.08.2022 00:11:34,modified: 01.08.2022 00:11:37 Command line:
c:\users\labma\appdata\local\medal\app-4.1687.0\resources\app\medal.exe Script: Quarantine, Delete, Delete via BC, Terminate	17056	MedalLauncher	Copyright © 2021	9CB06336066D3E84D8412E10505BFF12	162.88 kb, rsAh,created: 01.08.2022 00:11:37,modified: 02.11.2022 21:21:07 Command line:
c:\users\labma\appdata\local\medal\app-4.1687.0\medal.exe Script: Quarantine, Delete, Delete via BC, Terminate	13720	Medal	Copyright 2020 Medal B.V.. All rights reserved.	737590E114425C10D6E1B7C354B58BF0	128158.42 kb, rsAh,created: 01.08.2022 00:11:34,modified: 01.08.2022 00:11:37 Command line:
c:\users\labma\appdata\local\medal\app-4.1687.0\medal.exe Script: Quarantine, Delete, Delete via BC, Terminate	14232	Medal	Copyright 2020 Medal B.V.. All rights reserved.	737590E114425C10D6E1B7C354B58BF0	128158.42 kb, rsAh,created: 01.08.2022 00:11:34,modified: 01.08.2022 00:11:37 Command line:
c:\users\labma\appdata\local\medal\app-4.1687.0\medal.exe Script: Quarantine, Delete, Delete via BC, Terminate	12648	Medal	Copyright 2020 Medal B.V.. All rights reserved.	737590E114425C10D6E1B7C354B58BF0	128158.42 kb, rsAh,created: 01.08.2022 00:11:34,modified: 01.08.2022 00:11:37 Command line:
c:\users\labma\appdata\local\medal\app-4.1687.0\medal.exe Script: Quarantine, Delete, Delete via BC, Terminate	1392	Medal	Copyright 2020 Medal B.V.. All rights reserved.	737590E114425C10D6E1B7C354B58BF0	128158.42 kb, rsAh,created: 01.08.2022 00:11:34,modified: 01.08.2022 00:11:37 Command line:
c:\users\labma\appdata\local\medal\recorder-3.580.0\medalencoder.exe Script: Quarantine, Delete, Delete via BC, Terminate	16436	MedalEncoder	Copyright © 2018	22C0DB2E1642C4DD111AD43FBB6B6C23	908.88 kb, rsAh,created: 02.11.2022 21:34:52,modified: 02.11.2022 21:34:52 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	8964	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	40B54683E273830B71D8244A0AEB314E	3800.41 kb, rsAh,created: 05.08.2021 16:41:46,modified: 03.11.2022 01:00:42 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	10676	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	40B54683E273830B71D8244A0AEB314E	3800.41 kb, rsAh,created: 05.08.2021 16:41:46,modified: 03.11.2022 01:00:42 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	18244	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	40B54683E273830B71D8244A0AEB314E	3800.41 kb, rsAh,created: 05.08.2021 16:41:46,modified: 03.11.2022 01:00:42 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	16956	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	40B54683E273830B71D8244A0AEB314E	3800.41 kb, rsAh,created: 05.08.2021 16:41:46,modified: 03.11.2022 01:00:42 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	13152	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	40B54683E273830B71D8244A0AEB314E	3800.41 kb, rsAh,created: 05.08.2021 16:41:46,modified: 03.11.2022 01:00:42 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	17232	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	40B54683E273830B71D8244A0AEB314E	3800.41 kb, rsAh,created: 05.08.2021 16:41:46,modified: 03.11.2022 01:00:42 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	4404	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	40B54683E273830B71D8244A0AEB314E	3800.41 kb, rsAh,created: 05.08.2021 16:41:46,modified: 03.11.2022 01:00:42 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	15672	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	40B54683E273830B71D8244A0AEB314E	3800.41 kb, rsAh,created: 05.08.2021 16:41:46,modified: 03.11.2022 01:00:42 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	9176	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	40B54683E273830B71D8244A0AEB314E	3800.41 kb, rsAh,created: 05.08.2021 16:41:46,modified: 03.11.2022 01:00:42 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	13588	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	40B54683E273830B71D8244A0AEB314E	3800.41 kb, rsAh,created: 05.08.2021 16:41:46,modified: 03.11.2022 01:00:42 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	15284	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	40B54683E273830B71D8244A0AEB314E	3800.41 kb, rsAh,created: 05.08.2021 16:41:46,modified: 03.11.2022 01:00:42 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	14356	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	40B54683E273830B71D8244A0AEB314E	3800.41 kb, rsAh,created: 05.08.2021 16:41:46,modified: 03.11.2022 01:00:42 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	14524	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	40B54683E273830B71D8244A0AEB314E	3800.41 kb, rsAh,created: 05.08.2021 16:41:46,modified: 03.11.2022 01:00:42 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	14544	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	40B54683E273830B71D8244A0AEB314E	3800.41 kb, rsAh,created: 05.08.2021 16:41:46,modified: 03.11.2022 01:00:42 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	19200	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	40B54683E273830B71D8244A0AEB314E	3800.41 kb, rsAh,created: 05.08.2021 16:41:46,modified: 03.11.2022 01:00:42 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	4112	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	40B54683E273830B71D8244A0AEB314E	3800.41 kb, rsAh,created: 05.08.2021 16:41:46,modified: 03.11.2022 01:00:42 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	1632	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	40B54683E273830B71D8244A0AEB314E	3800.41 kb, rsAh,created: 05.08.2021 16:41:46,modified: 03.11.2022 01:00:42 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	14708	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	40B54683E273830B71D8244A0AEB314E	3800.41 kb, rsAh,created: 05.08.2021 16:41:46,modified: 03.11.2022 01:00:42 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	8148	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	40B54683E273830B71D8244A0AEB314E	3800.41 kb, rsAh,created: 05.08.2021 16:41:46,modified: 03.11.2022 01:00:42 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	11764	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	40B54683E273830B71D8244A0AEB314E	3800.41 kb, rsAh,created: 05.08.2021 16:41:46,modified: 03.11.2022 01:00:42 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	16052	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	40B54683E273830B71D8244A0AEB314E	3800.41 kb, rsAh,created: 05.08.2021 16:41:46,modified: 03.11.2022 01:00:42 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	16460	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	40B54683E273830B71D8244A0AEB314E	3800.41 kb, rsAh,created: 05.08.2021 16:41:46,modified: 03.11.2022 01:00:42 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	17708	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	40B54683E273830B71D8244A0AEB314E	3800.41 kb, rsAh,created: 05.08.2021 16:41:46,modified: 03.11.2022 01:00:42 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	1636	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	40B54683E273830B71D8244A0AEB314E	3800.41 kb, rsAh,created: 05.08.2021 16:41:46,modified: 03.11.2022 01:00:42 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	14260	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	40B54683E273830B71D8244A0AEB314E	3800.41 kb, rsAh,created: 05.08.2021 16:41:46,modified: 03.11.2022 01:00:42 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	10848	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	40B54683E273830B71D8244A0AEB314E	3800.41 kb, rsAh,created: 05.08.2021 16:41:46,modified: 03.11.2022 01:00:42 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	17532	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	40B54683E273830B71D8244A0AEB314E	3800.41 kb, rsAh,created: 05.08.2021 16:41:46,modified: 03.11.2022 01:00:42 Command line:
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	5652	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	40B54683E273830B71D8244A0AEB314E	3800.41 kb, rsAh,created: 05.08.2021 16:41:46,modified: 03.11.2022 01:00:42 Command line:
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	17284	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	40B54683E273830B71D8244A0AEB314E	3800.41 kb, rsAh,created: 05.08.2021 16:41:46,modified: 03.11.2022 01:00:42 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	8344	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	40B54683E273830B71D8244A0AEB314E	3800.41 kb, rsAh,created: 05.08.2021 16:41:46,modified: 03.11.2022 01:00:42 Command line:
c:\users\labma\appdata\local\microsoft\onedrive\onedrive.exe Script: Quarantine, Delete, Delete via BC, Terminate	11728	Microsoft OneDrive	© Microsoft Corporation. All rights reserved.	503D1C7FD8206FE6D7D4DC00C2E1F2FC	2568.38 kb, rsAh,created: 29.07.2022 15:01:01,modified: 02.11.2022 14:38:35 Command line:
c:\program files\windowsapps\microsoft.yourphone_1.22082.119.0_x64__8wekyb3d8bbwe\phoneexperiencehost.exe Script: Quarantine, Delete, Delete via BC, Terminate	3448	PhoneExperienceHost	© Microsoft Corporation. All rights reserved.	7C83E63F161250CB777A06E6C63B83A1	484.94 kb, rsAh,created: 22.10.2022 11:27:48,modified: 22.10.2022 11:27:56 Command line:
c:\program files\bitdefender agent\productagentservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	5316	Bitdefender Agent	©1997-2022 Bitdefender	7F5C6DCAEAC3D6A3D77E4ED88B31BCAB	770.58 kb, rsAh,created: 29.07.2022 15:09:52,modified: 25.07.2022 12:58:14 Command line: "C:\Program Files\Bitdefender Agent\ProductAgentService.exe"
Registry.exe Script: Quarantine, Delete, Delete via BC, Terminate	108			X	error getting file info Command line:
c:\users\labma\appdata\local\roblox\versions\version-717cf6a6f7614f44\robloxplayerbeta.exe Script: Quarantine, Delete, Delete via BC, Terminate	12924	Roblox Game Client	Copyright В© 2020 Roblox Corporation. All rights reserved.	7809FE3C1F3DBC4643FD9DB023527739	56499.32 kb, rsAh,created: 02.11.2022 19:24:51,modified: 02.11.2022 19:24:51 Command line:
c:\users\labma\appdata\local\roblox\versions\version-717cf6a6f7614f44\robloxplayerbeta.exe Script: Quarantine, Delete, Delete via BC, Terminate	3132	Roblox Game Client	Copyright В© 2020 Roblox Corporation. All rights reserved.	7809FE3C1F3DBC4643FD9DB023527739	56499.32 kb, rsAh,created: 02.11.2022 19:24:51,modified: 02.11.2022 19:24:51 Command line: "C:\Users\labma\AppData\Local\Roblox\Versions\version-717cf6a6f7614f44\RobloxPlayerBeta.exe" --app -t ZZ1tyBR-b1dlTcxZIeOOBK0oHpevDR4oyAakbcjO7ka-hRS9CASpmXerC2OxG1PXlEb6cu3wmdVAwMcnC-n2bpHWfyhrjyY1i_QB8hIBNwujfHazXb3hlYfEdhzDvVEpSHD_OO_r3HV_s5p8TU4gvLoQUE6COH9lEcuA2xGVI8NFCIOMH6ngrGBSfa-r12BwfPAIWCY66CdMR7YZM5ToWK_rn-msI8VfGnHTkO5Yv_Y -j https://assetgame.roblox.com/game/PlaceLauncher.ashx?request=RequestGame&browserTrackerId=142540613725&placeId=11425849726&isPlayTogetherGame=false -b 142540613725 --launchtime=1667791025387 --rloc en_us --gloc en_us
c:\users\labma\appdata\local\roblox\versions\version-7416e8c9782b442c\robloxstudiobeta.exe Script: Quarantine, Delete, Delete via BC, Terminate	12700	RobloxStudio	Copyright © 2022 Roblox Corporation	783472D92DA221D52F33B59CA76230BD	93168.32 kb, rsAh,created: 02.11.2022 19:39:08,modified: 02.11.2022 19:39:08 Command line:
c:\program files (x86)\steam\steam.exe Script: Quarantine, Delete, Delete via BC, Terminate	15196	Steam	Copyright (C) 2021 Valve Corporation	DD46ADA38C76294D5AEE1350C3A3E083	4134.85 kb, rsAh,created: 21.03.2022 20:23:12,modified: 18.10.2022 20:02:56 Command line: "C:\Program Files (x86)\Steam\steam.exe"
c:\program files (x86)\common files\steam\steamservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	11656	Steam Client Service	Copyright (C) Valve Corporation	D9DB13AA75E3B8753C9CD59D2708E3FB	2600.85 kb, rsAh,created: 29.07.2022 17:39:31,modified: 18.10.2022 20:02:58 Command line: "C:\Program Files (x86)\Common Files\Steam\steamservice.exe" /RunAsService
c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	16356	Steam Client WebHelper	Copyright (C) 2014 Valve Corporation	448BF33ABB749A8A866F950088A0AC60	6181.85 kb, rsAh,created: 29.07.2022 17:42:26,modified: 18.10.2022 20:03:02 Command line:
c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	12948	Steam Client WebHelper	Copyright (C) 2014 Valve Corporation	448BF33ABB749A8A866F950088A0AC60	6181.85 kb, rsAh,created: 29.07.2022 17:42:26,modified: 18.10.2022 20:03:02 Command line:
c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	1096	Steam Client WebHelper	Copyright (C) 2014 Valve Corporation	448BF33ABB749A8A866F950088A0AC60	6181.85 kb, rsAh,created: 29.07.2022 17:42:26,modified: 18.10.2022 20:03:02 Command line:
c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	14128	Steam Client WebHelper	Copyright (C) 2014 Valve Corporation	448BF33ABB749A8A866F950088A0AC60	6181.85 kb, rsAh,created: 29.07.2022 17:42:26,modified: 18.10.2022 20:03:02 Command line:
c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	13128	Steam Client WebHelper	Copyright (C) 2014 Valve Corporation	448BF33ABB749A8A866F950088A0AC60	6181.85 kb, rsAh,created: 29.07.2022 17:42:26,modified: 18.10.2022 20:03:02 Command line:
c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	10436	Steam Client WebHelper	Copyright (C) 2014 Valve Corporation	448BF33ABB749A8A866F950088A0AC60	6181.85 kb, rsAh,created: 29.07.2022 17:42:26,modified: 18.10.2022 20:03:02 Command line:
c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	4584	Steam Client WebHelper	Copyright (C) 2014 Valve Corporation	448BF33ABB749A8A866F950088A0AC60	6181.85 kb, rsAh,created: 29.07.2022 17:42:26,modified: 18.10.2022 20:03:02 Command line:
c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	13996	Steam Client WebHelper	Copyright (C) 2014 Valve Corporation	448BF33ABB749A8A866F950088A0AC60	6181.85 kb, rsAh,created: 29.07.2022 17:42:26,modified: 18.10.2022 20:03:02 Command line:
c:\program files\bitdefender\bitdefender security\updatesrv.exe Script: Quarantine, Delete, Delete via BC, Terminate	5436	Bitdefender Update Service	©1997-2022 Bitdefender	D89632F61DA8E2C1A23568446DDE1DA4	273.52 kb, rsAh,created: 29.07.2022 17:23:20,modified: 23.09.2022 02:40:37 Command line:
c:\program files\riot vanguard\vgtray.exe Script: Quarantine, Delete, Delete via BC, Terminate	9924	Vanguard tray notification.	Copyright (C) 2021	B8221DBFDC4AA38D486FF5CC0283507D	2999.21 kb, rsAh,created: 01.08.2022 23:39:44,modified: 30.08.2022 15:47:01 Command line:
c:\program files\windowsapps\microsoft.zunevideo_10.22091.10031.0_x64__8wekyb3d8bbwe\video.ui.exe Script: Quarantine, Delete, Delete via BC, Terminate	19296			A3BC40670B7DBD5FEC98C1059F86C588	21067.00 kb, rsAh,created: 04.11.2022 20:42:04,modified: 04.11.2022 20:42:14 Command line:
c:\program files\windowsapps\robloxcorporation.roblox_2.551.575.0_x86__55nm5eh3cm0pr\windows10universal.exe Script: Quarantine, Delete, Delete via BC, Terminate	16376			37E423F6AD24B0D38A5F63D3907EDCA2	40329.00 kb, rsAh,created: 04.11.2022 20:42:44,modified: 04.11.2022 20:42:59 Command line: "C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.551.575.0_x86__55nm5eh3cm0pr\Windows10Universal.exe" -ServerName:App.AppXjvahaah470yzp8wv4g3jj5h3esn93bz5.mca
c:\program files\windowsapps\spotifyab.spotifymusic_1.197.962.0_x86__zpdnekdrzrea0\xboxgamebarspotify.exe Script: Quarantine, Delete, Delete via BC, Terminate	11224			5B04F3907A990AE2F82D399D3C7AC018	1162.00 kb, rsAh,created: 26.10.2022 14:00:19,modified: 26.10.2022 14:01:58 Command line: "C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.197.962.0_x86__zpdnekdrzrea0\XboxGameBarSpotify.exe" -ServerName:Widget.AppXcq6m83pcstjyfwwpn2knfgeh8hb23cne.mca
Detected:254, recognized as trusted 164

Module name	Handle	Description	Copyright	Information	Used by processes
C:\Program Files (x86)\Common Files\Steam\SteamService.dll Script: Quarantine, Delete, Delete via BC	1822490624	Steam Client Service Library	Copyright (C) Valve Corporation	MD5=02BF10D168A1E8F2781FCF703BA74D39 3260.35 kb, rsAh, created: 29.07.2022 17:42:57, modified: 18.10.2022 20:02:58	11656
C:\Program Files (x86)\Steam\bin\chromehtml.DLL Script: Quarantine, Delete, Delete via BC	1827274752			MD5=8444CA1B3188E367CE8F4B4D6634EECB 1252.35 kb, rsAh, created: 29.07.2022 17:42:29, modified: 18.10.2022 20:02:58	15196
C:\Program Files (x86)\Steam\bin\filesystem_stdio.DLL Script: Quarantine, Delete, Delete via BC	1835925504	FileSystem_Stdio.dll	Copyright (C) 2005 Valve Corporation	MD5=AB60DC2E8E1C5468163241B126B60894 191.85 kb, rsAh, created: 29.07.2022 17:42:29, modified: 18.10.2022 20:02:58	15196
c:\program files (x86)\steam\bin\friendsui.DLL Script: Quarantine, Delete, Delete via BC	1810956288	Steam Friends UI	Copyright (C) 2005 Valve Corporation	MD5=C09B1970D1C97665BB75514F083DE221 5051.85 kb, rsAh, created: 29.07.2022 17:42:29, modified: 18.10.2022 20:02:58	15196
c:\program files (x86)\steam\bin\serverbrowser.DLL Script: Quarantine, Delete, Delete via BC	1808793600	Steam Server Browser Library	Copyright (C) 2008 Valve Corporation	MD5=7AD156E40CA88774949B6BDBC80869AC 2058.35 kb, rsAh, created: 29.07.2022 17:42:29, modified: 18.10.2022 20:02:58	15196
C:\Program Files (x86)\Steam\bin\vgui2_s.DLL Script: Quarantine, Delete, Delete via BC	1835008000	vgui2_s.dll	Copyright (C) 2007 Valve Corporation	MD5=61A09CE95000F6B992BF72818D6465E5 817.35 kb, rsAh, created: 29.07.2022 17:42:29, modified: 18.10.2022 20:02:58	15196
C:\Program Files (x86)\Steam\crashhandler.dll Script: Quarantine, Delete, Delete via BC	1937113088	Steam Crash Handler Library	Copyright (C) 2010	MD5=B36A2D016DCE351905CCE8C7AD5B5B38 368.35 kb, rsAh, created: 29.07.2022 17:42:29, modified: 18.10.2022 20:02:58	15196
C:\Program Files (x86)\Steam\libavcodec-58.dll Script: Quarantine, Delete, Delete via BC	1843200000			MD5=37ED5037B4CEF56BB5697DD575F3E62E 4314.39 kb, rsAh, created: 29.07.2022 17:42:19, modified: 18.07.2022 10:52:18	15196
C:\Program Files (x86)\Steam\libavformat-58.dll Script: Quarantine, Delete, Delete via BC	1841889280			MD5=956B17A1E7508007823DE8970CBCAACF 1215.89 kb, rsAh, created: 29.07.2022 17:42:19, modified: 18.07.2022 10:52:18	15196
C:\Program Files (x86)\Steam\libavresample-4.dll Script: Quarantine, Delete, Delete via BC	1841233920			MD5=1ADC683960FE451F144FC016AB2868D4 578.39 kb, rsAh, created: 29.07.2022 17:42:19, modified: 18.07.2022 10:52:18	15196
C:\Program Files (x86)\Steam\libavutil-56.dll Script: Quarantine, Delete, Delete via BC	1837301760			MD5=8073FCC89965725B55D8326F509CCC4A 1263.89 kb, rsAh, created: 29.07.2022 17:42:19, modified: 18.07.2022 10:52:18	15196
C:\Program Files (x86)\Steam\libswscale-5.dll Script: Quarantine, Delete, Delete via BC	1836187648			MD5=5D713A62B0940905DD2CA1785FD86FA4 1020.39 kb, rsAh, created: 29.07.2022 17:42:19, modified: 18.07.2022 10:52:18	15196
C:\Program Files (x86)\Steam\SDL2.dll Script: Quarantine, Delete, Delete via BC	1863516160	SDL	Copyright (C) 2022 Sam Lantinga	MD5=0D4395FA52A4ACECC6ECDD841A05CF9E 1221.85 kb, rsAh, created: 29.07.2022 17:42:29, modified: 28.09.2022 12:43:48	15196
C:\Program Files (x86)\Steam\steamclient.dll Script: Quarantine, Delete, Delete via BC	1508048896	Steamclient.dll	Copyright (C) 2005 Valve Corporation	MD5=DE45040889D5B1B417D4F753DFA8E8EA 18357.35 kb, rsAh, created: 29.07.2022 17:42:29, modified: 18.10.2022 20:03:00	15196
C:\Program Files (x86)\Steam\steamui.dll Script: Quarantine, Delete, Delete via BC	1864826880	SteamUI Dynamic Link Library	Copyright (C) 2007	MD5=BEFBAAEC4C037DF551F4D23A2B2E1B58 13124.85 kb, rsAh, created: 29.07.2022 17:42:29, modified: 18.10.2022 20:02:58	15196
C:\Program Files (x86)\Steam\tier0_s.dll Script: Quarantine, Delete, Delete via BC	1862860800	tier0_s Dynamic Link Library	Copyright (C) 2007	MD5=BDD59E9EF22C597DB2493DCB3A7738F1 336.85 kb, rsAh, created: 29.07.2022 17:42:29, modified: 18.10.2022 20:03:00	15196
C:\Program Files (x86)\Steam\video.dll Script: Quarantine, Delete, Delete via BC	1853685760			MD5=D8667F57FE9898AD137E337896E7CF2C 3609.85 kb, rsAh, created: 29.07.2022 17:42:29, modified: 18.10.2022 20:03:00	15196
C:\Program Files (x86)\Steam\vstdlib_s.dll Script: Quarantine, Delete, Delete via BC	1853227008	vstdlib_ s.dll	Copyright (C) 2005 Valve Corporation	MD5=3A50AE1B6CBEC625F79DF2FF682271F5 383.85 kb, rsAh, created: 29.07.2022 17:42:29, modified: 18.10.2022 20:03:00	15196
C:\Program Files\Bitdefender Agent\26.0.1.233\bdch.dll Script: Quarantine, Delete, Delete via BC	1955659776	BitDefender Crash Handler	@ Bitdefender	MD5=D062DAF0DA2E141053C5C5F0CC9FC1E4 2062.65 kb, rsAh, created: 03.11.2022 14:05:18, modified: 29.03.2022 16:54:27	5316
C:\Program Files\Bitdefender Agent\26.0.1.233\bdec.dll Script: Quarantine, Delete, Delete via BC	1952055296	Event Correlation	@ Bitdefender	MD5=4BE5B63287D3D3FBE1837489FED514DC 500.66 kb, rsAh, created: 03.11.2022 14:05:18, modified: 30.03.2022 18:19:19	5316
C:\Program Files\Bitdefender Agent\26.0.1.233\bdnc.dll Script: Quarantine, Delete, Delete via BC	1948975104	Bitdefender Nimbus Client	Copyright© Bitdefender	MD5=9D7F2464BD24E7A3485E5B52F34207B8 1949.60 kb, rsAh, created: 03.11.2022 14:05:18, modified: 21.03.2022 14:42:42	5316
C:\Program Files\Bitdefender Agent\26.0.1.233\DiscoveryComp.dll Script: Quarantine, Delete, Delete via BC	1945436160	DiscoveryComp	©1997-2022 Bitdefender	MD5=1CAEABB97F548242E77F53F1BF588AB8 632.58 kb, rsAh, created: 03.11.2022 14:05:18, modified: 25.07.2022 12:57:46	9012
c:\program files\bitdefender agent\26.0.1.233\iservconfig.dll Script: Quarantine, Delete, Delete via BC	1946091520	IServConfig	©1997-2022 Bitdefender	MD5=F013846FBAB071D9D73E8890E4B4EAD9 897.08 kb, rsAh, created: 03.11.2022 14:05:18, modified: 25.07.2022 12:57:44	9012
c:\program files\bitdefender agent\26.0.1.233\log.dll Script: Quarantine, Delete, Delete via BC	1968701440	BitDefender Loger	@ Bitdefender	MD5=F85F3A68E3ADADCE58BD4FEB69E4C658 305.65 kb, rsAh, created: 03.11.2022 14:05:19, modified: 23.03.2022 15:22:46	9012, 5316
C:\Program Files\Bitdefender Agent\26.0.1.233\ProductAgent.dll Script: Quarantine, Delete, Delete via BC	1960312832	Bitdefender Agent	©1997-2022 Bitdefender	MD5=3E95FB5B1284C5F8A5832068FF0A0396 1595.54 kb, rsAh, created: 03.11.2022 14:05:19, modified: 24.10.2022 11:44:08	5316
C:\Program Files\Bitdefender Agent\redline\bdch.dll Script: Quarantine, Delete, Delete via BC	1505886208	BitDefender Crash Handler	@ Bitdefender	MD5=D062DAF0DA2E141053C5C5F0CC9FC1E4 2062.65 kb, rsAh, created: 29.07.2022 15:09:53, modified: 29.03.2022 16:54:27	16144
C:\Program Files\Bitdefender\Bitdefender Security\atcuf\dlls_266187162829375139\atcuf32.dll Script: Quarantine, Delete, Delete via BC	1927282688	Bitdefender Active Threat Control Usermode Filter	© Bitdefender S.R.L. All rights reserved.	MD5=8FBF92991BED2F7AEB1E6716A3D87BD9 1016.47 kb, rsAh, created: 06.11.2022 20:14:08, modified: 04.10.2022 05:59:15	5772, 12616, 12688, 13308, 13892, 7604, 18548, 17816, 1116, 4524, 16044, 15992, 3132, 15196
C:\Program Files\Bitdefender\Bitdefender Security\bdamsi\266167920164959528\antimalware_provider32.dll Script: Quarantine, Delete, Delete via BC	1942814720	AMSI provider	@ Bitdefender	MD5=28265BFFA97F21961B3BC5A5CF580D18 568.52 kb, rsAh, created: 26.09.2022 21:32:13, modified: 23.09.2022 02:40:08	5772, 13892, 9012, 1116, 15196
C:\Program Files\Bitdefender\Bitdefender Security\bdhkm\dlls_266167920285797867\bdhkm32.dll Script: Quarantine, Delete, Delete via BC	1951006720	BitDefender Hooking DLL	© BitDefender S.R.L. All rights reserved.	MD5=BEBACB1FFE3910DD023387BC37182D57 672.99 kb, rsAh, created: 06.11.2022 20:14:08, modified: 23.09.2022 02:40:14	5772, 12616, 12688, 13308, 13892, 7604, 18548, 17816, 1116, 4524, 16044, 15992, 3132, 15196
C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.197.962.0_x86__zpdnekdrzrea0\Microsoft.Gaming.XboxGameBar.dll Script: Quarantine, Delete, Delete via BC	1432289280	Xbox Game Bar Client DLL	Copyright (c) Microsoft Corporation. All rights reserved.	MD5=6B3E5E6D5734EFFB961BDB9361EC9265 392.41 kb, rsAh, created: 15.09.2022 13:42:50, modified: 15.09.2022 13:44:04	11224
C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.197.962.0_x86__zpdnekdrzrea0\RuntimeComponent.dll Script: Quarantine, Delete, Delete via BC	1430388736			MD5=D8CF9A104CDBF3618219BDEBD6228FFF 811.87 kb, rsAh, created: 26.10.2022 14:00:19, modified: 26.10.2022 14:01:50	19732
C:\Users\labma\AppData\Local\Discord\app-1.0.9007\ffmpeg.dll Script: Quarantine, Delete, Delete via BC	1885274112			MD5=F190360F49791D3B9DE761227008BA14 2551.77 kb, rsAh, created: 21.10.2022 16:31:31, modified: 21.10.2022 16:31:31	12616, 12688, 13308, 3344, 5916, 13892
C:\Users\labma\AppData\Local\Discord\app-1.0.9007\libegl.dll Script: Quarantine, Delete, Delete via BC	1642332160	ANGLE libEGL Dynamic Link Library	Copyright (C) 2015 Google Inc.	MD5=4351061539C06A5AEFC16D6B93A3DB6C 364.77 kb, rsAh, created: 21.10.2022 16:31:31, modified: 21.10.2022 16:31:31	3344
C:\Users\labma\AppData\Local\Discord\app-1.0.9007\libglesv2.dll Script: Quarantine, Delete, Delete via BC	1642790912	ANGLE libGLESv2 Dynamic Link Library	Copyright (C) 2015 Google Inc.	MD5=A737CE8E27A321B021EF52E0997CE612 6780.77 kb, rsAh, created: 21.10.2022 16:31:31, modified: 21.10.2022 16:31:31	3344
C:\Users\labma\AppData\Local\Discord\app-1.0.9007\modules\discord_cloudsync-1\discord_cloudsync\discord_cloudsync.node Script: Quarantine, Delete, Delete via BC	413138944			MD5=1B3E0CBB5FB333122A8682C49F8EBC55 3732.77 kb, rsAh, created: 21.10.2022 16:31:33, modified: 21.10.2022 16:31:33	13892
C:\Users\labma\AppData\Local\Discord\app-1.0.9007\modules\discord_dispatch-1\discord_dispatch\discord_dispatch.node Script: Quarantine, Delete, Delete via BC	511705088			MD5=E56F9C760A5F4176A3E11525D0852211 7734.27 kb, rsAh, created: 21.10.2022 16:31:34, modified: 21.10.2022 16:31:34	13892
C:\Users\labma\AppData\Local\Discord\app-1.0.9007\modules\discord_erlpack-1\discord_erlpack\discord_erlpack.node Script: Quarantine, Delete, Delete via BC	1408499712			MD5=3BD9162AB40C4696351433D0B8F18F83 541.27 kb, rsAh, created: 21.10.2022 16:31:33, modified: 21.10.2022 16:31:33	13892
C:\Users\labma\AppData\Local\Discord\app-1.0.9007\modules\discord_game_utils-1\discord_game_utils\discord_game_utils.node Script: Quarantine, Delete, Delete via BC	336855040			MD5=6D62135B1A0E3B4769B248883D7FDC68 907.77 kb, rsAh, created: 21.10.2022 16:31:35, modified: 21.10.2022 16:31:35	13892
C:\Users\labma\AppData\Local\Discord\app-1.0.9007\modules\discord_krisp-1\discord_krisp\discord_krisp.node Script: Quarantine, Delete, Delete via BC	338624512			MD5=8E0AD46954D5EC7181CEDE4691394AC2 21282.77 kb, rsAh, created: 21.10.2022 16:31:34, modified: 21.10.2022 16:31:34	13892
C:\Users\labma\AppData\Local\Discord\app-1.0.9007\modules\discord_media-1\discord_media\discord_media.node Script: Quarantine, Delete, Delete via BC	1373569024			MD5=16F3BD5B08ACE7FE091FBBA54D12019A 556.27 kb, rsAh, created: 21.10.2022 16:31:35, modified: 21.10.2022 16:31:35	13892
C:\Users\labma\AppData\Local\Discord\app-1.0.9007\modules\discord_modules-1\discord_modules\discord_modules.node Script: Quarantine, Delete, Delete via BC	1407975424			MD5=A532E129439855362CDE228852AB971E 497.27 kb, rsAh, created: 21.10.2022 16:31:34, modified: 21.10.2022 16:31:34	13892
C:\Users\labma\AppData\Local\Discord\app-1.0.9007\modules\discord_spellcheck-1\discord_spellcheck\node_modules\cld\build\Release\cld.node Script: Quarantine, Delete, Delete via BC	488636416			MD5=55A810FE9B7BB5F6B96DFBC49222D7FD 2623.77 kb, rsAh, created: 21.10.2022 16:31:35, modified: 21.10.2022 16:31:35	13892
C:\Users\labma\AppData\Local\Discord\app-1.0.9007\modules\discord_utils-1\discord_utils\discord_utils.node Script: Quarantine, Delete, Delete via BC	1409286144			MD5=4A88BB90E028D5241F55AAA2EB4B9CBD 702.77 kb, rsAh, created: 21.10.2022 16:31:36, modified: 21.10.2022 16:31:36	13892
C:\Users\labma\AppData\Local\Discord\app-1.0.9007\modules\discord_utils-1\discord_utils\node_modules\macos-notification-state\build\Release\notificationstate.node Script: Quarantine, Delete, Delete via BC	1410596864			MD5=3981A8709F12690AD0CFE0B75B06B0EC 434.77 kb, rsAh, created: 21.10.2022 16:31:36, modified: 21.10.2022 13:18:03	13892
C:\Users\labma\AppData\Local\Discord\app-1.0.9007\modules\discord_utils-1\discord_utils\node_modules\windows-notification-state\build\Release\notificationstate.node Script: Quarantine, Delete, Delete via BC	1410072576			MD5=17A299A14E6DD61A2915E5508EEC5693 455.27 kb, rsAh, created: 21.10.2022 16:31:36, modified: 21.10.2022 13:18:01	13892
C:\Users\labma\AppData\Local\Discord\app-1.0.9007\modules\discord_utils-1\discord_utils\node_modules\windows-quiet-hours\build\Release\quiethours.node Script: Quarantine, Delete, Delete via BC	1426653184			MD5=3FC7F6F660F4A6E20585DE601BE14D1A 442.27 kb, rsAh, created: 21.10.2022 16:31:36, modified: 21.10.2022 13:17:59	13892
C:\Users\labma\AppData\Local\Discord\app-1.0.9007\modules\discord_voice-3\discord_voice\discord_voice.node Script: Quarantine, Delete, Delete via BC	297795584			MD5=4D18842843B8ECFCEEFB5143826C36F9 12639.27 kb, rsAh, created: 01.11.2022 16:38:34, modified: 01.11.2022 16:38:34	13892
C:\Users\labma\AppData\Local\Discord\app-1.0.9007\modules\discord_voice-3\discord_voice\mediapipe.dll Script: Quarantine, Delete, Delete via BC	311099392			MD5=F9DC3929B5BA31464769F6DE2A1D4AAE 5138.77 kb, rsAh, created: 01.11.2022 16:38:34, modified: 01.11.2022 16:38:34	13892
C:\Users\labma\AppData\Local\Discord\app-1.0.9007\updater.node Script: Quarantine, Delete, Delete via BC	1694367744			MD5=39C09C1C4D8FC5156532995533036715 3680.27 kb, rsAh, created: 21.10.2022 16:31:31, modified: 21.10.2022 16:31:31	12688
C:\Users\labma\AppData\Local\Medal\recorder-3.580.0\Host\medal-hook32.dll Script: Quarantine, Delete, Delete via BC	1439563776	OBS Graphics Hook	(C) Hugh Bailey	MD5=1CCB471DEEDBB2E5D0B6AFBB289F2B74 1042.38 kb, rsAh, created: 02.11.2022 21:34:52, modified: 02.11.2022 21:34:52	16376
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\4b219042ef1f282e6e7846944b08b6b2\PresentationFramework.ni.dll Script: Quarantine, Delete, Delete via BC	1714094080	PresentationFramework.dll	© Microsoft Corporation. All rights reserved.	MD5=B5AB71DC7B0693CD05A5007C528DE4BA 20454.00 kb, rsAh, created: 12.10.2022 02:13:27, modified: 12.10.2022 02:13:27	1116
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\553161ff406e2e9664fd0c6943a18b1f\PresentationFramework.Aero2.ni.dll Script: Quarantine, Delete, Delete via BC	1601568768	PresentationFramework.Aero2.dll	© Microsoft Corporation. All rights reserved.	MD5=892931BACAC8EFECC182F289773B98D2 551.50 kb, rsAh, created: 12.10.2022 02:13:28, modified: 12.10.2022 02:13:28	1116
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\5e983b355ff6b943eb6e9ba21dcd02c6\PresentationCore.ni.dll Script: Quarantine, Delete, Delete via BC	1735065600	PresentationCore.dll	© Microsoft Corporation. All rights reserved.	MD5=C786E98884D3FAE10D0BA9928369B650 12540.50 kb, rsAh, created: 12.10.2022 02:13:16, modified: 12.10.2022 02:13:16	1116
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\dbea38444bb493398da4aca8dbd992e7\System.Configuration.ni.dll Script: Quarantine, Delete, Delete via BC	1706491904	System.Configuration.dll	© Microsoft Corporation. All rights reserved.	MD5=B7BDF659A88249F64FC80D0FE297E73C 1035.50 kb, rsAh, created: 12.10.2022 02:13:29, modified: 12.10.2022 02:13:29	17816, 1116
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\5bf6d31315b08a3e45f0b9d35ed665e0\System.Core.ni.dll Script: Quarantine, Delete, Delete via BC	1752301568	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=B3E99E23EC12E67C9E689832BCDCAE45 8278.00 kb, rsAh, created: 12.10.2022 02:13:07, modified: 12.10.2022 02:13:07	17816, 1116
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\8c6f8200b9e40be3fca53993f7ba46c9\System.Data.ni.dll Script: Quarantine, Delete, Delete via BC	1540096000	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=5DC4BB62F4B3042D3EABF5B985F97257 8309.50 kb, rsAh, created: 23.10.2022 17:47:52, modified: 23.10.2022 17:47:52	1116
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\fe4f7fb577b398b290c2d5d25fed0ad8\System.Drawing.ni.dll Script: Quarantine, Delete, Delete via BC	1684668416	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=11E7B0201E0917E4C75F35408BF6C36A 1663.50 kb, rsAh, created: 23.10.2022 17:47:54, modified: 23.10.2022 17:47:54	17816, 1116
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\96012833bebd5f21714fc508603cda97\System.Management.ni.dll Script: Quarantine, Delete, Delete via BC	1563951104	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=8DD4B1388D9573A9E854DF7455361B1E 1205.00 kb, rsAh, created: 14.08.2022 20:41:35, modified: 14.08.2022 20:41:35	1116
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Net.Http\e1a69fbb2aaf230817975bdd1041991a\System.Net.Http.ni.dll Script: Quarantine, Delete, Delete via BC	1666842624	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=A1E57763D705C23BECA2C39490BAC6FF 542.00 kb, rsAh, created: 12.10.2022 02:13:29, modified: 12.10.2022 02:13:29	1116
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ObjectModel\b240bf362c0743be83a4323dcb9d6e4d\System.ObjectModel.ni.dll Script: Quarantine, Delete, Delete via BC	1642725376	System.ObjectModel	© Microsoft Corporation. All rights reserved.	MD5=BC85344E6072CD2EE9236A2A267E0E26 8.00 kb, rsAh, created: 28.10.2022 17:08:39, modified: 28.10.2022 17:08:39	1116
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Thre7bb2aad0#\7ef0a9d63877a0a96c937963c918dada\System.Threading.Tasks.ni.dll Script: Quarantine, Delete, Delete via BC	1658978304	System.Threading.Tasks	© Microsoft Corporation. All rights reserved.	MD5=9AB46A9914BED01D46A09F7337803FD8 8.50 kb, rsAh, created: 05.08.2022 21:57:17, modified: 05.08.2022 21:57:17	1116
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\5baeaccb7b8d1c2cd85f94190f91e229\System.Windows.Forms.ni.dll Script: Quarantine, Delete, Delete via BC	1669529600	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=B11F35B203518AECDA3F2E2DB1061CE3 14761.50 kb, rsAh, created: 23.10.2022 17:48:01, modified: 23.10.2022 17:48:01	17816, 1116
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\cdf963a1a6b21dcdb1c74830aa4a1fb4\System.Xaml.ni.dll Script: Quarantine, Delete, Delete via BC	1711931392	System.Xaml.dll	© Microsoft Corporation. All rights reserved.	MD5=54EE2BD2FE0489D9BD94D2C777EA7DE6 2049.50 kb, rsAh, created: 12.10.2022 02:13:31, modified: 12.10.2022 02:13:31	1116
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\a864f39561d099e2cca338c1459e5e25\WindowsBase.ni.dll Script: Quarantine, Delete, Delete via BC	1747976192	WindowsBase.dll	© Microsoft Corporation. All rights reserved.	MD5=BD010FA3C619051118F557C6A24C0C8F 4196.50 kb, rsAh, created: 12.10.2022 02:13:09, modified: 12.10.2022 02:13:09	1116
Modules found:409, recognized as trusted 345

Kernel Space Modules Viewer

Module	Redirector	Base address	Size in memory	Description	Manufacturer
C:\WINDOWS\system32\DRIVERS\vlflt.sys 468.93 kb, rsAh, created: 29.07.2022 17:15:10, modified: 29.08.2022 06:47:05 Script: Quarantine, Delete, Delete via BC	x64	763B0000	00089000 (561152)	vlflt Filter Driver	Copyright ? Bitdefender
C:\WINDOWS\system32\DRIVERS\bdprivmon.sys 32.43 kb, rsAh, created: 29.07.2022 17:23:15, modified: 31.01.2022 22:13:00 Script: Quarantine, Delete, Delete via BC	x64	761F0000	0000B000 (45056)	privacy Filter Driver	© Bitdefender SRL
C:\Program Files\Riot Vanguard\vgk.sys 8531.48 kb, rsAh, created: 01.08.2022 23:39:44, modified: 30.08.2022 08:55:22 Script: Quarantine, Delete, Delete via BC	x64	79CC0000	00847000 (8679424)	Vanguard kernel-mode driver.	Copyright (C) 2021
C:\WINDOWS\system32\DRIVERS\atc.sys 4998.42 kb, rsAh, created: 29.07.2022 17:23:14, modified: 04.10.2022 05:59:30 Script: Quarantine, Delete, Delete via BC	x64	7C380000	004EF000 (5173248)	Bitdefender Active Threat Control Filesystem Minifilter	© Bitdefender S.R.L. All rights reserved.
C:\WINDOWS\system32\drivers\bdvpn_netfilter.sys 92.38 kb, rsAh, created: 24.10.2022 13:39:45, modified: 16.09.2021 03:55:02 Script: Quarantine, Delete, Delete via BC	x64	7BCC0000	00019000 (102400)	Pango NetFilter WFP Driver	Copyright © Pango Inc
C:\WINDOWS\System32\Drivers\dump_dumpstorport.sys error getting file info Script: Quarantine, Delete, Delete via BC	x64	7F560000	0000F000 (61440)
C:\WINDOWS\System32\drivers\dump_stornvme.sys error getting file info Script: Quarantine, Delete, Delete via BC	x64	7C2B0000	00030000 (196608)
C:\WINDOWS\System32\Drivers\dump_dumpfve.sys error getting file info Script: Quarantine, Delete, Delete via BC	x64	7C310000	0001D000 (118784)
C:\WINDOWS\system32\DRIVERS\bddci.sys 779.42 kb, rsAh, created: 29.07.2022 17:23:14, modified: 29.08.2022 06:47:36 Script: Quarantine, Delete, Delete via BC	x64	D3D60000	000C6000 (811008)	BDDCI filter driver	Copyright © Bitdefender
C:\WINDOWS\system32\DRIVERS\gemma.sys 1244.43 kb, rsAh, created: 29.07.2022 17:23:16, modified: 23.09.2022 02:40:23 Script: Quarantine, Delete, Delete via BC	x64	D4150000	0013E000 (1302528)	BitDefender Generic Exploit Mitigation for Mainstream Applications Filesystem Minifilter	© BitDefender S.R.L. All rights reserved.
Items found - 207, recognized as trusted - 197

Services

Service	Description	Status	File name	Redirector	Description	Manufacturer	Group	Dependencies
AfVpnService Service: Stop, Delete, Disable, Delete via BC	AfVpnService	Not started	C:\Program Files\Bitdefender\Bitdefender VPN\hydra.sdk.windows.service.exe 345.55 kb, rsAh, created: 24.10.2022 13:39:31, modified: 16.08.2022 04:02:45 Script: Quarantine, Delete, Delete via BC	x64	Hydra.Sdk.Windows.Service	Copyright © 2022 Aura Inc.
BDAuxSrv Service: Stop, Delete, Disable, Delete via BC	Bitdefender Auxiliary Service	Running	C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe 802.52 kb, rsAh, created: 29.07.2022 17:23:15, modified: 04.10.2022 05:59:17 Script: Quarantine, Delete, Delete via BC	x64	bdservicehost	©1997-2022 Bitdefender	Event Log
BDProtSrv Service: Stop, Delete, Disable, Delete via BC	Bitdefender Protected Service	Running	C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe 802.52 kb, rsAh, created: 29.07.2022 17:23:15, modified: 04.10.2022 05:59:17 Script: Quarantine, Delete, Delete via BC	x64	bdservicehost	©1997-2022 Bitdefender
bdredline Service: Stop, Delete, Disable, Delete via BC	Bitdefender RedLine Service	Running	C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe 2925.58 kb, rsAh, created: 29.07.2022 17:23:30, modified: 28.01.2022 08:48:53 Script: Quarantine, Delete, Delete via BC	x64	Bitdefender redline update	©1997-2018 Bitdefender
bdredline_agent Service: Stop, Delete, Disable, Delete via BC	Bitdefender Agent RedLine Service	Running	C:\Program Files\Bitdefender Agent\redline\bdredline.exe 2397.10 kb, rsAh, created: 29.07.2022 15:09:52, modified: 10.02.2022 13:17:34 Script: Quarantine, Delete, Delete via BC	x64	Bitdefender redline update	©1997-2018 Bitdefender
BdVpnService Service: Stop, Delete, Disable, Delete via BC	Bitdefender VPN Service	Running	C:\Program Files\Bitdefender\Bitdefender VPN\bdvpnservice.exe 442.55 kb, rsAh, created: 24.10.2022 13:39:30, modified: 17.08.2022 00:50:54 Script: Quarantine, Delete, Delete via BC	x64	Bitdefender Vpn Service	©1997-2022 Bitdefender	Event Log
BEService Service: Stop, Delete, Disable, Delete via BC	BattlEye Service	Not started	C:\Program Files (x86)\Common Files\BattlEye\BEService.exe 8676.87 kb, rsAh, created: 08.09.2022 13:35:02, modified: 07.09.2022 17:05:40 Script: Quarantine, Delete, Delete via BC	x64
EasyAntiCheat Service: Stop, Delete, Disable, Delete via BC	EasyAntiCheat	Not started	C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe 1108.03 kb, rsAh, created: 08.09.2022 13:34:48, modified: 27.10.2022 01:07:20 Script: Quarantine, Delete, Delete via BC	x64	EasyAntiCheat Service	Copyright В© Epic Games, Inc
EpicOnlineServices Service: Stop, Delete, Disable, Delete via BC	Epic Online Services	Not started	C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe 912.47 kb, rsAh, created: 11.08.2022 23:02:57, modified: 03.03.2022 13:48:18 Script: Quarantine, Delete, Delete via BC	x64	Epic Online Services Host	Copyright (c) 2008-2021 Epic Games, Inc., Kohsuke Kawaguchi, Sun Microsystems, Inc., CloudBees, Inc., Oleg Nenashev and other contributors
GameInput Service Service: Stop, Delete, Disable, Delete via BC	GameInput Service	Running	C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe 89.45 kb, rsAh, created: 12.10.2022 03:39:54, modified: 12.10.2022 03:39:54 Script: Quarantine, Delete, Delete via BC	x64	GameInput Host Service	© Microsoft Corporation. All rights reserved.
GamingServices Service: Stop, Delete, Disable, Delete via BC	Gaming Services	Running	C:\Program Files\WindowsApps\Microsoft.GamingServices_7.70.13002.0_x64__8wekyb3d8bbwe\GamingServices.exe 73.47 kb, rsAh, created: 26.10.2022 12:23:29, modified: 26.10.2022 12:23:35 Script: Quarantine, Delete, Delete via BC	x64	GamingServices	© Microsoft Corporation. All rights reserved.		staterepository
GamingServicesNet Service: Stop, Delete, Disable, Delete via BC	Gaming Services	Running	C:\Program Files\WindowsApps\Microsoft.GamingServices_7.70.13002.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe 73.47 kb, rsAh, created: 26.10.2022 12:23:29, modified: 26.10.2022 12:23:35 Script: Quarantine, Delete, Delete via BC	x64	GamingServices	© Microsoft Corporation. All rights reserved.		staterepository
GoogleChromeElevationService Service: Stop, Delete, Disable, Delete via BC	Google Chrome Elevation Service (GoogleChromeElevationService)	Not started	C:\Program Files\Google\Chrome\Application\107.0.5304.88\elevation_service.exe 1689.77 kb, rsAh, created: 01.11.2022 18:55:54, modified: 26.10.2022 19:37:48 Script: Quarantine, Delete, Delete via BC	x64	Google Chrome	Copyright 2022 Google LLC. All rights reserved.		RPCSS
MicrosoftEdgeElevationService Service: Stop, Delete, Disable, Delete via BC	Microsoft Edge Elevation Service (MicrosoftEdgeElevationService)	Not started	C:\Program Files (x86)\Microsoft\Edge\Application\107.0.1418.35\elevation_service.exe 1713.91 kb, rsAh, created: 05.11.2022 09:43:49, modified: 03.11.2022 01:00:27 Script: Quarantine, Delete, Delete via BC	x64	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.		RPCSS
ProductAgentService Service: Stop, Delete, Disable, Delete via BC	ProductAgentService	Running	C:\Program Files\Bitdefender Agent\ProductAgentService.exe 770.58 kb, rsAh, created: 29.07.2022 15:09:52, modified: 25.07.2022 12:58:14 Script: Quarantine, Delete, Delete via BC	x64	Bitdefender Agent	©1997-2022 Bitdefender
Steam Client Service Service: Stop, Delete, Disable, Delete via BC	Steam Client Service	Running	C:\Program Files (x86)\Common Files\Steam\steamservice.exe 2600.85 kb, rsAh, created: 29.07.2022 17:39:31, modified: 18.10.2022 20:02:58 Script: Quarantine, Delete, Delete via BC	x64	Steam Client Service	Copyright (C) Valve Corporation
UPDATESRV Service: Stop, Delete, Disable, Delete via BC	Bitdefender Desktop Update Service	Running	C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe 273.52 kb, rsAh, created: 29.07.2022 17:23:20, modified: 23.09.2022 02:40:37 Script: Quarantine, Delete, Delete via BC	x64	Bitdefender Update Service	©1997-2022 Bitdefender
vgc Service: Stop, Delete, Disable, Delete via BC	vgc	Not started	C:\Program Files\Riot Vanguard\vgc.exe 10176.70 kb, rsAh, created: 01.08.2022 23:39:44, modified: 30.08.2022 15:46:23 Script: Quarantine, Delete, Delete via BC	x64	Vanguard user-mode service.	Copyright (C) 2021
VSSERV Service: Stop, Delete, Disable, Delete via BC	Bitdefender Virus Shield	Running	C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe 802.52 kb, rsAh, created: 29.07.2022 17:23:15, modified: 04.10.2022 05:59:17 Script: Quarantine, Delete, Delete via BC	x64	bdservicehost	©1997-2022 Bitdefender	System Reserved
Items found - 270, recognized as trusted - 251

Drivers

Service	Description	Status	File name	Redirector	Description	Manufacturer	Group	Dependencies
atc Driver: Unload, Delete, Disable, Delete via BC	atc	Running	C:\WINDOWS\system32\DRIVERS\atc.sys 4998.42 kb, rsAh, created: 29.07.2022 17:23:14, modified: 04.10.2022 05:59:30 Script: Quarantine, Delete, Delete via BC	x64	Bitdefender Active Threat Control Filesystem Minifilter	© Bitdefender S.R.L. All rights reserved.	FSFilter Anti-Virus	FltMgr
BdDci Driver: Unload, Delete, Disable, Delete via BC	BdDci Service	Running	C:\WINDOWS\system32\DRIVERS\bddci.sys 779.42 kb, rsAh, created: 29.07.2022 17:23:14, modified: 29.08.2022 06:47:36 Script: Quarantine, Delete, Delete via BC	x64	BDDCI filter driver	Copyright © Bitdefender		BFE
bdelam Driver: Unload, Delete, Disable, Delete via BC	bdelam	Not started	C:\WINDOWS\system32\drivers\bdelam.sys 22.44 kb, rsAh, created: 29.07.2022 17:23:25, modified: 17.12.2020 17:33:58 Script: Quarantine, Delete, Delete via BC	x64	Bitdefender Early Launch Anti-Malware Driver	© Bitdefender. All rights reserved.	Early-Launch
bdprivmon Driver: Unload, Delete, Disable, Delete via BC	bdprivmon	Running	C:\WINDOWS\system32\DRIVERS\bdprivmon.sys 32.43 kb, rsAh, created: 29.07.2022 17:23:15, modified: 31.01.2022 22:13:00 Script: Quarantine, Delete, Delete via BC	x64	privacy Filter Driver	© Bitdefender SRL	FSFilter Activity Monitor	FltMgr
bdvpn_netfilter Driver: Unload, Delete, Disable, Delete via BC	bdvpn_netfilter	Running	C:\WINDOWS\system32\drivers\bdvpn_netfilter.sys 92.38 kb, rsAh, created: 24.10.2022 13:39:45, modified: 16.09.2021 03:55:02 Script: Quarantine, Delete, Delete via BC	x64	Pango NetFilter WFP Driver	Copyright © Pango Inc	PNP_TDI
Gemma Driver: Unload, Delete, Disable, Delete via BC	Gemma	Running	C:\WINDOWS\system32\DRIVERS\gemma.sys 1244.43 kb, rsAh, created: 29.07.2022 17:23:16, modified: 23.09.2022 02:40:23 Script: Quarantine, Delete, Delete via BC	x64	BitDefender Generic Exploit Mitigation for Mainstream Applications Filesystem Minifilter	© BitDefender S.R.L. All rights reserved.	FSFilter Anti-Virus	FltMgr
vgk Driver: Unload, Delete, Disable, Delete via BC	vgk	Running	C:\Program Files\Riot Vanguard\vgk.sys 8531.48 kb, rsAh, created: 01.08.2022 23:39:44, modified: 30.08.2022 08:55:22 Script: Quarantine, Delete, Delete via BC	x64	Vanguard kernel-mode driver.	Copyright (C) 2021	System Reserved
vlflt Driver: Unload, Delete, Disable, Delete via BC	vlflt	Running	C:\WINDOWS\system32\DRIVERS\vlflt.sys 468.93 kb, rsAh, created: 29.07.2022 17:15:10, modified: 29.08.2022 06:47:05 Script: Quarantine, Delete, Delete via BC	x64	vlflt Filter Driver	Copyright ? Bitdefender	FSFilter Anti-Virus	FltMgr
Items found - 392, recognized as trusted - 384

Autoruns

File name	Redirector	Startup method	Description
C:\Windows\System32\icardres.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\CardSpace 4.0.0.0, EventMessageFile
C:\Windows\System32\icardres.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\CardSpace 4.0.0.0, CategoryMessageFile
C:\Program Files\Google\Chrome\Application\107.0.5304.88\eventlog_provider.dll 16.77 kb, rsAh, created: 01.11.2022 18:55:54, modified: 26.10.2022 19:37:48 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Chrome, EventMessageFile
C:\Program Files\Google\Chrome\Application\107.0.5304.88\eventlog_provider.dll 16.77 kb, rsAh, created: 01.11.2022 18:55:54, modified: 26.10.2022 19:37:48 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Chrome, CategoryMessageFile
C:\Program Files (x86)\Microsoft\Edge\Application\107.0.1418.35\eventlog_provider.dll 16.41 kb, rsAh, created: 05.11.2022 09:43:49, modified: 03.11.2022 01:00:41 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Edge, EventMessageFile
C:\Program Files (x86)\Microsoft\Edge\Application\107.0.1418.35\eventlog_provider.dll 16.41 kb, rsAh, created: 05.11.2022 09:43:49, modified: 03.11.2022 01:00:41 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Edge, CategoryMessageFile
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.169.31\msedgeupdate.dll 2056.43 kb, rsAh, created: 15.10.2022 00:37:58, modified: 15.10.2022 00:37:58 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\edgeupdate, EventMessageFile
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.169.31\msedgeupdate.dll 2056.43 kb, rsAh, created: 15.10.2022 00:37:58, modified: 15.10.2022 00:37:58 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\edgeupdatem, EventMessageFile
C:\Program Files\Common Files\Microsoft Shared\Ink\IPSEventLogMsg.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Handwriting Recognition, EventMessageFile
C:\Program Files\Common Files\Microsoft Shared\Ink\IPSEventLogMsg.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Handwriting Recognition, CategoryMessageFile
C:\Program Files (x86)\Steam\bin\steamservice.exe 2600.85 kb, rsAh, created: 21.03.2022 20:23:12, modified: 18.10.2022 20:02:58 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Steam Client Service, EventMessageFile
d:\06495e98cf0ae86ce6905f6a02a8d3\DW\DW20.exe error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSSetup, EventMessageFile
%13%\ibtusb.sys error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ibtusb, EventMessageFile
C:\WINDOWS\System32\Drivers\UMDF\UsbccidDriver.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-USB-CCID, EventMessageFile
C:\WINDOWS\System32\drivers\xvdd.sys error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Xvdd, EventMessageFile
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe error getting file info Script: Quarantine, Delete, Delete via BC	x64	Shortcut in Startup folder	C:\Users\labma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\labma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk,
C:\Program Files (x86)\Gyazo\GyazoGIF.exe 1768.35 kb, rsAh, created: 04.08.2022 22:22:25, modified: 11.10.2022 04:58:32 Script: Quarantine, Delete, Delete via BC	x64	Shortcut in Startup folder	C:\Users\labma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\labma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gyazo GIF.lnk,
C:\Program Files (x86)\Gyazo\GyazoReplay.exe 1514.35 kb, rsAh, created: 04.08.2022 22:22:25, modified: 11.10.2022 04:58:58 Script: Quarantine, Delete, Delete via BC	x64	Shortcut in Startup folder	C:\Users\labma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\labma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gyazo Replay.lnk,
C:\Program Files (x86)\Gyazo\Gyazowin.exe 781.85 kb, rsAh, created: 04.08.2022 22:22:25, modified: 11.10.2022 04:57:40 Script: Quarantine, Delete, Delete via BC	x64	Shortcut in Startup folder	C:\Users\labma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\labma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gyazo.lnk,
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 3800.41 kb, rsAh, created: 05.08.2021 16:41:46, modified: 03.11.2022 01:00:42 Script: Quarantine, Delete, Delete via BC	x64	Shortcut in Startup folder	C:\Users\labma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\labma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk,
C:\Users\labma\AppData\Local\Microsoft\OneDrive\OneDrive.exe 2568.38 kb, rsAh, created: 29.07.2022 15:01:01, modified: 02.11.2022 14:38:35 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, OneDrive Delete
Discord.exe error getting file info Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Discord Delete
C:\Program Files (x86)\Steam\steam.exe 4134.85 kb, rsAh, created: 21.03.2022 20:23:12, modified: 18.10.2022 20:02:56 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Steam Delete
C:\Users\labma\AppData\Local\Medal\update.exe 1927.92 kb, rsAh, created: 01.08.2022 00:11:32, modified: 01.08.2022 00:11:45 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Medal Delete
Medal.exe error getting file info Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Medal Delete
C:\Program Files (x86)\Gyazo\GyStation.exe 919.35 kb, rsAh, created: 04.08.2022 22:22:26, modified: 11.10.2022 04:59:36 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Gyazo Delete
C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe 31930.45 kb, rsAh, created: 11.08.2022 23:04:11, modified: 06.11.2022 18:44:18 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, EpicGamesLauncher Delete
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 3800.41 kb, rsAh, created: 05.08.2021 16:41:46, modified: 03.11.2022 01:00:42 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, MicrosoftEdgeAutoLaunch_857971F30AAFC441ED3A473C8998BCF1 Delete
C:\WINDOWS\system32\bootim.exe error getting file info Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\, BootShell
C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe 966.02 kb, rsAh, created: 29.07.2022 17:23:14, modified: 04.10.2022 05:59:16 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, Bdagent Delete
C:\Program Files\Riot Vanguard\vgtray.exe 2999.21 kb, rsAh, created: 01.08.2022 23:39:44, modified: 30.08.2022 15:47:01 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, Riot Vanguard Delete
C:\Program Files\Bitdefender\Bitdefender VPN\BdVpnApp.exe 483.05 kb, rsAh, created: 24.10.2022 13:39:30, modified: 17.08.2022 00:50:25 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, BdVpnApp Delete
C:\Users\labma\AppData\Local\Microsoft\OneDrive\OneDrive.exe 2568.38 kb, rsAh, created: 29.07.2022 15:01:01, modified: 02.11.2022 14:38:35 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, OneDrive Delete
Discord.exe error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Discord Delete
C:\Program Files (x86)\Steam\steam.exe 4134.85 kb, rsAh, created: 21.03.2022 20:23:12, modified: 18.10.2022 20:02:56 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Steam Delete
C:\Users\labma\AppData\Local\Medal\update.exe 1927.92 kb, rsAh, created: 01.08.2022 00:11:32, modified: 01.08.2022 00:11:45 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Medal Delete
Medal.exe error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Medal Delete
C:\Program Files (x86)\Gyazo\GyStation.exe 919.35 kb, rsAh, created: 04.08.2022 22:22:26, modified: 11.10.2022 04:59:36 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Gyazo Delete
C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe 31930.45 kb, rsAh, created: 11.08.2022 23:04:11, modified: 06.11.2022 18:44:18 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, EpicGamesLauncher Delete
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 3800.41 kb, rsAh, created: 05.08.2021 16:41:46, modified: 03.11.2022 01:00:42 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, MicrosoftEdgeAutoLaunch_857971F30AAFC441ED3A473C8998BCF1 Delete
C:\Program Files\Bitdefender\Bitdefender Security\bdshellext.dll 358.52 kb, rsAh, created: 29.07.2022 17:23:15, modified: 23.09.2022 02:40:16 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {A2A630D5-036F-4539-BD99-7923AD830433} Delete
Items found - 1042, recognized as trusted - 1001

Internet Explorer extension modules (BHOs, Toolbars ...)

File name	Redirector	Type	Description	Manufacturer	CLSID
C:\Program Files\Bitdefender\Bitdefender Security\antispam32\bdtbie.dll 118.52 kb, rsAh, created: 29.07.2022 17:23:14, modified: 23.09.2022 02:40:08 Script: Quarantine, Delete, Delete via BC	x32	BHO	IE Tracker Plugin	©1997-2022 Bitdefender	{159ff5d5-55f1-4d2f-b706-767a55f77abb} Delete
C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll 652.02 kb, rsAh, created: 29.07.2022 17:23:14, modified: 23.09.2022 02:40:10 Script: Quarantine, Delete, Delete via BC	x32	BHO	Bitdefender Password Manager Internet Explorer Browser Helper Object	©1997-2022 Bitdefender	{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} Delete
C:\Program Files (x86)\Microsoft\Edge\Application\107.0.1418.35\BHO\ie_to_edge_bho.dll 446.41 kb, rsAh, created: 05.11.2022 09:43:48, modified: 03.11.2022 01:00:27 Script: Quarantine, Delete, Delete via BC	x32	BHO	IEToEdge BHO	Copyright Microsoft Corporation. All rights reserved.	{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} Delete
C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll 652.02 kb, rsAh, created: 29.07.2022 17:23:14, modified: 23.09.2022 02:40:10 Script: Quarantine, Delete, Delete via BC	x32	Toolbar	Bitdefender Password Manager Internet Explorer Browser Helper Object	©1997-2022 Bitdefender	{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} Delete
C:\Program Files\Bitdefender\Bitdefender Security\antispam32\bdtbie.dll 118.52 kb, rsAh, created: 29.07.2022 17:23:14, modified: 23.09.2022 02:40:08 Script: Quarantine, Delete, Delete via BC	x32	Extension module	IE Tracker Plugin	©1997-2022 Bitdefender	{159ff5d5-55f1-4d2f-b706-767a55f77abb} Delete
C:\Program Files\Bitdefender\Bitdefender Security\bdtbie.dll 135.52 kb, rsAh, created: 29.07.2022 17:23:15, modified: 23.09.2022 02:40:40 Script: Quarantine, Delete, Delete via BC	x64	BHO	IE Tracker Plugin	©1997-2022 Bitdefender	{159ff5d5-55f1-4d2f-b706-767a55f77abb} Delete
C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll 675.02 kb, rsAh, created: 23.09.2022 02:40:51, modified: 23.09.2022 02:40:51 Script: Quarantine, Delete, Delete via BC	x64	BHO	Bitdefender Password Manager Internet Explorer Browser Helper Object	©1997-2022 Bitdefender	{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} Delete
C:\Program Files (x86)\Microsoft\Edge\Application\107.0.1418.35\BHO\ie_to_edge_bho_64.dll 576.91 kb, rsAh, created: 05.11.2022 09:43:48, modified: 03.11.2022 01:00:41 Script: Quarantine, Delete, Delete via BC	x64	BHO	IEToEdge BHO	Copyright Microsoft Corporation. All rights reserved.	{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} Delete
C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll 675.02 kb, rsAh, created: 23.09.2022 02:40:51, modified: 23.09.2022 02:40:51 Script: Quarantine, Delete, Delete via BC	x64	Toolbar	Bitdefender Password Manager Internet Explorer Browser Helper Object	©1997-2022 Bitdefender	{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} Delete
C:\Program Files\Bitdefender\Bitdefender Security\bdtbie.dll 135.52 kb, rsAh, created: 29.07.2022 17:23:15, modified: 23.09.2022 02:40:40 Script: Quarantine, Delete, Delete via BC	x64	Extension module	IE Tracker Plugin	©1997-2022 Bitdefender	{159ff5d5-55f1-4d2f-b706-767a55f77abb} Delete
Items found - 14, recognized as trusted - 4

Windows Explorer extension modules

File name	Redirector	Destination	Description	Manufacturer	CLSID
C:\Program Files\Bitdefender\Bitdefender Security\bdshellext.dll 358.52 kb, rsAh, created: 29.07.2022 17:23:15, modified: 23.09.2022 02:40:16 Script: Quarantine, Delete, Delete via BC	x64	BdShlExt	BdShellExtensions Module	©1997-2022 Bitdefender	{A2A630D5-036F-4539-BD99-7923AD830433} Delete
C:\Program Files\Bitdefender\Bitdefender Security\bdshellext.dll 358.52 kb, rsAh, created: 29.07.2022 17:23:15, modified: 23.09.2022 02:40:16 Script: Quarantine, Delete, Delete via BC	x64	BdShlExt	BdShellExtensions Module	©1997-2022 Bitdefender	{A2A630D5-036F-4539-BD99-7923AD830433} Delete
Items found - 82, recognized as trusted - 80

Printing system extensions (print monitors, providers)

File name	Redirector	Name	Type	Description	Manufacturer
Items found - 8, recognized as trusted - 8

Task Scheduler jobs

File name	Redirector	Job name	Description	Manufacturer	Path	Command line
C:\Program Files\Bitdefender Agent\26.0.1.233\WatchDog.exe 1028.58 kb, rsAh, created: 03.11.2022 14:05:19, modified: 25.07.2022 12:57:49 Script: Quarantine, Delete, Delete via BC	x64	Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 Script: Delete scheduler task	Bitdefender Agent WatchDog	©1997-2022 Bitdefender	C:\WINDOWS\system32\Tasks\	C:\Program Files\Bitdefender Agent\26.0.1.233\WatchDog.exe repair WorkingDirectory=C:\Program Files\Bitdefender Agent\26.0.1.233
C:\Program Files (x86)\Gyazo\GyazoUpdate.exe 10990.83 kb, rsAh, created: 04.08.2022 22:22:27, modified: 11.10.2022 04:58:24 Script: Quarantine, Delete, Delete via BC	x64	GyazoUpdateTaskMachine Script: Delete scheduler task	Gyazo Auto Update Machine	(c) Nota Inc. All rights reserved.	C:\WINDOWS\system32\Tasks\	"C:\Program Files (x86)\Gyazo\GyazoUpdate.exe"
C:\Program Files (x86)\Gyazo\GyazoUpdate.exe 10990.83 kb, rsAh, created: 04.08.2022 22:22:27, modified: 11.10.2022 04:58:24 Script: Quarantine, Delete, Delete via BC	x64	GyazoUpdateTaskMachineDaily Script: Delete scheduler task	Gyazo Auto Update Machine	(c) Nota Inc. All rights reserved.	C:\WINDOWS\system32\Tasks\	"C:\Program Files (x86)\Gyazo\GyazoUpdate.exe"
C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log 6.44 kb, rsAh, created: 30.07.2022 12:28:29, modified: 06.11.2022 12:25:01 Script: Quarantine, Delete, Delete via BC	x64	NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} Script: Delete scheduler task			C:\WINDOWS\system32\Tasks\	C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log WorkingDirectory=C:\Program Files\NVIDIA Corporation\NvContainer
C:\Users\labma\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe 4068.88 kb, rsAh, created: 29.07.2022 15:01:02, modified: 02.11.2022 14:38:35 Script: Quarantine, Delete, Delete via BC	x64	OneDrive Reporting Task-S-1-5-21-330044558-529448679-860890435-1001 Script: Delete scheduler task	Standalone Updater	© Microsoft Corporation. All rights reserved.	C:\WINDOWS\system32\Tasks\	%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting
C:\Users\labma\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe 4068.88 kb, rsAh, created: 29.07.2022 15:01:02, modified: 02.11.2022 14:38:35 Script: Quarantine, Delete, Delete via BC	x64	OneDrive Standalone Update Task-S-1-5-21-330044558-529448679-860890435-1001 Script: Delete scheduler task	Standalone Updater	© Microsoft Corporation. All rights reserved.	C:\WINDOWS\system32\Tasks\	%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\Users\labma\AppData\Local\Programs\Opera GX\launcher.exe 2413.95 kb, rsAh, created: 28.09.2022 22:18:30, modified: 28.10.2022 01:27:59 Script: Quarantine, Delete, Delete via BC	x64	Opera GX scheduled assistant Autoupdate 1665807664 Script: Delete scheduler task	Opera GX Internet Browser	Copyright Opera Software 2022	C:\WINDOWS\system32\Tasks\	C:\Users\labma\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\labma\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
C:\Users\labma\AppData\Local\Programs\Opera GX\launcher.exe 2413.95 kb, rsAh, created: 28.09.2022 22:18:30, modified: 28.10.2022 01:27:59 Script: Quarantine, Delete, Delete via BC	x64	Opera GX scheduled Autoupdate 1664425110 Script: Delete scheduler task	Opera GX Internet Browser	Copyright Opera Software 2022	C:\WINDOWS\system32\Tasks\	C:\Users\labma\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate $(Arg0)
Items found - 115, recognized as trusted - 107

Namespace providers (NSP)

Manufacturer	Status	EXE file	Redirector	Description	Manufacturer	GUID
Items found - 14, recognized as trusted - 14

Transport protocol providers (TSP, LSP)

Protocol Name	EXE file	Redirector	Description	Manufacturer
Items found - 28, recognized as trusted - 28

TCP/UDP ports

Port	Status	Remote Host	Remote Port	Application	Redirector	Notes	Description	Manufacturer
TCP ports
445	LISTENING	0.0.0.0	0	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64	Microsoft NET
2869	LISTENING	0.0.0.0	0	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64
5357	LISTENING	0.0.0.0	0	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64
7680	LISTENING	0.0.0.0	0	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [5652] 3800.41 kb, rsAh, created: 05.08.2021 16:41:46, modified: 03.11.2022 01:00:42 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.
27036	LISTENING	0.0.0.0	0	c:\program files (x86)\steam\steam.exe [15196] 4134.85 kb, rsAh, created: 21.03.2022 20:23:12, modified: 18.10.2022 20:02:56 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Steam	Copyright (C) 2021 Valve Corporation
49665	LISTENING	0.0.0.0	0	wininit.exe [800] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64
49691	LISTENING	0.0.0.0	0	services.exe [860] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64
6463	LISTENING	0.0.0.0	0	c:\users\labma\appdata\local\discord\app-1.0.9007\discord.exe [13892] 115235.77 kb, rsAh, created: 21.10.2022 16:31:32, modified: 21.10.2022 16:31:32 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Discord	Copyright (c) 2022 Discord Inc. All rights reserved.
10603	LISTENING	0.0.0.0	0	c:\users\labma\appdata\local\medal\app-4.1687.0\medal.exe [13300] 128158.42 kb, rsAh, created: 01.08.2022 00:11:34, modified: 01.08.2022 00:11:37 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Medal	Copyright 2020 Medal B.V.. All rights reserved.
10603	ESTABLISHED	127.0.0.1	49692	c:\users\labma\appdata\local\medal\app-4.1687.0\medal.exe [13300] 128158.42 kb, rsAh, created: 01.08.2022 00:11:34, modified: 01.08.2022 00:11:37 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Medal	Copyright 2020 Medal B.V.. All rights reserved.
10603	TIME_WAIT	127.0.0.1	58546	[0]	x64
10603	TIME_WAIT	127.0.0.1	58595	[0]	x64
10603	TIME_WAIT	127.0.0.1	58633	[0]	x64
10603	TIME_WAIT	127.0.0.1	58656	[0]	x64
10603	TIME_WAIT	127.0.0.1	58673	[0]	x64
10603	TIME_WAIT	127.0.0.1	58684	[0]	x64
10603	TIME_WAIT	127.0.0.1	58708	[0]	x64
10603	TIME_WAIT	127.0.0.1	58734	[0]	x64
10603	TIME_WAIT	127.0.0.1	58735	[0]	x64
10603	TIME_WAIT	127.0.0.1	58929	[0]	x64
10603	FIN_WAIT2	127.0.0.1	58936	c:\users\labma\appdata\local\medal\app-4.1687.0\medal.exe [13300] 128158.42 kb, rsAh, created: 01.08.2022 00:11:34, modified: 01.08.2022 00:11:37 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Medal	Copyright 2020 Medal B.V.. All rights reserved.
10604	LISTENING	0.0.0.0	0	c:\users\labma\appdata\local\medal\recorder-3.580.0\medalencoder.exe [16436] 908.88 kb, rsAh, created: 02.11.2022 21:34:52, modified: 02.11.2022 21:34:52 Script: Quarantine, Delete, Delete via BC, Terminate	x64		MedalEncoder	Copyright © 2018
27015	LISTENING	0.0.0.0	0	c:\program files\windowsapps\appleinc.itunes_12126.1.57048.0_x64__nzyj5cx40ttqa\amds64\applemobiledeviceprocess.exe [15276] 100.84 kb, rsAh, created: 25.10.2022 13:21:48, modified: 25.10.2022 13:22:15 Script: Quarantine, Delete, Delete via BC, Terminate	x64	Half-Life	MobileDeviceProcess	© 2022 Apple Inc. All rights reserved.
27060	LISTENING	0.0.0.0	0	c:\program files (x86)\steam\steam.exe [15196] 4134.85 kb, rsAh, created: 21.03.2022 20:23:12, modified: 18.10.2022 20:02:56 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Steam	Copyright (C) 2021 Valve Corporation
27060	ESTABLISHED	127.0.0.1	50321	c:\program files (x86)\steam\steam.exe [15196] 4134.85 kb, rsAh, created: 21.03.2022 20:23:12, modified: 18.10.2022 20:02:56 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Steam	Copyright (C) 2021 Valve Corporation
49668	ESTABLISHED	127.0.0.1	49669	c:\program files\bitdefender\bitdefender vpn\bdvpnservice.exe [2668] 442.55 kb, rsAh, created: 24.10.2022 13:39:30, modified: 17.08.2022 00:50:54 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Bitdefender Vpn Service	©1997-2022 Bitdefender
49669	ESTABLISHED	127.0.0.1	49668	c:\program files\bitdefender\bitdefender vpn\bdvpnservice.exe [2668] 442.55 kb, rsAh, created: 24.10.2022 13:39:30, modified: 17.08.2022 00:50:54 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Bitdefender Vpn Service	©1997-2022 Bitdefender
49672	ESTABLISHED	127.0.0.1	49673	c:\program files\bitdefender\bitdefender security\bdservicehost.exe [2660] 802.52 kb, rsAh, created: 29.07.2022 17:23:15, modified: 04.10.2022 05:59:17 Script: Quarantine, Delete, Delete via BC, Terminate	x64		bdservicehost	©1997-2022 Bitdefender
49673	ESTABLISHED	127.0.0.1	49672	c:\program files\bitdefender\bitdefender security\bdservicehost.exe [2660] 802.52 kb, rsAh, created: 29.07.2022 17:23:15, modified: 04.10.2022 05:59:17 Script: Quarantine, Delete, Delete via BC, Terminate	x64		bdservicehost	©1997-2022 Bitdefender
49676	ESTABLISHED	127.0.0.1	49677	c:\program files\bitdefender\bitdefender security\bdservicehost.exe [2028] 802.52 kb, rsAh, created: 29.07.2022 17:23:15, modified: 04.10.2022 05:59:17 Script: Quarantine, Delete, Delete via BC, Terminate	x64		bdservicehost	©1997-2022 Bitdefender
49677	ESTABLISHED	127.0.0.1	49676	c:\program files\bitdefender\bitdefender security\bdservicehost.exe [2028] 802.52 kb, rsAh, created: 29.07.2022 17:23:15, modified: 04.10.2022 05:59:17 Script: Quarantine, Delete, Delete via BC, Terminate	x64		bdservicehost	©1997-2022 Bitdefender
49692	ESTABLISHED	127.0.0.1	10603	c:\users\labma\appdata\local\medal\recorder-3.580.0\medalencoder.exe [16436] 908.88 kb, rsAh, created: 02.11.2022 21:34:52, modified: 02.11.2022 21:34:52 Script: Quarantine, Delete, Delete via BC, Terminate	x64		MedalEncoder	Copyright © 2018
49702	ESTABLISHED	127.0.0.1	49703	c:\program files\bitdefender agent\productagentservice.exe [5316] 770.58 kb, rsAh, created: 29.07.2022 15:09:52, modified: 25.07.2022 12:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Bitdefender Agent	©1997-2022 Bitdefender
49703	ESTABLISHED	127.0.0.1	49702	c:\program files\bitdefender agent\productagentservice.exe [5316] 770.58 kb, rsAh, created: 29.07.2022 15:09:52, modified: 25.07.2022 12:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Bitdefender Agent	©1997-2022 Bitdefender
49707	TIME_WAIT	127.0.0.1	58551	[0]	x64
49707	TIME_WAIT	127.0.0.1	58591	[0]	x64
49707	TIME_WAIT	127.0.0.1	58603	[0]	x64
49707	TIME_WAIT	127.0.0.1	58604	[0]	x64
49707	TIME_WAIT	127.0.0.1	58638	[0]	x64
49707	TIME_WAIT	127.0.0.1	58669	[0]	x64
49707	TIME_WAIT	127.0.0.1	58670	[0]	x64
49707	TIME_WAIT	127.0.0.1	58687	[0]	x64
49722	ESTABLISHED	127.0.0.1	49723	c:\program files\bitdefender\bitdefender vpn\bdvpnapp.exe [12140] 483.05 kb, rsAh, created: 24.10.2022 13:39:30, modified: 17.08.2022 00:50:25 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Bitdefender Vpn App	©1997-2022 Bitdefender
49723	ESTABLISHED	127.0.0.1	49722	c:\program files\bitdefender\bitdefender vpn\bdvpnapp.exe [12140] 483.05 kb, rsAh, created: 24.10.2022 13:39:30, modified: 17.08.2022 00:50:25 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Bitdefender Vpn App	©1997-2022 Bitdefender
49726	ESTABLISHED	127.0.0.1	49727	c:\program files\bitdefender\bitdefender security\bdagent.exe [11612] 966.02 kb, rsAh, created: 29.07.2022 17:23:14, modified: 04.10.2022 05:59:16 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Bitdefender agent	©1997-2022 Bitdefender
49727	ESTABLISHED	127.0.0.1	49726	c:\program files\bitdefender\bitdefender security\bdagent.exe [11612] 966.02 kb, rsAh, created: 29.07.2022 17:23:14, modified: 04.10.2022 05:59:16 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Bitdefender agent	©1997-2022 Bitdefender
49760	ESTABLISHED	127.0.0.1	49761	c:\program files\bitdefender\bitdefender security\bdwtxag.exe [13752] 2034.02 kb, rsAh, created: 29.07.2022 17:23:15, modified: 04.10.2022 05:59:18 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Bitdefender Wallet Agent	©1997-2022 Bitdefender
49761	ESTABLISHED	127.0.0.1	49760	c:\program files\bitdefender\bitdefender security\bdwtxag.exe [13752] 2034.02 kb, rsAh, created: 29.07.2022 17:23:15, modified: 04.10.2022 05:59:18 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Bitdefender Wallet Agent	©1997-2022 Bitdefender
49960	ESTABLISHED	127.0.0.1	49961	c:\program files\bitdefender\bitdefender security\bdservicehost.exe [2028] 802.52 kb, rsAh, created: 29.07.2022 17:23:15, modified: 04.10.2022 05:59:17 Script: Quarantine, Delete, Delete via BC, Terminate	x64		bdservicehost	©1997-2022 Bitdefender
49961	ESTABLISHED	127.0.0.1	49960	c:\program files\bitdefender\bitdefender security\bdservicehost.exe [2028] 802.52 kb, rsAh, created: 29.07.2022 17:23:15, modified: 04.10.2022 05:59:17 Script: Quarantine, Delete, Delete via BC, Terminate	x64		bdservicehost	©1997-2022 Bitdefender
50321	ESTABLISHED	127.0.0.1	27060	c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe [4584] 6181.85 kb, rsAh, created: 29.07.2022 17:42:26, modified: 18.10.2022 20:03:02 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Steam Client WebHelper	Copyright (C) 2014 Valve Corporation
58552	TIME_WAIT	127.0.0.1	49707	[0]	x64
58593	TIME_WAIT	127.0.0.1	49707	[0]	x64
58594	TIME_WAIT	127.0.0.1	49707	[0]	x64
58605	TIME_WAIT	127.0.0.1	49707	[0]	x64
58606	TIME_WAIT	127.0.0.1	49707	[0]	x64
58641	TIME_WAIT	127.0.0.1	49707	[0]	x64
58689	TIME_WAIT	127.0.0.1	49707	[0]	x64
58936	CLOSE_WAIT	127.0.0.1	10603	c:\users\labma\appdata\local\medal\recorder-3.580.0\medalencoder.exe [16436] 908.88 kb, rsAh, created: 02.11.2022 21:34:52, modified: 02.11.2022 21:34:52 Script: Quarantine, Delete, Delete via BC, Terminate	x64		MedalEncoder	Copyright © 2018
139	LISTENING	0.0.0.0	0	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64	Microsoft NET
49194	ESTABLISHED	104.17.108.108	443	c:\program files\bitdefender\bitdefender vpn\bdvpnservice.exe [2668] 442.55 kb, rsAh, created: 24.10.2022 13:39:30, modified: 17.08.2022 00:50:54 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Bitdefender Vpn Service	©1997-2022 Bitdefender
49291	ESTABLISHED	104.17.108.108	443	c:\program files\bitdefender\bitdefender security\bdwtxag.exe [13752] 2034.02 kb, rsAh, created: 29.07.2022 17:23:15, modified: 04.10.2022 05:59:18 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Bitdefender Wallet Agent	©1997-2022 Bitdefender
49861	ESTABLISHED	128.116.125.3	443	c:\program files\windowsapps\robloxcorporation.roblox_2.551.575.0_x86__55nm5eh3cm0pr\windows10universal.exe [16376] 40329.00 kb, rsAh, created: 04.11.2022 20:42:44, modified: 04.11.2022 20:42:59 Script: Quarantine, Delete, Delete via BC, Terminate	x64
49881	ESTABLISHED	104.17.108.108	443	c:\program files\bitdefender agent\productagentservice.exe [5316] 770.58 kb, rsAh, created: 29.07.2022 15:09:52, modified: 25.07.2022 12:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Bitdefender Agent	©1997-2022 Bitdefender
49900	ESTABLISHED	15.197.213.252	443	c:\users\labma\appdata\local\medal\app-4.1687.0\medal.exe [5024] 128158.42 kb, rsAh, created: 01.08.2022 00:11:34, modified: 01.08.2022 00:11:37 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Medal	Copyright 2020 Medal B.V.. All rights reserved.
49950	ESTABLISHED	52.159.126.152	443	c:\users\labma\appdata\local\microsoft\onedrive\onedrive.exe [11728] 2568.38 kb, rsAh, created: 29.07.2022 15:01:01, modified: 02.11.2022 14:38:35 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft OneDrive	© Microsoft Corporation. All rights reserved.
50016	ESTABLISHED	162.254.192.74	27023	c:\program files (x86)\steam\steam.exe [15196] 4134.85 kb, rsAh, created: 21.03.2022 20:23:12, modified: 18.10.2022 20:02:56 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Steam	Copyright (C) 2021 Valve Corporation
50095	ESTABLISHED	13.225.43.44	443	c:\program files (x86)\microsoft\edge\application\msedge.exe [13588] 3800.41 kb, rsAh, created: 05.08.2021 16:41:46, modified: 03.11.2022 01:00:42 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.
50098	ESTABLISHED	13.226.184.114	443	c:\program files (x86)\microsoft\edge\application\msedge.exe [13588] 3800.41 kb, rsAh, created: 05.08.2021 16:41:46, modified: 03.11.2022 01:00:42 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.
50323	ESTABLISHED	13.226.184.90	443	c:\program files (x86)\microsoft\edge\application\msedge.exe [13588] 3800.41 kb, rsAh, created: 05.08.2021 16:41:46, modified: 03.11.2022 01:00:42 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.
50353	ESTABLISHED	20.189.173.15	443	c:\program files (x86)\microsoft\edge\application\msedge.exe [13588] 3800.41 kb, rsAh, created: 05.08.2021 16:41:46, modified: 03.11.2022 01:00:42 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.
50486	ESTABLISHED	185.184.8.90	443	c:\program files (x86)\microsoft\edge\application\msedge.exe [13588] 3800.41 kb, rsAh, created: 05.08.2021 16:41:46, modified: 03.11.2022 01:00:42 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.
50529	TIME_WAIT	199.232.10.133	443	[0]	x64
50620	ESTABLISHED	34.149.211.227	443	c:\program files\bitdefender\bitdefender security\bdservicehost.exe [2660] 802.52 kb, rsAh, created: 29.07.2022 17:23:15, modified: 04.10.2022 05:59:17 Script: Quarantine, Delete, Delete via BC, Terminate	x64		bdservicehost	©1997-2022 Bitdefender
57485	ESTABLISHED	23.41.182.229	443	c:\users\labma\appdata\local\roblox\versions\version-7416e8c9782b442c\robloxstudiobeta.exe [12700] 93168.32 kb, rsAh, created: 02.11.2022 19:39:08, modified: 02.11.2022 19:39:08 Script: Quarantine, Delete, Delete via BC, Terminate	x64		RobloxStudio	Copyright © 2022 Roblox Corporation
57539	ESTABLISHED	34.149.211.227	443	c:\program files\bitdefender\bitdefender security\bdservicehost.exe [2028] 802.52 kb, rsAh, created: 29.07.2022 17:23:15, modified: 04.10.2022 05:59:17 Script: Quarantine, Delete, Delete via BC, Terminate	x64		bdservicehost	©1997-2022 Bitdefender
57668	ESTABLISHED	13.225.43.44	443	c:\program files (x86)\microsoft\edge\application\msedge.exe [13588] 3800.41 kb, rsAh, created: 05.08.2021 16:41:46, modified: 03.11.2022 01:00:42 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.
58458	ESTABLISHED	104.17.107.108	443	c:\program files\bitdefender\bitdefender security\bdservicehost.exe [2028] 802.52 kb, rsAh, created: 29.07.2022 17:23:15, modified: 04.10.2022 05:59:17 Script: Quarantine, Delete, Delete via BC, Terminate	x64		bdservicehost	©1997-2022 Bitdefender
58465	TIME_WAIT	20.60.132.4	443	[0]	x64
58471	ESTABLISHED	18.238.171.15	443	c:\program files (x86)\microsoft\edge\application\msedge.exe [13588] 3800.41 kb, rsAh, created: 05.08.2021 16:41:46, modified: 03.11.2022 01:00:42 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.
58508	ESTABLISHED	128.116.125.3	443	c:\program files (x86)\microsoft\edge\application\msedge.exe [13588] 3800.41 kb, rsAh, created: 05.08.2021 16:41:46, modified: 03.11.2022 01:00:42 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.
58511	TIME_WAIT	205.234.175.102	443	[0]	x64
58519	TIME_WAIT	20.112.95.21	443	[0]	x64
58583	ESTABLISHED	104.16.109.79	443	c:\users\labma\appdata\local\medal\recorder-3.580.0\medalencoder.exe [16436] 908.88 kb, rsAh, created: 02.11.2022 21:34:52, modified: 02.11.2022 21:34:52 Script: Quarantine, Delete, Delete via BC, Terminate	x64		MedalEncoder	Copyright © 2018
58596	ESTABLISHED	104.16.109.79	443	c:\users\labma\appdata\local\medal\recorder-3.580.0\medalencoder.exe [16436] 908.88 kb, rsAh, created: 02.11.2022 21:34:52, modified: 02.11.2022 21:34:52 Script: Quarantine, Delete, Delete via BC, Terminate	x64		MedalEncoder	Copyright © 2018
58626	TIME_WAIT	205.234.175.102	443	[0]	x64
58651	ESTABLISHED	23.2.247.96	443	c:\program files\windowsapps\robloxcorporation.roblox_2.551.575.0_x86__55nm5eh3cm0pr\windows10universal.exe [16376] 40329.00 kb, rsAh, created: 04.11.2022 20:42:44, modified: 04.11.2022 20:42:59 Script: Quarantine, Delete, Delete via BC, Terminate	x64
58671	ESTABLISHED	162.159.135.232	443	c:\users\labma\appdata\local\discord\app-1.0.9007\discord.exe [12688] 115235.77 kb, rsAh, created: 21.10.2022 16:31:32, modified: 21.10.2022 16:31:32 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Discord	Copyright (c) 2022 Discord Inc. All rights reserved.
58700	TIME_WAIT	128.116.125.4	443	[0]	x64
58701	TIME_WAIT	128.116.125.3	443	[0]	x64
58702	TIME_WAIT	128.116.125.3	443	[0]	x64
58703	TIME_WAIT	128.116.125.4	443	[0]	x64
58704	TIME_WAIT	128.116.125.4	443	[0]	x64
58705	TIME_WAIT	128.116.125.3	443	[0]	x64
58706	TIME_WAIT	128.116.125.3	443	[0]	x64
58707	TIME_WAIT	128.116.125.3	443	[0]	x64
58710	TIME_WAIT	128.116.125.4	443	[0]	x64
58714	TIME_WAIT	128.116.125.3	443	[0]	x64
58715	TIME_WAIT	128.116.125.3	443	[0]	x64
58716	TIME_WAIT	128.116.125.3	443	[0]	x64
58717	TIME_WAIT	128.116.125.3	443	[0]	x64
58718	TIME_WAIT	128.116.125.3	443	[0]	x64
58719	TIME_WAIT	128.116.125.3	443	[0]	x64
58720	TIME_WAIT	128.116.125.3	443	[0]	x64
58721	TIME_WAIT	128.116.125.3	443	[0]	x64
58722	TIME_WAIT	128.116.125.3	443	[0]	x64
58723	TIME_WAIT	128.116.125.3	443	[0]	x64
58724	TIME_WAIT	128.116.125.3	443	[0]	x64
58725	TIME_WAIT	128.116.125.4	443	[0]	x64
58726	TIME_WAIT	128.116.125.3	443	[0]	x64
58727	TIME_WAIT	128.116.125.3	443	[0]	x64
58728	TIME_WAIT	128.116.125.3	443	[0]	x64
58730	TIME_WAIT	128.116.125.3	443	[0]	x64
58731	TIME_WAIT	128.116.125.3	443	[0]	x64
58732	TIME_WAIT	128.116.125.3	443	[0]	x64
58733	TIME_WAIT	128.116.125.3	443	[0]	x64
58736	TIME_WAIT	128.116.125.3	443	[0]	x64
58737	TIME_WAIT	128.116.125.3	443	[0]	x64
58739	TIME_WAIT	128.116.125.3	443	[0]	x64
58740	TIME_WAIT	128.116.125.3	443	[0]	x64
58741	TIME_WAIT	128.116.125.3	443	[0]	x64
58743	TIME_WAIT	128.116.125.3	443	[0]	x64
58744	TIME_WAIT	128.116.125.3	443	[0]	x64
58746	TIME_WAIT	128.116.125.3	443	[0]	x64
58747	TIME_WAIT	128.116.125.3	443	[0]	x64
58748	TIME_WAIT	128.116.125.3	443	[0]	x64
58749	TIME_WAIT	128.116.125.3	443	[0]	x64
58751	TIME_WAIT	128.116.125.3	443	[0]	x64
58753	TIME_WAIT	128.116.125.3	443	[0]	x64
58754	TIME_WAIT	128.116.125.3	443	[0]	x64
58755	TIME_WAIT	128.116.125.3	443	[0]	x64
58756	TIME_WAIT	128.116.125.3	443	[0]	x64
58759	TIME_WAIT	128.116.125.3	443	[0]	x64
58761	TIME_WAIT	128.116.125.3	443	[0]	x64
58762	TIME_WAIT	128.116.125.3	443	[0]	x64
58763	TIME_WAIT	128.116.125.3	443	[0]	x64
58764	TIME_WAIT	128.116.125.3	443	[0]	x64
58765	TIME_WAIT	128.116.125.3	443	[0]	x64
58766	TIME_WAIT	128.116.125.3	443	[0]	x64
58767	TIME_WAIT	128.116.125.3	443	[0]	x64
58768	TIME_WAIT	128.116.125.3	443	[0]	x64
58769	TIME_WAIT	128.116.125.3	443	[0]	x64
58770	TIME_WAIT	128.116.125.3	443	[0]	x64
58771	TIME_WAIT	128.116.125.3	443	[0]	x64
58772	TIME_WAIT	128.116.125.3	443	[0]	x64
58773	TIME_WAIT	128.116.125.3	443	[0]	x64
58774	TIME_WAIT	128.116.125.3	443	[0]	x64
58775	TIME_WAIT	128.116.125.3	443	[0]	x64
58776	TIME_WAIT	128.116.125.3	443	[0]	x64
58777	TIME_WAIT	128.116.125.3	443	[0]	x64
58778	TIME_WAIT	128.116.125.3	443	[0]	x64
58779	TIME_WAIT	128.116.125.3	443	[0]	x64
58780	TIME_WAIT	128.116.125.3	443	[0]	x64
58781	TIME_WAIT	128.116.125.3	443	[0]	x64
58782	TIME_WAIT	128.116.125.3	443	[0]	x64
58783	TIME_WAIT	128.116.125.3	443	[0]	x64
58784	TIME_WAIT	128.116.125.3	443	[0]	x64
58785	TIME_WAIT	128.116.125.3	443	[0]	x64
58786	TIME_WAIT	128.116.125.3	443	[0]	x64
58788	TIME_WAIT	128.116.125.3	443	[0]	x64
58789	TIME_WAIT	128.116.125.3	443	[0]	x64
58790	ESTABLISHED	205.185.216.42	443	c:\program files (x86)\microsoft\edge\application\msedge.exe [13588] 3800.41 kb, rsAh, created: 05.08.2021 16:41:46, modified: 03.11.2022 01:00:42 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.
58791	ESTABLISHED	205.234.175.102	443	c:\program files (x86)\microsoft\edge\application\msedge.exe [13588] 3800.41 kb, rsAh, created: 05.08.2021 16:41:46, modified: 03.11.2022 01:00:42 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.
58796	TIME_WAIT	128.116.125.3	443	[0]	x64
58797	TIME_WAIT	128.116.125.3	443	[0]	x64
58798	TIME_WAIT	128.116.125.3	443	[0]	x64
58799	TIME_WAIT	128.116.125.3	443	[0]	x64
58800	TIME_WAIT	128.116.125.3	443	[0]	x64
58801	TIME_WAIT	128.116.125.3	443	[0]	x64
58802	TIME_WAIT	128.116.125.3	443	[0]	x64
58803	TIME_WAIT	128.116.125.3	443	[0]	x64
58804	TIME_WAIT	128.116.125.3	443	[0]	x64
58805	TIME_WAIT	128.116.125.3	443	[0]	x64
58806	TIME_WAIT	128.116.125.3	443	[0]	x64
58807	TIME_WAIT	128.116.125.3	443	[0]	x64
58808	TIME_WAIT	128.116.125.3	443	[0]	x64
58809	TIME_WAIT	128.116.125.3	443	[0]	x64
58810	TIME_WAIT	128.116.125.3	443	[0]	x64
58811	TIME_WAIT	128.116.125.3	443	[0]	x64
58812	TIME_WAIT	128.116.125.3	443	[0]	x64
58813	ESTABLISHED	52.6.24.92	443	c:\program files (x86)\microsoft\edge\application\msedge.exe [13588] 3800.41 kb, rsAh, created: 05.08.2021 16:41:46, modified: 03.11.2022 01:00:42 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.
58814	TIME_WAIT	128.116.125.3	443	[0]	x64
58815	TIME_WAIT	128.116.125.3	443	[0]	x64
58816	TIME_WAIT	128.116.125.3	443	[0]	x64
58817	TIME_WAIT	128.116.125.3	443	[0]	x64
58818	TIME_WAIT	128.116.125.3	443	[0]	x64
58819	TIME_WAIT	128.116.125.3	443	[0]	x64
58820	TIME_WAIT	128.116.125.3	443	[0]	x64
58821	TIME_WAIT	128.116.125.3	443	[0]	x64
58822	TIME_WAIT	128.116.125.3	443	[0]	x64
58823	TIME_WAIT	128.116.125.3	443	[0]	x64
58824	TIME_WAIT	128.116.125.3	443	[0]	x64
58825	TIME_WAIT	128.116.125.3	443	[0]	x64
58826	TIME_WAIT	128.116.125.3	443	[0]	x64
58827	TIME_WAIT	128.116.125.3	443	[0]	x64
58828	TIME_WAIT	128.116.125.3	443	[0]	x64
58829	TIME_WAIT	128.116.125.3	443	[0]	x64
58830	TIME_WAIT	128.116.125.3	443	[0]	x64
58831	TIME_WAIT	128.116.125.3	443	[0]	x64
58832	TIME_WAIT	128.116.125.3	443	[0]	x64
58833	TIME_WAIT	128.116.125.3	443	[0]	x64
58834	TIME_WAIT	128.116.125.3	443	[0]	x64
58835	TIME_WAIT	128.116.125.3	443	[0]	x64
58836	TIME_WAIT	128.116.125.3	443	[0]	x64
58837	TIME_WAIT	128.116.125.3	443	[0]	x64
58838	TIME_WAIT	128.116.125.3	443	[0]	x64
58839	TIME_WAIT	128.116.125.3	443	[0]	x64
58840	TIME_WAIT	128.116.125.3	443	[0]	x64
58841	TIME_WAIT	128.116.125.3	443	[0]	x64
58842	TIME_WAIT	128.116.125.3	443	[0]	x64
58843	TIME_WAIT	128.116.125.3	443	[0]	x64
58844	TIME_WAIT	128.116.125.3	443	[0]	x64
58845	TIME_WAIT	128.116.125.3	443	[0]	x64
58846	TIME_WAIT	128.116.125.3	443	[0]	x64
58847	TIME_WAIT	128.116.125.3	443	[0]	x64
58848	TIME_WAIT	128.116.125.3	443	[0]	x64
58849	TIME_WAIT	128.116.125.3	443	[0]	x64
58850	TIME_WAIT	128.116.125.3	443	[0]	x64
58851	TIME_WAIT	128.116.125.3	443	[0]	x64
58852	TIME_WAIT	128.116.125.3	443	[0]	x64
58853	TIME_WAIT	128.116.125.3	443	[0]	x64
58854	TIME_WAIT	128.116.125.3	443	[0]	x64
58855	TIME_WAIT	128.116.125.3	443	[0]	x64
58856	TIME_WAIT	128.116.125.3	443	[0]	x64
58857	TIME_WAIT	128.116.125.3	443	[0]	x64
58858	TIME_WAIT	128.116.125.3	443	[0]	x64
58859	TIME_WAIT	128.116.125.3	443	[0]	x64
58860	TIME_WAIT	128.116.125.3	443	[0]	x64
58861	TIME_WAIT	128.116.125.3	443	[0]	x64
58862	TIME_WAIT	128.116.125.3	443	[0]	x64
58863	TIME_WAIT	128.116.125.3	443	[0]	x64
58864	TIME_WAIT	128.116.125.3	443	[0]	x64
58865	TIME_WAIT	128.116.125.3	443	[0]	x64
58866	TIME_WAIT	128.116.125.3	443	[0]	x64
58905	ESTABLISHED	13.249.74.75	443	c:\program files (x86)\microsoft\edge\application\msedge.exe [13588] 3800.41 kb, rsAh, created: 05.08.2021 16:41:46, modified: 03.11.2022 01:00:42 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.
58906	ESTABLISHED	23.47.49.220	443	c:\users\labma\appdata\local\roblox\versions\version-717cf6a6f7614f44\robloxplayerbeta.exe [3132] 56499.32 kb, rsAh, created: 02.11.2022 19:24:51, modified: 02.11.2022 19:24:51 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Roblox Game Client	Copyright В© 2020 Roblox Corporation. All rights reserved.
58932	ESTABLISHED	34.149.211.227	443	c:\program files\bitdefender\bitdefender security\bdservicehost.exe [2028] 802.52 kb, rsAh, created: 29.07.2022 17:23:15, modified: 04.10.2022 05:59:17 Script: Quarantine, Delete, Delete via BC, Terminate	x64		bdservicehost	©1997-2022 Bitdefender
58933	CLOSE_WAIT	128.116.125.3	443	c:\users\labma\appdata\local\roblox\versions\version-717cf6a6f7614f44\robloxplayerbeta.exe [3132] 56499.32 kb, rsAh, created: 02.11.2022 19:24:51, modified: 02.11.2022 19:24:51 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Roblox Game Client	Copyright В© 2020 Roblox Corporation. All rights reserved.
58935	TIME_WAIT	20.42.73.27	443	[0]	x64
58937	ESTABLISHED	128.116.125.4	443	c:\users\labma\appdata\local\roblox\versions\version-7416e8c9782b442c\robloxstudiobeta.exe [12700] 93168.32 kb, rsAh, created: 02.11.2022 19:39:08, modified: 02.11.2022 19:39:08 Script: Quarantine, Delete, Delete via BC, Terminate	x64		RobloxStudio	Copyright © 2022 Roblox Corporation
58938	ESTABLISHED	128.116.125.3	443	c:\users\labma\appdata\local\roblox\versions\version-7416e8c9782b442c\robloxstudiobeta.exe [12700] 93168.32 kb, rsAh, created: 02.11.2022 19:39:08, modified: 02.11.2022 19:39:08 Script: Quarantine, Delete, Delete via BC, Terminate	x64		RobloxStudio	Copyright © 2022 Roblox Corporation
64912	ESTABLISHED	162.159.130.234	443	c:\users\labma\appdata\local\discord\app-1.0.9007\discord.exe [12616] 115235.77 kb, rsAh, created: 21.10.2022 16:31:32, modified: 21.10.2022 16:31:32 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Discord	Copyright (c) 2022 Discord Inc. All rights reserved.
65386	ESTABLISHED	13.225.43.55	443	c:\program files (x86)\microsoft\edge\application\msedge.exe [13588] 3800.41 kb, rsAh, created: 05.08.2021 16:41:46, modified: 03.11.2022 01:00:42 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.
UDP ports
67	LISTENING	--	--	c:\program files\bitdefender\bitdefender security\bdntwrk.exe [4912] 830.52 kb, rsAh, created: 29.07.2022 17:23:15, modified: 04.10.2022 05:59:17 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Bitdefender Network OS Helper Process	©1997-2022 Bitdefender
5353	LISTENING	--	--	c:\program files (x86)\microsoft\edge\application\msedge.exe [13588] 3800.41 kb, rsAh, created: 05.08.2021 16:41:46, modified: 03.11.2022 01:00:42 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.
5353	LISTENING	--	--	c:\program files (x86)\microsoft\edge\application\msedge.exe [14260] 3800.41 kb, rsAh, created: 05.08.2021 16:41:46, modified: 03.11.2022 01:00:42 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.
5353	LISTENING	--	--	c:\users\labma\appdata\local\medal\app-4.1687.0\medal.exe [14232] 128158.42 kb, rsAh, created: 01.08.2022 00:11:34, modified: 01.08.2022 00:11:37 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Medal	Copyright 2020 Medal B.V.. All rights reserved.
5353	LISTENING	--	--	c:\program files (x86)\microsoft\edge\application\msedge.exe [14260] 3800.41 kb, rsAh, created: 05.08.2021 16:41:46, modified: 03.11.2022 01:00:42 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.
5353	LISTENING	--	--	c:\program files (x86)\microsoft\edge\application\msedge.exe [13588] 3800.41 kb, rsAh, created: 05.08.2021 16:41:46, modified: 03.11.2022 01:00:42 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.
5353	LISTENING	--	--	c:\users\labma\appdata\local\medal\app-4.1687.0\medal.exe [14232] 128158.42 kb, rsAh, created: 01.08.2022 00:11:34, modified: 01.08.2022 00:11:37 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Medal	Copyright 2020 Medal B.V.. All rights reserved.
5353	LISTENING	--	--	c:\users\labma\appdata\local\medal\app-4.1687.0\medal.exe [13300] 128158.42 kb, rsAh, created: 01.08.2022 00:11:34, modified: 01.08.2022 00:11:37 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Medal	Copyright 2020 Medal B.V.. All rights reserved.
27036	LISTENING	--	--	c:\program files (x86)\steam\steam.exe [15196] 4134.85 kb, rsAh, created: 21.03.2022 20:23:12, modified: 18.10.2022 20:02:56 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Steam	Copyright (C) 2021 Valve Corporation
50321	LISTENING	--	--	c:\program files (x86)\microsoft\edge\application\msedge.exe [13588] 3800.41 kb, rsAh, created: 05.08.2021 16:41:46, modified: 03.11.2022 01:00:42 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.
50322	LISTENING	--	--	c:\program files (x86)\microsoft\edge\application\msedge.exe [13588] 3800.41 kb, rsAh, created: 05.08.2021 16:41:46, modified: 03.11.2022 01:00:42 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.
53115	LISTENING	--	--	c:\program files\bitdefender\bitdefender vpn\bdvpnservice.exe [2668] 442.55 kb, rsAh, created: 24.10.2022 13:39:30, modified: 17.08.2022 00:50:54 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Bitdefender Vpn Service	©1997-2022 Bitdefender
53116	LISTENING	--	--	c:\program files\bitdefender\bitdefender security\bdservicehost.exe [2028] 802.52 kb, rsAh, created: 29.07.2022 17:23:15, modified: 04.10.2022 05:59:17 Script: Quarantine, Delete, Delete via BC, Terminate	x64		bdservicehost	©1997-2022 Bitdefender
54646	LISTENING	--	--	c:\program files\bitdefender agent\productagentservice.exe [5316] 770.58 kb, rsAh, created: 29.07.2022 15:09:52, modified: 25.07.2022 12:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Bitdefender Agent	©1997-2022 Bitdefender
55357	LISTENING	--	--	c:\program files\bitdefender\bitdefender vpn\bdvpnservice.exe [2668] 442.55 kb, rsAh, created: 24.10.2022 13:39:30, modified: 17.08.2022 00:50:54 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Bitdefender Vpn Service	©1997-2022 Bitdefender
56021	LISTENING	--	--	c:\program files\bitdefender\bitdefender security\bdservicehost.exe [2660] 802.52 kb, rsAh, created: 29.07.2022 17:23:15, modified: 04.10.2022 05:59:17 Script: Quarantine, Delete, Delete via BC, Terminate	x64		bdservicehost	©1997-2022 Bitdefender
56164	LISTENING	--	--	c:\program files\bitdefender\bitdefender security\bdwtxag.exe [13752] 2034.02 kb, rsAh, created: 29.07.2022 17:23:15, modified: 04.10.2022 05:59:18 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Bitdefender Wallet Agent	©1997-2022 Bitdefender
59292	LISTENING	--	--	c:\program files\bitdefender\bitdefender security\bdservicehost.exe [2028] 802.52 kb, rsAh, created: 29.07.2022 17:23:15, modified: 04.10.2022 05:59:17 Script: Quarantine, Delete, Delete via BC, Terminate	x64		bdservicehost	©1997-2022 Bitdefender
59382	LISTENING	--	--	c:\program files\bitdefender\bitdefender security\bdwtxag.exe [13752] 2034.02 kb, rsAh, created: 29.07.2022 17:23:15, modified: 04.10.2022 05:59:18 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Bitdefender Wallet Agent	©1997-2022 Bitdefender
64794	LISTENING	--	--	c:\program files\bitdefender\bitdefender security\bdservicehost.exe [2028] 802.52 kb, rsAh, created: 29.07.2022 17:23:15, modified: 04.10.2022 05:59:17 Script: Quarantine, Delete, Delete via BC, Terminate	x64		bdservicehost	©1997-2022 Bitdefender
64901	LISTENING	--	--	c:\program files\bitdefender agent\productagentservice.exe [5316] 770.58 kb, rsAh, created: 29.07.2022 15:09:52, modified: 25.07.2022 12:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Bitdefender Agent	©1997-2022 Bitdefender
49671	LISTENING	--	--	c:\program files\windowsapps\appleinc.itunes_12126.1.57048.0_x64__nzyj5cx40ttqa\amds64\applemobiledeviceprocess.exe [15276] 100.84 kb, rsAh, created: 25.10.2022 13:21:48, modified: 25.10.2022 13:22:15 Script: Quarantine, Delete, Delete via BC, Terminate	x64		MobileDeviceProcess	© 2022 Apple Inc. All rights reserved.
49672	LISTENING	--	--	c:\program files\windowsapps\appleinc.itunes_12126.1.57048.0_x64__nzyj5cx40ttqa\amds64\applemobiledeviceprocess.exe [15276] 100.84 kb, rsAh, created: 25.10.2022 13:21:48, modified: 25.10.2022 13:22:15 Script: Quarantine, Delete, Delete via BC, Terminate	x64		MobileDeviceProcess	© 2022 Apple Inc. All rights reserved.
137	LISTENING	--	--	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64	Microsoft NET
138	LISTENING	--	--	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64	Microsoft NET
Items found - 313, recognized as trusted - 45

Downloaded Program Files (DPF)

File name	Redirector	Description	Manufacturer	CLSID	Source URL
Items found - 0, recognized as trusted - 0

Control Panel Applets (CPL)

File name	Redirector	Description	Manufacturer
Items found - 34, recognized as trusted - 34

Active Setup

File name	Redirector	Description	Manufacturer	CLSID
C:\Program Files\Google\Chrome\Application\107.0.5304.88\Installer\chrmstp.exe 4622.77 kb, rsAh, created: 01.11.2022 18:55:55, modified: 01.11.2022 18:55:23 Script: Quarantine, Delete, Delete via BC	x64	Google Chrome Installer	Copyright 2022 Google LLC. All rights reserved.	{8A69D345-D564-463c-AFF1-A69D9E530F96} Delete
C:\Program Files (x86)\Microsoft\Edge\Application\107.0.1418.35\Installer\setup.exe 3282.91 kb, rsAh, created: 05.11.2022 09:43:52, modified: 05.11.2022 09:43:35 Script: Quarantine, Delete, Delete via BC	x64	Microsoft Edge Installer	Copyright Microsoft Corporation. All rights reserved.	{9459C573-B17A-45AE-9F64-1857B5D58CEE} Delete
C:\Program Files\Google\Chrome\Application\107.0.5304.88\Installer\chrmstp.exe 4622.77 kb, rsAh, created: 01.11.2022 18:55:55, modified: 01.11.2022 18:55:23 Script: Quarantine, Delete, Delete via BC	x64	Google Chrome Installer	Copyright 2022 Google LLC. All rights reserved.	{8A69D345-D564-463c-AFF1-A69D9E530F96} Delete
C:\Program Files (x86)\Microsoft\Edge\Application\107.0.1418.35\Installer\setup.exe 3282.91 kb, rsAh, created: 05.11.2022 09:43:52, modified: 05.11.2022 09:43:35 Script: Quarantine, Delete, Delete via BC	x64	Microsoft Edge Installer	Copyright Microsoft Corporation. All rights reserved.	{9459C573-B17A-45AE-9F64-1857B5D58CEE} Delete
Items found - 22, recognized as trusted - 18

HOSTS file

Hosts file record

Protocols and handlers

File name	Redirector	Type	Description	Manufacturer	CLSID
Items found - 44, recognized as trusted - 44

Shared resources

Network name	Path	Notes
C$	C:\	Default share
D$	D:\	Default share
ADMIN$	C:\WINDOWS	Remote Admin
IPC$		Remote IPC

Background Intelligent Transfer Service (BITS) Jobs

BITS Job ID

Job name

Status

Source URL or file name

Destination file name

Notification program

Suspicious objects

File

Redirector

Description

Type

Attention !!! Database was last updated 10/6/2022 it is necessary to update the database (via File - Database update)
AVZ Toolkit log; AVZ version is 5.63 private build [06.10.2022 18:46:05]
Scanning started at 06.11.2022 21:16:35
Database loaded: signatures - 9995, NN profile(s) - 2, malware removal microprograms - 23, signature database released 06.10.2022 16:00
Heuristic microprograms loaded: 417
PVS microprograms loaded: 10
Digital signatures of system files loaded: 638405
Heuristic analyzer mode: Maximum heuristics mode
Malware removal mode: disabled
Windows version is: 10.0.19044,  "Windows 10 Home" (Windows 10 Home) x64, install date 29.07.2022 16:52:34 ; AVZ is run with administrator rights (+)
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .rdata
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
2. Scanning RAM
 Number of processes found: 246
Extended process analysis: 5316 C:\Program Files\Bitdefender Agent\ProductAgentService.exe
[ES]:Program code includes networking-related functionality
[ES]:Listens on TCP ports !
[ES]:Application has no visible windows
Extended process analysis: 9012 C:\Program Files\Bitdefender Agent\26.0.1.233\DiscoverySrv.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing ?
Extended process analysis: 1116 C:\Program Files (x86)\Gyazo\GyStation.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing ?
 Number of modules loaded: 415
Scanning RAM - complete
3. Scanning disks
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
 Checking - disabled by user
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Remote Desktop Services)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
 >>  HDD autorun is allowed
 >>  Network drives autorun is allowed
 >>  Removable media autorun is allowed
Checking - complete
Files scanned: 662, extracted from archives: 0, malicious software found 0, suspicions - 0
Scanning finished at 06.11.2022 21:17:46
Time of scanning: 00:01:13
System Analysis in progress
Network diagnostics
 DNS and Ping test
  Host="yandex.ru", IP="77.88.55.70,5.255.255.50,5.255.255.55,77.88.55.66", Ping=OK (0,186,77.88.55.70)
  Host="google.ru", IP="142.251.116.94", Ping=OK (0,27,142.251.116.94)
  Host="google.com", IP="142.250.115.100,142.250.115.138,142.250.115.113,142.250.115.101,142.250.115.139,...", Ping=OK (0,24,142.250.115.100)
  Host="www.kaspersky.com", IP="4.59.181.140", Ping=OK (0,60,4.59.181.140)
  Host="www.kaspersky.ru", IP="144.121.3.166", Ping=Error (11010,0,0.0.0.0)
  Host="dnl-03.geo.kaspersky.com", IP="38.77.64.67", Ping=OK (0,58,38.77.64.67)
  Host="dnl-11.geo.kaspersky.com", IP="38.117.98.253", Ping=OK (0,57,38.117.98.253)
  Host="activation-v2.kaspersky.com", IP="4.59.181.141", Ping=Error (11010,0,0.0.0.0)
  Host="odnoklassniki.ru", IP="5.61.23.11,217.20.147.1,217.20.155.13", Ping=OK (0,167,5.61.23.11)
  Host="vk.com", IP="87.240.132.72,87.240.132.78,87.240.132.67,87.240.129.133,87.240.137.164,...", Ping=OK (0,166,87.240.132.72)
  Host="vkontakte.ru", IP="87.240.129.133,87.240.132.72,87.240.132.67,87.240.137.164,93.186.225.194,...", Ping=OK (0,162,87.240.129.133)
  Host="twitter.com", IP="104.244.42.1,104.244.42.129", Ping=OK (0,40,104.244.42.1)
  Host="facebook.com", IP="157.240.19.35", Ping=OK (0,25,157.240.19.35)
  Host="ru-ru.facebook.com", IP="157.240.19.19", Ping=OK (0,25,157.240.19.19)
 Network IE settings
  IE setting AutoConfigURL=
  IE setting AutoConfigProxy=
  IE setting ProxyOverride=
  IE setting ProxyServer=
  IE setting Internet\ManualProxies=
 Network TCP/IP settings
  Interface: "Ethernet 2"
   IPAddress = "172.20.10.11"
   DHCPIPAddress = "172.20.10.11"
   SubnetMask = "255.255.255.240"
   DHCPSubnetMask = "255.255.255.240"
   DefaultGateway = ""
   NameServer = ""
   Domain = ""
   DhcpServer = "172.20.10.1"
  Interface: "Ethernet 4"
   IPAddress = "172.20.10.3"
   DHCPIPAddress = "172.20.10.3"
   SubnetMask = "255.255.255.240"
   DHCPSubnetMask = "255.255.255.240"
   DefaultGateway = ""
   NameServer = ""
   Domain = ""
   DhcpServer = "172.20.10.1"
  Interface: "Local Area Connection"
   IPAddress = "100.127.255.253"
   DHCPIPAddress = "100.127.255.253"
   SubnetMask = "255.255.255.252"
   DHCPSubnetMask = "255.255.255.252"
   DefaultGateway = ""
   NameServer = "198.51.100.1"
   Domain = ""
   DhcpServer = "100.127.255.254"
  Interface: "Wi-Fi"
   IPAddress = "172.20.10.6"
   DHCPIPAddress = "172.20.10.6"
   SubnetMask = "255.255.255.240"
   DHCPSubnetMask = "255.255.255.240"
   DefaultGateway = ""
   NameServer = ""
   Domain = ""
   DhcpServer = "172.20.10.1"
  Interface: "Ethernet 3"
   IPAddress = "172.20.10.5"
   DHCPIPAddress = "172.20.10.5"
   SubnetMask = "255.255.255.240"
   DHCPSubnetMask = "255.255.255.240"
   DefaultGateway = ""
   NameServer = ""
   Domain = ""
   DhcpServer = "172.20.10.1"
 Network Persistent Routes

System Analysis - complete
Script commands Add commands to script:

Additional operations:

File list