Results of system analysis

Process List

File name	PID	Description	Copyright	MD5	Information
c:\program files\asus\asus_aac_dram\aac3572dramhal_x64.exe Script: Quarantine, Delete, Delete via BC, Terminate	1956	AAC DRAM HAL	Copyright (C) ASUSTeK Computer Inc. 2018-2020	CF6D025E698E6E4321EEBC52785C4EEC	3024.91 kb, rsAh,created: 15.08.2022 10:30:54,modified: 15.08.2022 10:30:54 Command line:
c:\program files\asus\asus_aac_dram\aac3572dramhal_x86.exe Script: Quarantine, Delete, Delete via BC, Terminate	8304	AAC DRAM HAL	Copyright (C) ASUSTeK Computer Inc. 2018-2020	B43283D368998C4C2601E144DD90D1E6	2255.41 kb, rsAh,created: 15.08.2022 10:29:38,modified: 15.08.2022 10:29:38 Command line: "C:\Program Files\ASUS\ASUS_Aac_DRAM\Aac3572DramHal_x86.exe" -Embedding
c:\program files\asus\aacmb\aac3572mbhal_x64.exe Script: Quarantine, Delete, Delete via BC, Terminate	15300	AAC MB HAL	Copyright (C) ASUSTek Computer Inc. 2018-2020	D9C01FAEDC7C1D73FAB28C35B79EAEED	999.86 kb, rsAh,created: 24.08.2022 09:57:06,modified: 24.08.2022 09:57:06 Command line:
c:\program files\asus\aacmb\aac3572mbhal_x86.exe Script: Quarantine, Delete, Delete via BC, Terminate	14192	AAC MB HAL	Copyright (C) ASUSTek Computer Inc. 2018-2020	73C2CAD92A04DB1FF05AA560759523DD	816.36 kb, rsAh,created: 24.08.2022 09:55:18,modified: 24.08.2022 09:55:18 Command line: "C:\Program Files\ASUS\AacMB\Aac3572MbHal_x86.exe" -Embedding
c:\program files\asus\aacmb\aac3572mbhal_x86.exe Script: Quarantine, Delete, Delete via BC, Terminate	17548	AAC MB HAL	Copyright (C) ASUSTek Computer Inc. 2018-2020	73C2CAD92A04DB1FF05AA560759523DD	816.36 kb, rsAh,created: 24.08.2022 09:55:18,modified: 24.08.2022 09:55:18 Command line: "C:\Program Files\ASUS\AacMB\Aac3572MbHal_x86.exe" -Embedding
c:\program files\asus\kingston_aac_dram\aackingstondramhal_x64.exe Script: Quarantine, Delete, Delete via BC, Terminate	26496			8B0246FEBB475B421D62F550D12121DC	611.85 kb, rsAh,created: 19.09.2022 17:03:08,modified: 19.09.2022 17:03:08 Command line:
c:\program files\asus\kingston_aac_dram\aackingstondramhal_x86.exe Script: Quarantine, Delete, Delete via BC, Terminate	4188			B5F26D9BCB723189A6CA1A8EFD793E76	491.35 kb, rsAh,created: 19.09.2022 17:02:06,modified: 19.09.2022 17:02:06 Command line: "C:\Program Files\ASUS\KINGSTON_Aac_DRAM\AacKingstonDramHal_x86.exe" -Embedding
c:\program files (x86)\asus\armourydevice\dll\acpowernotification\acpowernotification.exe Script: Quarantine, Delete, Delete via BC, Terminate	9368	AcPowerNotification	Copyright © 2020	FD59B2D58FA73C9B7A99970D1C9C0A43	302.35 kb, rsAh,created: 09.12.2022 21:21:22,modified: 17.10.2022 10:27:08 Command line: "C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe"
c:\program files\asus\armoury crate lite service\armourycrate.service.exe Script: Quarantine, Delete, Delete via BC, Terminate	5328	ARMOURY CRATE Service	©ASUSTeK Computer Inc.All rights reserved.	33B76846D412C77796621D377DF79921	385.61 kb, rsAh,created: 27.09.2022 08:06:40,modified: 27.09.2022 08:06:40 Command line:
c:\program files\asus\armoury crate lite service\armourycrate.usersessionhelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	12180	ARMOURY CRATE User Session Helper	©ASUSTeK Computer Inc.All rights reserved.	A21D3266FBA3327E2B06359CA30DFAEF	220.61 kb, rsAh,created: 27.09.2022 08:06:46,modified: 27.09.2022 08:06:46 Command line:
c:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe Script: Quarantine, Delete, Delete via BC, Terminate	8184	ArmourySocketServer	Copyright (C) 2019	796AD21EDD32E084B064C7F166D643AB	1816.35 kb, rsAh,created: 09.12.2022 21:21:22,modified: 17.10.2022 10:29:54 Command line:
c:\program files (x86)\asus\armourydevice\dll\swagent\armouryswagent.exe Script: Quarantine, Delete, Delete via BC, Terminate	15560	ArmourySwAgent	Copyright © 2021	E96D6748CEFBC96F5C2870E8B55C224B	103.35 kb, rsAh,created: 09.12.2022 21:21:22,modified: 17.10.2022 10:26:54 Command line: "C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe" -s
c:\program files (x86)\asus\armourydevice\asus_framework.exe Script: Quarantine, Delete, Delete via BC, Terminate	14284	ASUS NodeJS Web Framework	Copyright Node.js contributors. MIT license.	01E107B4593C3217E2FF82E57DA46B65	43836.43 kb, rsAh,created: 09.12.2022 21:20:33,modified: 04.11.2022 09:02:14 Command line: "C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe" D:\snapshot\AsusFramework\build\src\main\sdk
c:\program files (x86)\asus\armourydevice\asus_framework.exe Script: Quarantine, Delete, Delete via BC, Terminate	17892	ASUS NodeJS Web Framework	Copyright Node.js contributors. MIT license.	01E107B4593C3217E2FF82E57DA46B65	43836.43 kb, rsAh,created: 09.12.2022 21:20:33,modified: 04.11.2022 09:02:14 Command line: "C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe" "C:\Program Files (x86)\ASUS\ArmouryDevice\view\2dfe216d-3481-4684-ad4d-2566bd7cfe4f\service.js"
c:\program files (x86)\asus\armourydevice\asus_framework.exe Script: Quarantine, Delete, Delete via BC, Terminate	25564	ASUS NodeJS Web Framework	Copyright Node.js contributors. MIT license.	01E107B4593C3217E2FF82E57DA46B65	43836.43 kb, rsAh,created: 09.12.2022 21:20:33,modified: 04.11.2022 09:02:14 Command line: "C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe" "C:\Program Files (x86)\ASUS\ArmouryDevice\view\E7C8DA76-C9B9-4297-8681-DD878330AFE7\service.js"
c:\program files (x86)\asus\armourydevice\asus_framework.exe Script: Quarantine, Delete, Delete via BC, Terminate	8076	ASUS NodeJS Web Framework	Copyright Node.js contributors. MIT license.	01E107B4593C3217E2FF82E57DA46B65	43836.43 kb, rsAh,created: 09.12.2022 21:20:33,modified: 04.11.2022 09:02:14 Command line: "C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe"
c:\program files (x86)\asus\armourydevice\asus_framework.exe Script: Quarantine, Delete, Delete via BC, Terminate	15664	ASUS NodeJS Web Framework	Copyright Node.js contributors. MIT license.	01E107B4593C3217E2FF82E57DA46B65	43836.43 kb, rsAh,created: 09.12.2022 21:20:33,modified: 04.11.2022 09:02:14 Command line: "C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe" D:\snapshot\AsusFramework\build\src\main\sdk
c:\program files (x86)\asus\armourydevice\asus_framework.exe Script: Quarantine, Delete, Delete via BC, Terminate	15696	ASUS NodeJS Web Framework	Copyright Node.js contributors. MIT license.	01E107B4593C3217E2FF82E57DA46B65	43836.43 kb, rsAh,created: 09.12.2022 21:20:33,modified: 04.11.2022 09:02:14 Command line: "C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe" D:\snapshot\AsusFramework\build\src\main\sdk
c:\program files (x86)\asus\armourydevice\asus_framework.exe Script: Quarantine, Delete, Delete via BC, Terminate	15768	ASUS NodeJS Web Framework	Copyright Node.js contributors. MIT license.	01E107B4593C3217E2FF82E57DA46B65	43836.43 kb, rsAh,created: 09.12.2022 21:20:33,modified: 04.11.2022 09:02:14 Command line: "C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe" D:\snapshot\AsusFramework\build\src\main\sdk
c:\program files (x86)\asus\asuscertservice\asuscertservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	2688	AsusCertService.exe	(c) ASUSTek COMPUTER INC. All rights reserved.	1245FC35C73D1F67240AD3E17091E01D	545.02 kb, rsAh,created: 07.12.2022 12:56:50,modified: 19.05.2022 09:49:12 Command line: "C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe"
c:\program files (x86)\asus\asusfancontrolservice\2.03.19\asusfancontrolservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	6680	ASUS Motherboard Fan Control Service	ASUSTeK Computer Inc. All rights reserved.	C8F67A004AE25AC4E467946355F26F00	1681.85 kb, rsAh,created: 07.12.2022 13:02:29,modified: 01.11.2022 17:05:24 Command line: "C:\Program Files (x86)\ASUS\AsusFanControlService\2.03.19\AsusFanControlService.exe"
c:\program files (x86)\asus\asusfcnotification\asusfcnotification.exe Script: Quarantine, Delete, Delete via BC, Terminate	23376			77C5490CD07EE15B93C51EDEFDC1A4B3	315.39 kb, rsAh,created: 27.07.2022 17:27:42,modified: 27.07.2022 17:27:42 Command line: "C:\Program Files (x86)\ASUS\AsusFCNotification\AsusFCNotification.exe" -retryCount 50
c:\program files (x86)\asus\axsp\4.02.22\atkexcomsvc.exe Script: Quarantine, Delete, Delete via BC, Terminate	3440	ASUS Com Service	ASUSTeK Computer Inc. All rights reserved.	BD85D331328F8FBC1F29D298EEB1149B	873.85 kb, rsAh,created: 07.12.2022 13:02:28,modified: 31.10.2022 09:50:26 Command line: "C:\Program Files (x86)\ASUS\AXSP\4.02.22\atkexComSvc.exe"
c:\users\retox\appdata\local\temp\am2doqhg.zjr\getsysteminfodllcache\avz\avz.exe Script: Quarantine, Delete, Delete via BC, Terminate	18984			343ED2D3905CA0C82A4E85217B4033FB	8924.64 kb, rsAh,created: 09.12.2022 23:38:24,modified: 18.10.2022 02:38:44 Command line: "C:\Users\retox\AppData\Local\Temp\am2doqhg.zjr\GetSystemInfoDllCache\avz\avz.exe" SpoolLog="C:\Users\retox\AppData\Local\Temp\am2doqhg.zjr\GetSystemInfo\avz.log" TempFolder="C:\Users\retox\AppData\Local\Temp\am2doqhg.zjr\GetSystemInfo\AvzTemp"
c:\program files\corsair\corsair icue 4 software\corsair.service.cpuidremote64.exe Script: Quarantine, Delete, Delete via BC, Terminate	7992	Corsair.Service.CpuIdRemote	Copyright 2018 © Corsair Memory, Inc.	03F28A0518EBE51D735BF4B85C4A4EA3	39.54 kb, rsAh,created: 14.11.2022 14:11:06,modified: 14.11.2022 14:11:06 Command line:
c:\program files\corsair\corsair icue 4 software\corsair.service.displayadapter.exe Script: Quarantine, Delete, Delete via BC, Terminate	7024	Corsair.Service.DisplayAdapter	Copyright 2018 © Corsair Memory, Inc.	7B41FB805F9BBF90ADC2C4F7249F2316	21.04 kb, rsAh,created: 14.11.2022 14:11:06,modified: 14.11.2022 14:11:06 Command line: "C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.DisplayAdapter.exe"
c:\program files\corsair\corsair icue 4 software\corsair.service.exe Script: Quarantine, Delete, Delete via BC, Terminate	5376	Corsair.Service	Copyright 2018 © Corsair Memory, Inc.	0C6D224B98A4FBD274BFC3D632FF7F09	82.04 kb, rsAh,created: 14.11.2022 14:11:08,modified: 14.11.2022 14:11:08 Command line: "C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.exe"
c:\program files\corsair\corsair icue 4 software\cuellaccessservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	5360	iCUE service for interaction with CorsairLLAccess driver	Corsair Memory, Inc. © 2020, All rights reserved	C16E1D500A460092F55B96A825F6D0A5	233.04 kb, rsAh,created: 14.11.2022 14:19:10,modified: 14.11.2022 14:19:10 Command line:
c:\users\retox\appdata\local\discord\app-1.0.9007\discord.exe Script: Quarantine, Delete, Delete via BC, Terminate	22920	Discord	Copyright (c) 2022 Discord Inc. All rights reserved.	B34E4632CC0EF454E0788C7AC55DE11B	115235.77 kb, rsAh,created: 08.12.2022 13:45:43,modified: 21.10.2022 11:28:10 Command line: "C:\Users\retox\AppData\Local\Discord\app-1.0.9007\Discord.exe" --type=renderer --autoplay-policy=no-user-gesture-required --field-trial-handle=1688,10712514463592369,12980890010694140883,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,HardwareMediaKeyHandling,MediaSessionService,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\retox\AppData\Local\Discord\app-1.0.9007\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1 --enable-node-leakage-in-renderers
c:\users\retox\appdata\local\discord\app-1.0.9007\discord.exe Script: Quarantine, Delete, Delete via BC, Terminate	22536	Discord	Copyright (c) 2022 Discord Inc. All rights reserved.	B34E4632CC0EF454E0788C7AC55DE11B	115235.77 kb, rsAh,created: 08.12.2022 13:45:43,modified: 21.10.2022 11:28:10 Command line: "C:\Users\retox\AppData\Local\Discord\app-1.0.9007\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1688,10712514463592369,12980890010694140883,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,HardwareMediaKeyHandling,MediaSessionService,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:8
c:\users\retox\appdata\local\discord\app-1.0.9007\discord.exe Script: Quarantine, Delete, Delete via BC, Terminate	20872	Discord	Copyright (c) 2022 Discord Inc. All rights reserved.	B34E4632CC0EF454E0788C7AC55DE11B	115235.77 kb, rsAh,created: 08.12.2022 13:45:43,modified: 21.10.2022 11:28:10 Command line: "C:\Users\retox\AppData\Local\Discord\app-1.0.9007\Discord.exe"
c:\users\retox\appdata\local\discord\app-1.0.9007\discord.exe Script: Quarantine, Delete, Delete via BC, Terminate	24512	Discord	Copyright (c) 2022 Discord Inc. All rights reserved.	B34E4632CC0EF454E0788C7AC55DE11B	115235.77 kb, rsAh,created: 08.12.2022 13:45:43,modified: 21.10.2022 11:28:10 Command line: "C:\Users\retox\AppData\Local\Discord\app-1.0.9007\Discord.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1688,10712514463592369,12980890010694140883,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,HardwareMediaKeyHandling,MediaSessionService,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3816 /prefetch:8
c:\users\retox\appdata\local\discord\app-1.0.9007\discord.exe Script: Quarantine, Delete, Delete via BC, Terminate	21912	Discord	Copyright (c) 2022 Discord Inc. All rights reserved.	B34E4632CC0EF454E0788C7AC55DE11B	115235.77 kb, rsAh,created: 08.12.2022 13:45:43,modified: 21.10.2022 11:28:10 Command line: C:\Users\retox\AppData\Local\Discord\app-1.0.9007\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\retox\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\retox\AppData\Roaming\discord\Crashpad --url=https://sentry.io/api/146342/minidump/?sentry_key=384ce4413de74fe0be270abe03b2b35a "--annotation=_companyName=Discord Inc." --annotation=_productName=Discord --annotation=_version=1.0.9007 --annotation=prod=Electron --annotation=ver=13.6.6 --initial-client-data=0x4a4,0x4a8,0x4ac,0x4a0,0x49c,0x71a3850,0x71a3860,0x71a386c
c:\users\retox\appdata\local\discord\app-1.0.9007\discord.exe Script: Quarantine, Delete, Delete via BC, Terminate	22392	Discord	Copyright (c) 2022 Discord Inc. All rights reserved.	B34E4632CC0EF454E0788C7AC55DE11B	115235.77 kb, rsAh,created: 08.12.2022 13:45:43,modified: 21.10.2022 11:28:10 Command line: "C:\Users\retox\AppData\Local\Discord\app-1.0.9007\Discord.exe" --type=gpu-process --field-trial-handle=1688,10712514463592369,12980890010694140883,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,HardwareMediaKeyHandling,MediaSessionService,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1696 /prefetch:2
c:\program files (x86)\intel\driver and support assistant\dsaservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	5544	DSAService	Copyright © Intel Corporation	9AA648CBBC95D90F4AB1AC025994ACE5	40.27 kb, rsAh,created: 26.10.2022 10:06:24,modified: 26.10.2022 10:06:24 Command line: "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe"
c:\program files (x86)\intel\driver and support assistant\dsatray.exe Script: Quarantine, Delete, Delete via BC, Terminate	13484	Intel Driver & Support Assistant Tray	Copyright © Intel Corporation	B35AEE90C53B5FBC9FA11E9D4A6199D6	285.27 kb, rsAh,created: 26.10.2022 10:04:16,modified: 26.10.2022 10:04:16 Command line: "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe"
c:\program files (x86)\intel\driver and support assistant\dsaupdateservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	7916	DSAUpdateService	Copyright © Intel Corporation	A72341F2CB44C11FB82DE47A9AA4A54F	196.77 kb, rsAh,created: 26.10.2022 10:02:46,modified: 26.10.2022 10:02:46 Command line:
c:\program files\asus\aacextcard\extensioncardhal_x64.exe Script: Quarantine, Delete, Delete via BC, Terminate	26404	ASUS AURA Extension Card HAL	Copyright (C) ASUSTeK Computer Inc. 2018-2020	3275C83C9FA3018E6E15ED27DD811DD8	693.97 kb, rsAh,created: 10.02.2022 11:22:42,modified: 10.02.2022 11:22:42 Command line:
c:\program files\asus\aacextcard\extensioncardhal_x86.exe Script: Quarantine, Delete, Delete via BC, Terminate	13160	ASUS AURA Extension Card HAL	Copyright (C) ASUSTeK Computer Inc. 2018-2020	8165CB4903DF748575A4144245310688	564.47 kb, rsAh,created: 10.02.2022 11:21:22,modified: 10.02.2022 11:21:22 Command line: "C:\Program Files\ASUS\AacExtCard\extensionCardHal_x86.exe" -Embedding
c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate	8328	Firefox	©Firefox and Mozilla Developers; available under the MPL 2 license.	4EECE84D67F6C76D726A3640ECC91E57	646.91 kb, rsAh,created: 07.12.2022 13:04:52,modified: 28.11.2022 11:24:19 Command line:
c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate	22828	Firefox	©Firefox and Mozilla Developers; available under the MPL 2 license.	4EECE84D67F6C76D726A3640ECC91E57	646.91 kb, rsAh,created: 07.12.2022 13:04:52,modified: 28.11.2022 11:24:19 Command line:
c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate	3932	Firefox	©Firefox and Mozilla Developers; available under the MPL 2 license.	4EECE84D67F6C76D726A3640ECC91E57	646.91 kb, rsAh,created: 07.12.2022 13:04:52,modified: 28.11.2022 11:24:19 Command line:
c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate	23472	Firefox	©Firefox and Mozilla Developers; available under the MPL 2 license.	4EECE84D67F6C76D726A3640ECC91E57	646.91 kb, rsAh,created: 07.12.2022 13:04:52,modified: 28.11.2022 11:24:19 Command line:
c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate	14204	Firefox	©Firefox and Mozilla Developers; available under the MPL 2 license.	4EECE84D67F6C76D726A3640ECC91E57	646.91 kb, rsAh,created: 07.12.2022 13:04:52,modified: 28.11.2022 11:24:19 Command line:
c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate	23756	Firefox	©Firefox and Mozilla Developers; available under the MPL 2 license.	4EECE84D67F6C76D726A3640ECC91E57	646.91 kb, rsAh,created: 07.12.2022 13:04:52,modified: 28.11.2022 11:24:19 Command line:
c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate	23648	Firefox	©Firefox and Mozilla Developers; available under the MPL 2 license.	4EECE84D67F6C76D726A3640ECC91E57	646.91 kb, rsAh,created: 07.12.2022 13:04:52,modified: 28.11.2022 11:24:19 Command line:
c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate	10180	Firefox	©Firefox and Mozilla Developers; available under the MPL 2 license.	4EECE84D67F6C76D726A3640ECC91E57	646.91 kb, rsAh,created: 07.12.2022 13:04:52,modified: 28.11.2022 11:24:19 Command line:
c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate	26000	Firefox	©Firefox and Mozilla Developers; available under the MPL 2 license.	4EECE84D67F6C76D726A3640ECC91E57	646.91 kb, rsAh,created: 07.12.2022 13:04:52,modified: 28.11.2022 11:24:19 Command line:
c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate	7636	Firefox	©Firefox and Mozilla Developers; available under the MPL 2 license.	4EECE84D67F6C76D726A3640ECC91E57	646.91 kb, rsAh,created: 07.12.2022 13:04:52,modified: 28.11.2022 11:24:19 Command line:
c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate	10732	Firefox	©Firefox and Mozilla Developers; available under the MPL 2 license.	4EECE84D67F6C76D726A3640ECC91E57	646.91 kb, rsAh,created: 07.12.2022 13:04:52,modified: 28.11.2022 11:24:19 Command line:
c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate	11432	Firefox	©Firefox and Mozilla Developers; available under the MPL 2 license.	4EECE84D67F6C76D726A3640ECC91E57	646.91 kb, rsAh,created: 07.12.2022 13:04:52,modified: 28.11.2022 11:24:19 Command line:
c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate	6828	Firefox	©Firefox and Mozilla Developers; available under the MPL 2 license.	4EECE84D67F6C76D726A3640ECC91E57	646.91 kb, rsAh,created: 07.12.2022 13:04:52,modified: 28.11.2022 11:24:19 Command line:
c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate	10796	Firefox	©Firefox and Mozilla Developers; available under the MPL 2 license.	4EECE84D67F6C76D726A3640ECC91E57	646.91 kb, rsAh,created: 07.12.2022 13:04:52,modified: 28.11.2022 11:24:19 Command line:
c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate	25812	Firefox	©Firefox and Mozilla Developers; available under the MPL 2 license.	4EECE84D67F6C76D726A3640ECC91E57	646.91 kb, rsAh,created: 07.12.2022 13:04:52,modified: 28.11.2022 11:24:19 Command line:
c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate	11440	Firefox	©Firefox and Mozilla Developers; available under the MPL 2 license.	4EECE84D67F6C76D726A3640ECC91E57	646.91 kb, rsAh,created: 07.12.2022 13:04:52,modified: 28.11.2022 11:24:19 Command line:
c:\program files (x86)\razer\razer services\gms\gamemanagerservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	5456	GameManagerService	Copyright © 2021 Razer Inc. All rights reserved.	0F66853DC843FA1DF54ABF77D15A1586	248.27 kb, rsAh,created: 15.11.2021 23:01:19,modified: 15.11.2021 23:01:20 Command line: "C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe"
c:\program files (x86)\asus\gamesdk service\gamesdk.exe Script: Quarantine, Delete, Delete via BC, Terminate	6404	GameSDK	Copyright (C) ASUS Tek Computer Inc 2021	AA51980C871FADC3FCFB74C0D117639C	388.23 kb, rsAh,created: 31.05.2022 13:19:42,modified: 31.05.2022 13:19:42 Command line: "C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe"
c:\users\retox\downloads\gsi-6.2.2.33.exe Script: Quarantine, Delete, Delete via BC, Terminate	6476	Kaspersky Get System Info	© 2018 AO Kaspersky Lab. All Rights Reserved.	B9B243ADCA79925A5C471B2FE27EA660	13408.27 kb, rsAh,created: 09.12.2022 23:36:47,modified: 09.12.2022 23:36:48 Command line: "C:\Users\retox\Downloads\GSI-6.2.2.33.exe"
c:\users\retox\appdata\local\temp\x4zw.0\gsi.exe Script: Quarantine, Delete, Delete via BC, Terminate	2980	Kaspersky Get System Info	2018 AO Kaspersky Lab. All Rights Reserved.	F4811C1F71D77F793FB07AFD32DA53A5	1328.77 kb, rsAh,created: 09.12.2022 23:36:53,modified: 18.10.2022 02:39:23 Command line: "C:\Users\retox\AppData\Local\Temp\x4zw.0\GSI.exe"
c:\program files\corsair\corsair icue 4 software\icue.exe Script: Quarantine, Delete, Delete via BC, Terminate	18404	iCUE	Corsair Memory, Inc. © 2020, All rights reserved	2D26994FD54AD7D1957D39C7D5A6D68E	261.54 kb, rsAh,created: 14.11.2022 14:54:48,modified: 14.11.2022 14:54:48 Command line:
c:\program files\corsair\corsair icue 4 software\icuedevicepluginhost.exe Script: Quarantine, Delete, Delete via BC, Terminate	22908	Corsair iCUE Component	Corsair Memory, Inc. © 2022, All rights reserved	E74C5BB68F8BA26EC39B858FED817750	450.54 kb, rsAh,created: 14.11.2022 14:19:18,modified: 14.11.2022 14:19:18 Command line:
c:\program files\corsair\corsair icue 4 software\icuedevicepluginhost.exe Script: Quarantine, Delete, Delete via BC, Terminate	24096	Corsair iCUE Component	Corsair Memory, Inc. © 2022, All rights reserved	E74C5BB68F8BA26EC39B858FED817750	450.54 kb, rsAh,created: 14.11.2022 14:19:18,modified: 14.11.2022 14:19:18 Command line:
c:\program files\corsair\corsair icue 4 software\icuedevicepluginhost.exe Script: Quarantine, Delete, Delete via BC, Terminate	4076	Corsair iCUE Component	Corsair Memory, Inc. © 2022, All rights reserved	E74C5BB68F8BA26EC39B858FED817750	450.54 kb, rsAh,created: 14.11.2022 14:19:18,modified: 14.11.2022 14:19:18 Command line:
c:\program files\corsair\corsair icue 4 software\icuedevicepluginhost.exe Script: Quarantine, Delete, Delete via BC, Terminate	24560	Corsair iCUE Component	Corsair Memory, Inc. © 2022, All rights reserved	E74C5BB68F8BA26EC39B858FED817750	450.54 kb, rsAh,created: 14.11.2022 14:19:18,modified: 14.11.2022 14:19:18 Command line:
c:\program files\corsair\corsair icue 4 software\icuedevicepluginhost.exe Script: Quarantine, Delete, Delete via BC, Terminate	24372	Corsair iCUE Component	Corsair Memory, Inc. © 2022, All rights reserved	E74C5BB68F8BA26EC39B858FED817750	450.54 kb, rsAh,created: 14.11.2022 14:19:18,modified: 14.11.2022 14:19:18 Command line:
c:\program files\corsair\corsair icue 4 software\icuedevicepluginhost.exe Script: Quarantine, Delete, Delete via BC, Terminate	22980	Corsair iCUE Component	Corsair Memory, Inc. © 2022, All rights reserved	E74C5BB68F8BA26EC39B858FED817750	450.54 kb, rsAh,created: 14.11.2022 14:19:18,modified: 14.11.2022 14:19:18 Command line:
c:\program files\corsair\corsair icue 4 software\icuedevicepluginhost.exe Script: Quarantine, Delete, Delete via BC, Terminate	22976	Corsair iCUE Component	Corsair Memory, Inc. © 2022, All rights reserved	E74C5BB68F8BA26EC39B858FED817750	450.54 kb, rsAh,created: 14.11.2022 14:19:18,modified: 14.11.2022 14:19:18 Command line:
c:\program files\corsair\corsair icue 4 software\icuedevicepluginhost.exe Script: Quarantine, Delete, Delete via BC, Terminate	24416	Corsair iCUE Component	Corsair Memory, Inc. © 2022, All rights reserved	E74C5BB68F8BA26EC39B858FED817750	450.54 kb, rsAh,created: 14.11.2022 14:19:18,modified: 14.11.2022 14:19:18 Command line:
c:\program files\lghub\lghub_agent.exe Script: Quarantine, Delete, Delete via BC, Terminate	19984	LGHUB Agent	Copyright © Logitech, Inc. 2022	E47433A00C03D5A6A3E25678D28FD8CD	41845.75 kb, rsAh,created: 07.12.2022 19:32:01,modified: 07.12.2022 19:31:58 Command line:
c:\program files\lghub\system_tray\lghub_system_tray.exe Script: Quarantine, Delete, Delete via BC, Terminate	19868	G HUB	Copyright © Logitech, Inc. 2022	90ABB726D4E5DD1BB146BDFD98BF4DCF	23596.25 kb, rsAh,created: 07.12.2022 19:32:04,modified: 07.12.2022 19:31:59 Command line:
c:\program files\lghub\lghub_updater.exe Script: Quarantine, Delete, Delete via BC, Terminate	5440	LGHUB Updater	Copyright © Logitech, Inc. 2022	E1C77110AACCFB437CD2BAFC6393AF93	9985.75 kb, rsAh,created: 07.12.2022 19:32:02,modified: 07.12.2022 19:31:59 Command line:
c:\program files (x86)\lightingservice\lightingservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	7092	LightingService	Copyright (C) ASUSTek Computer Inc. 2015-2017	9DE4B2ACED352568A35A9717C75D57D3	3796.85 kb, rsAh,created: 26.09.2022 18:46:32,modified: 26.09.2022 18:46:32 Command line: "C:\Program Files (x86)\LightingService\LightingService.exe"
c:\program files (x86)\samsung\samsung magician\migrationservice\migrationservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	6780	MigrationService	Copyright (C) 2021. Clonix Co., Ltd	400EC94000A4F6294B514D70BC82B309	743.57 kb, rsAh,created: 07.12.2022 19:28:04,modified: 01.09.2022 20:21:04 Command line: "C:\Program Files (x86)\Samsung\Samsung Magician\MigrationService\MigrationService.exe"
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	19424	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	3D6425EAFBA6A79070B05C217E714FB7	3786.41 kb, rsAh,created: 11.04.2022 13:47:49,modified: 05.12.2022 01:54:53 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	19436	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	3D6425EAFBA6A79070B05C217E714FB7	3786.41 kb, rsAh,created: 11.04.2022 13:47:49,modified: 05.12.2022 01:54:53 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	18504	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	3D6425EAFBA6A79070B05C217E714FB7	3786.41 kb, rsAh,created: 11.04.2022 13:47:49,modified: 05.12.2022 01:54:53 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	19128	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	3D6425EAFBA6A79070B05C217E714FB7	3786.41 kb, rsAh,created: 11.04.2022 13:47:49,modified: 05.12.2022 01:54:53 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	19240	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	3D6425EAFBA6A79070B05C217E714FB7	3786.41 kb, rsAh,created: 11.04.2022 13:47:49,modified: 05.12.2022 01:54:53 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	21120	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	3D6425EAFBA6A79070B05C217E714FB7	3786.41 kb, rsAh,created: 11.04.2022 13:47:49,modified: 05.12.2022 01:54:53 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	25536	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	3D6425EAFBA6A79070B05C217E714FB7	3786.41 kb, rsAh,created: 11.04.2022 13:47:49,modified: 05.12.2022 01:54:53 Command line:
c:\program files (x86)\microsoft\edgewebview\application\108.0.1462.44\msedgewebview2.exe Script: Quarantine, Delete, Delete via BC, Terminate	19556	Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.	E5E16B91F6F3D605CA1AF3682A9BCF58	3336.45 kb, rsAh,created: 07.12.2022 12:41:29,modified: 06.12.2022 13:27:05 Command line:
c:\program files (x86)\microsoft\edgewebview\application\108.0.1462.44\msedgewebview2.exe Script: Quarantine, Delete, Delete via BC, Terminate	22296	Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.	E5E16B91F6F3D605CA1AF3682A9BCF58	3336.45 kb, rsAh,created: 07.12.2022 12:41:29,modified: 06.12.2022 13:27:05 Command line:
c:\program files (x86)\microsoft\edgewebview\application\108.0.1462.44\msedgewebview2.exe Script: Quarantine, Delete, Delete via BC, Terminate	22632	Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.	E5E16B91F6F3D605CA1AF3682A9BCF58	3336.45 kb, rsAh,created: 07.12.2022 12:41:29,modified: 06.12.2022 13:27:05 Command line:
c:\program files (x86)\microsoft\edgewebview\application\108.0.1462.44\msedgewebview2.exe Script: Quarantine, Delete, Delete via BC, Terminate	22196	Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.	E5E16B91F6F3D605CA1AF3682A9BCF58	3336.45 kb, rsAh,created: 07.12.2022 12:41:29,modified: 06.12.2022 13:27:05 Command line:
c:\program files (x86)\microsoft\edgewebview\application\108.0.1462.44\msedgewebview2.exe Script: Quarantine, Delete, Delete via BC, Terminate	21900	Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.	E5E16B91F6F3D605CA1AF3682A9BCF58	3336.45 kb, rsAh,created: 07.12.2022 12:41:29,modified: 06.12.2022 13:27:05 Command line:
c:\program files (x86)\microsoft\edgewebview\application\108.0.1462.44\msedgewebview2.exe Script: Quarantine, Delete, Delete via BC, Terminate	21972	Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.	E5E16B91F6F3D605CA1AF3682A9BCF58	3336.45 kb, rsAh,created: 07.12.2022 12:41:29,modified: 06.12.2022 13:27:05 Command line:
c:\program files (x86)\microsoft\edgewebview\application\108.0.1462.44\msedgewebview2.exe Script: Quarantine, Delete, Delete via BC, Terminate	18648	Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.	E5E16B91F6F3D605CA1AF3682A9BCF58	3336.45 kb, rsAh,created: 07.12.2022 12:41:29,modified: 06.12.2022 13:27:05 Command line:
c:\program files (x86)\microsoft\edgewebview\application\108.0.1462.44\msedgewebview2.exe Script: Quarantine, Delete, Delete via BC, Terminate	20020	Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.	E5E16B91F6F3D605CA1AF3682A9BCF58	3336.45 kb, rsAh,created: 07.12.2022 12:41:29,modified: 06.12.2022 13:27:05 Command line:
c:\program files (x86)\microsoft\edgewebview\application\108.0.1462.44\msedgewebview2.exe Script: Quarantine, Delete, Delete via BC, Terminate	20468	Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.	E5E16B91F6F3D605CA1AF3682A9BCF58	3336.45 kb, rsAh,created: 07.12.2022 12:41:29,modified: 06.12.2022 13:27:05 Command line:
c:\program files (x86)\microsoft\edgewebview\application\108.0.1462.44\msedgewebview2.exe Script: Quarantine, Delete, Delete via BC, Terminate	5064	Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.	E5E16B91F6F3D605CA1AF3682A9BCF58	3336.45 kb, rsAh,created: 07.12.2022 12:41:29,modified: 06.12.2022 13:27:05 Command line:
c:\program files (x86)\microsoft\edgewebview\application\108.0.1462.44\msedgewebview2.exe Script: Quarantine, Delete, Delete via BC, Terminate	26192	Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.	E5E16B91F6F3D605CA1AF3682A9BCF58	3336.45 kb, rsAh,created: 07.12.2022 12:41:29,modified: 06.12.2022 13:27:05 Command line:
c:\program files (x86)\microsoft\edgewebview\application\108.0.1462.44\msedgewebview2.exe Script: Quarantine, Delete, Delete via BC, Terminate	5236	Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.	E5E16B91F6F3D605CA1AF3682A9BCF58	3336.45 kb, rsAh,created: 07.12.2022 12:41:29,modified: 06.12.2022 13:27:05 Command line:
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\108.0.1462.44\msedgewebview2.exe Script: Quarantine, Delete, Delete via BC, Terminate	10876	Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.	E5E16B91F6F3D605CA1AF3682A9BCF58	3336.45 kb, rsAh,created: 07.12.2022 12:41:29,modified: 06.12.2022 13:27:05 Command line:
c:\program files\windowsapps\microsoftteams_22287.702.1670.9453_x64__8wekyb3d8bbwe\msteams.exe Script: Quarantine, Delete, Delete via BC, Terminate	20888	Microsoft Teams	Copyright (C) 2021 Microsoft Corporation. All rights reserved.	8A637964BBE5943EE8154FB4C7D3E712	10018.78 kb, rsAh,created: 07.12.2022 12:41:33,modified: 07.12.2022 12:41:39 Command line:
c:\windows\syswow64\nahimicsvc32.exe Script: Quarantine, Delete, Delete via BC, Terminate	15408		(c) Nahimic. All rights reserved.	9148A0015DC58CDD40C3A2D08EF91033	817.66 kb, rsAh,created: 08.12.2022 13:40:08,modified: 15.07.2022 00:40:02 Command line: C:\Windows\system32\..\SysWOW64\NahimicSvc32.exe /start all /product A-Volute.28054DF1F58B4 /location C:\ProgramData\A-Volute\A-Volute.28054DF1F58B4\Modules\ScheduledModules
c:\windows\syswow64\nahimicsvc32.exe Script: Quarantine, Delete, Delete via BC, Terminate	13204		(c) Nahimic. All rights reserved.	9148A0015DC58CDD40C3A2D08EF91033	817.66 kb, rsAh,created: 08.12.2022 13:40:08,modified: 15.07.2022 00:40:02 Command line: C:\Windows\system32\..\SysWOW64\NahimicSvc32.exe /start all /product A-Volute.SonicStudio3 /location C:\ProgramData\A-Volute\A-Volute.SonicStudio3\Modules\ScheduledModules
c:\program files (x86)\asus\armourydevice\dll\mbledsdk\noisecancelingengine.exe Script: Quarantine, Delete, Delete via BC, Terminate	7056	NoiseCancelingEngine	Copyright (C) 2020	DC835C992C6E0498EE7140A75862A309	1225.35 kb, rsAh,created: 09.12.2022 21:24:46,modified: 29.09.2022 17:09:40 Command line:
c:\program files\nvidia corporation\nvidia geforce experience\nvidia share.exe Script: Quarantine, Delete, Delete via BC, Terminate	15676	NVIDIA Share	(C) 2017-2022 NVIDIA Corporation. All rights reserved.	6F350196E54F49183693B8AFB39612CE	3264.04 kb, rsAh,created: 08.12.2022 17:25:10,modified: 17.10.2022 01:53:39 Command line:
c:\program files\nvidia corporation\nvidia geforce experience\nvidia share.exe Script: Quarantine, Delete, Delete via BC, Terminate	15220	NVIDIA Share	(C) 2017-2022 NVIDIA Corporation. All rights reserved.	6F350196E54F49183693B8AFB39612CE	3264.04 kb, rsAh,created: 08.12.2022 17:25:10,modified: 17.10.2022 01:53:39 Command line:
c:\program files\nvidia corporation\nvidia geforce experience\nvidia share.exe Script: Quarantine, Delete, Delete via BC, Terminate	15072	NVIDIA Share	(C) 2017-2022 NVIDIA Corporation. All rights reserved.	6F350196E54F49183693B8AFB39612CE	3264.04 kb, rsAh,created: 08.12.2022 17:25:10,modified: 17.10.2022 01:53:39 Command line:
c:\program files (x86)\nvidia corporation\nvnode\nvidia web helper.exe Script: Quarantine, Delete, Delete via BC, Terminate	12872	NVIDIA Web Helper Service	Copyright Node.js contributors. MIT license.	B562E89CA15E65E8040582A1481C1682	28757.05 kb, rsAh,created: 08.12.2022 17:25:08,modified: 13.10.2022 13:05:27 Command line: "C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe" index.js
c:\program files\nvidia corporation\shadowplay\nvsphelper64.exe Script: Quarantine, Delete, Delete via BC, Terminate	15200	NVIDIA ShadowPlay Helper	(C) 2020 NVIDIA Corporation. All rights reserved.	27BC5D7CCE6446ACA668DBFB9A714FE4	829.05 kb, rsAh,created: 08.12.2022 17:25:11,modified: 17.10.2022 01:25:08 Command line:
c:\users\retox\appdata\local\microsoft\onedrive\onedrive.exe Script: Quarantine, Delete, Delete via BC, Terminate	18884	Microsoft OneDrive	© Microsoft Corporation. All rights reserved.	57D84697AC70502B19FEE262BFDB6D7E	2564.92 kb, rsAh,created: 07.12.2022 12:46:42,modified: 09.12.2022 17:55:08 Command line:
c:\program files (x86)\origin\originwebhelperservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	5596	OriginWebHelperService	Copyright (C) 2015	B5A5F0221607D4D864B2D7EDD2D3DCB0	3415.82 kb, rsAh,created: 08.12.2022 11:15:05,modified: 08.12.2022 11:14:55 Command line: "C:\Program Files (x86)\Origin\OriginWebHelperService.exe"
c:\program files (x86)\razer\synapse3\userprocess\razer synapse service process.exe Script: Quarantine, Delete, Delete via BC, Terminate	23104	Razer Synapse Service Process	Copyright © 2017	048FD59A5C632ED33B377E47A79B2D6D	373.02 kb, rsAh,created: 06.11.2022 22:58:08,modified: 06.11.2022 22:58:08 Command line: "C:\Program Files (x86)\Razer\Synapse3\Service\..\UserProcess\Razer Synapse Service Process.exe"
c:\program files (x86)\razer\synapse3\service\razer synapse service.exe Script: Quarantine, Delete, Delete via BC, Terminate	7976	Razer Synapse Service	Copyright © 2015	59EB547C7B5F5907B8AC43AA722201DB	293.51 kb, rsAh,created: 06.11.2022 22:57:58,modified: 06.11.2022 22:57:58 Command line: "C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe"
c:\program files (x86)\razer\razer services\razer central\razercentralservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	6484	Razer Central Service	Copyright © 2022 Razer Inc. All rights reserved.	9B12BCDE9677ABCC573320EDC300A190	525.30 kb, rsAh,created: 24.10.2022 00:04:36,modified: 24.10.2022 00:05:19 Command line: "C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe"
Registry.exe Script: Quarantine, Delete, Delete via BC, Terminate	296			X	error getting file info Command line:
c:\program files (x86)\asus\rog live service\rogliveservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	5524	ROG Live Service	Copyright (C) 2019	1EEF279EEA63E1F5B3E4182CCCA512DF	6581.11 kb, rsAh,created: 21.09.2022 16:53:30,modified: 21.09.2022 16:53:30 Command line:
c:\program files (x86)\samsung\samsung magician\samsungmagician.exe Script: Quarantine, Delete, Delete via BC, Terminate	20844	SamsungMagician	Copyright © 2022 Samsung Electronics Co., Ltd.	602DAEBBEF0DB24C656F4C34E429CDDA	118746.07 kb, rsAh,created: 07.12.2022 19:26:33,modified: 01.09.2022 20:20:24 Command line: "C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1636,8936660032120864917,13910369302269643690,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\retox\AppData\Roaming\Samsung Magician" --mojo-platform-channel-handle=1960 /prefetch:8
c:\program files (x86)\samsung\samsung magician\samsungmagician.exe Script: Quarantine, Delete, Delete via BC, Terminate	20132	SamsungMagician	Copyright © 2022 Samsung Electronics Co., Ltd.	602DAEBBEF0DB24C656F4C34E429CDDA	118746.07 kb, rsAh,created: 07.12.2022 19:26:33,modified: 01.09.2022 20:20:24 Command line: "C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe" --type=renderer --user-data-dir="C:\Users\retox\AppData\Roaming\Samsung Magician" --app-path="C:\Program Files (x86)\Samsung\Samsung Magician\resources\app" --no-sandbox --no-zygote --field-trial-handle=1636,8936660032120864917,13910369302269643690,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2176 /prefetch:1
c:\program files (x86)\samsung\samsung magician\samsungmagician.exe Script: Quarantine, Delete, Delete via BC, Terminate	24556	SamsungMagician	Copyright © 2022 Samsung Electronics Co., Ltd.	602DAEBBEF0DB24C656F4C34E429CDDA	118746.07 kb, rsAh,created: 07.12.2022 19:26:33,modified: 01.09.2022 20:20:24 Command line: "C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe" /AUTOHIDE
c:\program files (x86)\samsung\samsung magician\samsungmagician.exe Script: Quarantine, Delete, Delete via BC, Terminate	19592	SamsungMagician	Copyright © 2022 Samsung Electronics Co., Ltd.	602DAEBBEF0DB24C656F4C34E429CDDA	118746.07 kb, rsAh,created: 07.12.2022 19:26:33,modified: 01.09.2022 20:20:24 Command line: "C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe" --type=gpu-process --field-trial-handle=1636,8936660032120864917,13910369302269643690,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --user-data-dir="C:\Users\retox\AppData\Roaming\Samsung Magician" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 /prefetch:2
c:\program files (x86)\samsung\samsung magician\samsungmagiciansvc.exe Script: Quarantine, Delete, Delete via BC, Terminate	6304	SamsungMagicianSVC	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	F5E84F13B6DE7150E5D1091B22E684E1	363.07 kb, rsAh,created: 07.12.2022 19:26:26,modified: 01.09.2022 20:20:24 Command line: "C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe"
c:\program files (x86)\steam\steam.exe Script: Quarantine, Delete, Delete via BC, Terminate	14308	Steam	Copyright (C) 2021 Valve Corporation	0B478CFEE9764C3076C9DBD851E75135	4145.85 kb, rsAh,created: 21.03.2022 21:23:12,modified: 01.12.2022 17:46:38 Command line: "C:\Program Files (x86)\Steam\steam.exe" -- "steam://rungameid/1361210"
c:\program files (x86)\common files\steam\steamservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	13856	Steam Client Service	Copyright (C) Valve Corporation	18EC798F702D00E176A9B9C1F1115865	2601.35 kb, rsAh,created: 07.12.2022 13:16:28,modified: 01.12.2022 17:46:38 Command line: "C:\Program Files (x86)\Common Files\Steam\steamservice.exe" /RunAsService
c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	13708	Steam Client WebHelper	Copyright (C) 2014 Valve Corporation	5E3A767DD6FE913F90FF95D5CC033E0C	6204.85 kb, rsAh,created: 07.12.2022 13:16:43,modified: 01.12.2022 17:46:42 Command line:
c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	18064	Steam Client WebHelper	Copyright (C) 2014 Valve Corporation	5E3A767DD6FE913F90FF95D5CC033E0C	6204.85 kb, rsAh,created: 07.12.2022 13:16:43,modified: 01.12.2022 17:46:42 Command line:
c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	18180	Steam Client WebHelper	Copyright (C) 2014 Valve Corporation	5E3A767DD6FE913F90FF95D5CC033E0C	6204.85 kb, rsAh,created: 07.12.2022 13:16:43,modified: 01.12.2022 17:46:42 Command line:
c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	17720	Steam Client WebHelper	Copyright (C) 2014 Valve Corporation	5E3A767DD6FE913F90FF95D5CC033E0C	6204.85 kb, rsAh,created: 07.12.2022 13:16:43,modified: 01.12.2022 17:46:42 Command line:
c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	14012	Steam Client WebHelper	Copyright (C) 2014 Valve Corporation	5E3A767DD6FE913F90FF95D5CC033E0C	6204.85 kb, rsAh,created: 07.12.2022 13:16:43,modified: 01.12.2022 17:46:42 Command line:
c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	13728	Steam Client WebHelper	Copyright (C) 2014 Valve Corporation	5E3A767DD6FE913F90FF95D5CC033E0C	6204.85 kb, rsAh,created: 07.12.2022 13:16:43,modified: 01.12.2022 17:46:42 Command line:
c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	13608	Steam Client WebHelper	Copyright (C) 2014 Valve Corporation	5E3A767DD6FE913F90FF95D5CC033E0C	6204.85 kb, rsAh,created: 07.12.2022 13:16:43,modified: 01.12.2022 17:46:42 Command line:
c:\program files\windowsapps\microsoftwindows.client.webexperience_421.20070.765.0_x64__cw5n1h2txyewy\dashboard\widgets.exe Script: Quarantine, Delete, Delete via BC, Terminate	10656		© Microsoft Corporation. All rights reserved.	17694634783A1A3C904595150808FB3E	1691.75 kb, rsAh,created: 07.12.2022 13:01:34,modified: 07.12.2022 13:01:35 Command line:
c:\windows\syswow64\wbem\wmiprvse.exe Script: Quarantine, Delete, Delete via BC, Terminate	8668	WMI Provider Host	© Microsoft Corporation. All rights reserved.	FC55B651CE2C68109F29B2350598AC44	406.00 kb, rsAh,created: 07.05.2022 00:19:56,modified: 07.05.2022 00:19:56 Command line: C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding
Detected:274, recognized as trusted 152

Module name	Handle	Description	Copyright	Information	Used by processes
C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\ACLOGGER.dll Script: Quarantine, Delete, Delete via BC	1732771840	AcLogger	Copyright (C) 2021	MD5=AD8B5D3D605A5D1C8187A71D4ED1B9B8 61.85 kb, rsAh, created: 09.12.2022 21:21:22, modified: 17.10.2022 10:31:52	9368
C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\ArmouryAIOSDK.dll Script: Quarantine, Delete, Delete via BC	1456340992	TODO: <File description>	Copyright (C) 2018	MD5=360210555F16AA09F324CA90F8770768 1263.86 kb, rsAh, created: 09.12.2022 21:24:39, modified: 24.08.2022 16:08:04	14284, 15664
C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AiSuiteSDK\aaHMLib.dll Script: Quarantine, Delete, Delete via BC	287637504			MD5=BF92D623621EA8FE0D2C7B64DA5DD6A2 659.85 kb, rsAh, created: 09.12.2022 21:25:14, modified: 01.11.2022 17:23:00	15696
C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AiSuiteSDK\ArmouryAiSuiteSDK.dll Script: Quarantine, Delete, Delete via BC	1464401920			MD5=19D493E2FCC2004E241C103A953FBDB6 780.85 kb, rsAh, created: 09.12.2022 21:25:14, modified: 01.11.2022 17:22:48	14284, 15696
C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AiSuiteSDK\ASUS_WMI.dll Script: Quarantine, Delete, Delete via BC	1357447168			MD5=9D4A84F492F6A30B0D2D17A8AEA981B3 231.81 kb, rsAh, created: 09.12.2022 21:25:14, modified: 31.10.2022 09:48:40	15696
C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AiSuiteSDK\ATKEX.dll Script: Quarantine, Delete, Delete via BC	1357316096			MD5=CAC34AB139FCBC3CE89B9CDE1720BB64 88.35 kb, rsAh, created: 09.12.2022 21:25:14, modified: 01.11.2022 17:22:56	15696
C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AiSuiteSDK\DIP4FanCalibration.dll Script: Quarantine, Delete, Delete via BC	275185664			MD5=00D7C389A07C3809F7EE10E7E18E88F8 1199.35 kb, rsAh, created: 09.12.2022 21:25:14, modified: 01.11.2022 17:23:08	14284, 15696
C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AiSuiteSDK\FanInfofromProtocol.dll Script: Quarantine, Delete, Delete via BC	1403650048			MD5=AC4E117EC84AD110CBD565ECB634B4C4 1131.85 kb, rsAh, created: 09.12.2022 21:25:15, modified: 01.11.2022 17:23:10	15696
C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AiSuiteSDK\PEbiosinterface32.dll Script: Quarantine, Delete, Delete via BC	2008743936			MD5=30FE7BD94908E26C6B0BBCE19C294B1B 56.55 kb, rsAh, created: 09.12.2022 23:28:10, modified: 09.12.2022 23:31:57	15696
C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AiSuiteSDK\swInterface.dll Script: Quarantine, Delete, Delete via BC	1460731904			MD5=7FFE5494FC1A06CA5F3ED562811A75B1 1559.35 kb, rsAh, created: 09.12.2022 21:25:15, modified: 01.11.2022 17:22:52	14284, 15696
C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySDK.dll Script: Quarantine, Delete, Delete via BC	1490223104	ArmourySDK.dll	Copyright (C) 2018	MD5=ED8B8E02469D943250415F963FE5BAD1 469.85 kb, rsAh, created: 09.12.2022 21:21:22, modified: 17.10.2022 10:26:20	14284
C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\ArmouryMBLedSDK.dll Script: Quarantine, Delete, Delete via BC	1457651712			MD5=E972FBFE898CEB38C504140D12060FE7 2821.35 kb, rsAh, created: 09.12.2022 21:24:45, modified: 29.09.2022 17:11:58	14284, 15768
C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\AcSwFuncSupportTools.dll Script: Quarantine, Delete, Delete via BC	1427046400	TODO: <File description>	Copyright (C) 2022	MD5=7CCCB14FA97DF9B9C25186AB4DB51035 281.35 kb, rsAh, created: 09.12.2022 21:21:22, modified: 17.10.2022 10:31:26	15560
C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ac_node_addon\prebuilds\win32-ia32\node.napi.node Script: Quarantine, Delete, Delete via BC	1727070208			MD5=3DCDF9D429639DA41927B9881201CECF 510.00 kb, rsAh, created: 09.12.2022 21:20:34, modified: 01.09.2022 09:47:56	14284, 8076, 15664, 15696, 15768
C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ffi-napi\prebuilds\win32-ia32\node.napi.node Script: Quarantine, Delete, Delete via BC	1491664896			MD5=8C1F13C534F03B99216D3661D9D76177 508.00 kb, rsAh, created: 09.12.2022 21:20:34, modified: 01.09.2022 09:47:56	14284, 15664, 15696, 15768
C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\node-system-fonts\build\Release\system-fonts.node Script: Quarantine, Delete, Delete via BC	1607073792			MD5=7803E1BA302BD136521B5C7431FE7345 472.00 kb, rsAh, created: 09.12.2022 21:20:34, modified: 01.09.2022 09:47:56	14284, 8076, 15664, 15696, 15768
C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ref-napi\prebuilds\win32-ia32\node.napi.node Script: Quarantine, Delete, Delete via BC	1492647936			MD5=F6DBED2C49113D2E987B342442B5AADD 498.50 kb, rsAh, created: 09.12.2022 21:20:34, modified: 01.09.2022 09:47:56	14284, 15664, 15696, 15768
C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\sharp\prebuilds\win32-ia32\libglib-2.0-0.dll Script: Quarantine, Delete, Delete via BC	1538129920	GLib	Copyright 1995-2011 Peter Mattis, Spencer Kimball, Josh MacDonald and others.	MD5=0D8A0F42BF590B818CB9CA2A6D3318CC 1446.86 kb, rsAh, created: 09.12.2022 21:20:34, modified: 27.09.2022 14:56:26	14284, 8076, 15664, 15696, 15768
C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\sharp\prebuilds\win32-ia32\libgobject-2.0-0.dll Script: Quarantine, Delete, Delete via BC	1545011200	GObject	Copyright 1998-2011 Tim Janik, Red Hat, Inc. and others	MD5=E2B76F85F925076A0C92DBA22D977F33 255.86 kb, rsAh, created: 09.12.2022 21:20:34, modified: 27.09.2022 14:56:26	14284, 8076, 15664, 15696, 15768
C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\sharp\prebuilds\win32-ia32\libvips-42.dll Script: Quarantine, Delete, Delete via BC	1514274816			MD5=A36ABC4B9D65041FD9F5715F5F8430E0 19819.36 kb, rsAh, created: 09.12.2022 21:20:34, modified: 27.09.2022 14:56:26	14284, 8076, 15664, 15696, 15768
C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\sharp\prebuilds\win32-ia32\libvips-cpp.dll Script: Quarantine, Delete, Delete via BC	1544617984			MD5=23EB7303CEF753B2F04C1B0D5B411656 318.36 kb, rsAh, created: 09.12.2022 21:20:34, modified: 27.09.2022 14:56:26	14284, 8076, 15664, 15696, 15768
C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\sharp\prebuilds\win32-ia32\node.napi.node Script: Quarantine, Delete, Delete via BC	1548156928			MD5=7A3651A99C9B034B046717D3525A45B2 312.00 kb, rsAh, created: 09.12.2022 21:20:34, modified: 27.09.2022 14:56:26	14284, 8076, 15664, 15696, 15768
C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\usb-detection\prebuilds\win32-ia32\node.napi.node Script: Quarantine, Delete, Delete via BC	1509425152			MD5=486F13C12C51E6E0B210B7279059929B 768.00 kb, rsAh, created: 09.12.2022 21:20:34, modified: 01.09.2022 09:47:56	8076
C:\Program Files (x86)\ASUS\AsusFanControlService\2.03.19\ACPIWMI.dll Script: Quarantine, Delete, Delete via BC	1752039424	ASUS WMI Interface	ASUSTeK COMPUTER INC.	MD5=DF378DD73C27C3A5A467E4118C433AA7 8731.45 kb, rsAh, created: 07.12.2022 13:02:29, modified: 01.11.2022 17:05:24	6680
C:\Program Files (x86)\ASUS\AsusFanControlService\2.03.19\cpuidsdk.dll Script: Quarantine, Delete, Delete via BC	1401618432	CPUID DLL SDK	Copyright (C) 2009-2022	MD5=5C7583F4374E30DACF9A097C3D605A24 1920.90 kb, rsAh, created: 07.12.2022 13:02:29, modified: 01.11.2022 17:05:24	6680
C:\Program Files (x86)\ASUS\AXSP\4.02.22\AsIO.dll Script: Quarantine, Delete, Delete via BC	1954217984		Copyright (C) 2020	MD5=C5FC4348FC5ABB689E16A415E6616D9F 522.02 kb, rsAh, created: 07.12.2022 13:02:28, modified: 31.10.2022 09:50:26	15696, 3440
C:\Program Files (x86)\ASUS\AXSP\4.02.22\ATKEX.dll Script: Quarantine, Delete, Delete via BC	1957625856			MD5=7EF346BFFA67AD91AF7938895BE03EED 88.35 kb, rsAh, created: 07.12.2022 13:02:28, modified: 31.10.2022 09:50:26	3440
C:\Program Files (x86)\ASUS\AXSP\4.02.22\PEbiosinterface32.dll Script: Quarantine, Delete, Delete via BC	1948778496			MD5=30FE7BD94908E26C6B0BBCE19C294B1B 56.55 kb, rsAh, created: 07.12.2022 13:02:28, modified: 09.12.2022 23:31:36	3440
C:\Program Files (x86)\ASUS\GameSDK Service\cpprest141_2_10.dll Script: Quarantine, Delete, Delete via BC	1884487680			MD5=39990F5BF0E80B3CB750165B87EACDD3 2552.73 kb, rsAh, created: 31.05.2022 13:19:38, modified: 31.05.2022 13:19:38	6404
C:\Program Files (x86)\Common Files\Steam\SteamService.dll Script: Quarantine, Delete, Delete via BC	1539637248	Steam Client Service Library	Copyright (C) Valve Corporation	MD5=29201977DA13E47538D2F8FC94A6B083 3267.35 kb, rsAh, created: 07.12.2022 13:16:51, modified: 01.12.2022 17:46:38	13856
C:\Program Files (x86)\Intel\Driver and Support Assistant\DSACoreInterop.dll Script: Quarantine, Delete, Delete via BC	1669398528			MD5=D955BCAA132DF538EFF49BCF37B2C067 394.27 kb, rsAh, created: 26.10.2022 10:03:20, modified: 26.10.2022 10:03:20	5544
C:\Program Files (x86)\Intel\Driver and Support Assistant\DSASsdInterop.dll Script: Quarantine, Delete, Delete via BC	1664942080			MD5=70EF11B6465ADF8EA4277F843EE35BA8 135.77 kb, rsAh, created: 26.10.2022 10:03:32, modified: 26.10.2022 10:03:32	5544
C:\Program Files (x86)\LightingService\log4cxx.dll Script: Quarantine, Delete, Delete via BC	1764360192	Apache log4cxx	Licensed to the Apache Software Foundation (ASF) under one or morecontributor license agreements. See the NOTICE file distributed withthis work for additional information regarding copyright ownership.The ASF licenses this file to You under the Apache License, Version 2.0(the "License"); you may not use this file except in compliance withthe License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0Unless required by applicable law or agreed to in writing, softwaredistributed under the License is distributed on an "AS IS" BASIS,WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.See the License for the specific language governing permissions andlimitations under the License.	MD5=894183AA5B2335CA6AC07709BD158728 2801.52 kb, rsAh, created: 29.04.2022 16:50:18, modified: 29.04.2022 16:50:18	7092
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll Script: Quarantine, Delete, Delete via BC	1504772096			MD5=7B015743537D4A25DE32C8B28F09EE7F 1002.04 kb, rsAh, created: 08.12.2022 17:25:08, modified: 13.10.2022 10:05:50	12872
C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node Script: Quarantine, Delete, Delete via BC	1510277120	Downloader module for node.js	(C) 2020 NVIDIA Corporation. All rights reserved.	MD5=DD2EE5737FC44D2A2298749B6630F63C 3684.54 kb, rsAh, created: 08.12.2022 17:25:08, modified: 13.10.2022 13:05:36	12872
C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node Script: Quarantine, Delete, Delete via BC	1537212416	DriverInstall module for node.js	(C) 2020 NVIDIA Corporation. All rights reserved.	MD5=FD337F667D660BAC5B543D17D929999F 582.05 kb, rsAh, created: 08.12.2022 17:25:08, modified: 13.10.2022 13:05:27	12872
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvABHubAPI.node Script: Quarantine, Delete, Delete via BC	1508114432	AbHubAPI module for node.js	(C) 2020 NVIDIA Corporation. All rights reserved.	MD5=A78A88664B23F92DB072788EEBE0CE0E 371.54 kb, rsAh, created: 08.12.2022 17:25:08, modified: 13.10.2022 13:05:27	12872
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node Script: Quarantine, Delete, Delete via BC	1547567104	NvAccountAPI module for node.js	(C) 2020 NVIDIA Corporation. All rights reserved.	MD5=95AC0B09133C30DB9260AFB25DCA2014 531.54 kb, rsAh, created: 08.12.2022 17:25:08, modified: 13.10.2022 13:05:28	12872
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvBackendAPINode.node Script: Quarantine, Delete, Delete via BC	1554382848	NVIDIA Backend API for node.js	(C) 2020 NVIDIA Corporation. All rights reserved.	MD5=6B6D64B0BBE3232EA150B034288C30F5 539.04 kb, rsAh, created: 08.12.2022 17:25:08, modified: 13.10.2022 13:05:28	12872
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node Script: Quarantine, Delete, Delete via BC	1493237760	NvCameraAPI module for node.js	(C) 2020 NVIDIA Corporation. All rights reserved.	MD5=A5B99DF6023AC5209C3938A29475B944 1197.05 kb, rsAh, created: 08.12.2022 17:25:08, modified: 13.10.2022 13:05:28	12872
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node Script: Quarantine, Delete, Delete via BC	1495007232	NvGalleryAPI module for node.js	(C) 2020 NVIDIA Corporation. All rights reserved.	MD5=2714A70EC2652097F928F9BA3062D7F8 571.55 kb, rsAh, created: 08.12.2022 17:25:08, modified: 13.10.2022 13:05:32	12872
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameStreamAPINode.node Script: Quarantine, Delete, Delete via BC	1507590144	Nvidia GFE node for Gamestream	(C) 2020 NVIDIA Corporation. All rights reserved.	MD5=600A9EA2D2C9823A4874F7717FBBB5AA 487.05 kb, rsAh, created: 08.12.2022 17:25:08, modified: 13.10.2022 13:05:32	12872
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node Script: Quarantine, Delete, Delete via BC	1406271488	NvSDKAPI module for node.js	(C) 2020 NVIDIA Corporation. All rights reserved.	MD5=C109A597E0C86600A5672208FBBB920B 2091.04 kb, rsAh, created: 08.12.2022 17:25:09, modified: 13.10.2022 13:05:35	12872
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvShadowPlayAPINode.node Script: Quarantine, Delete, Delete via BC	1490812928	NvShadowPlayAPI module for node.js	(C) 2020 NVIDIA Corporation. All rights reserved.	MD5=BE42C024DC86B552B393CB34D5737476 694.05 kb, rsAh, created: 08.12.2022 17:25:09, modified: 13.10.2022 13:05:35	12872
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvUtil.node Script: Quarantine, Delete, Delete via BC	1737162752	NVIDIA Utilities for node.js	(C) 2020 NVIDIA Corporation. All rights reserved.	MD5=2F8D09390F230144E1D3C457225D298D 454.05 kb, rsAh, created: 08.12.2022 17:25:09, modified: 13.10.2022 13:05:36	12872
C:\Program Files (x86)\NVIDIA Corporation\NvStreamSrv\NvGfeServiceBridge.dll Script: Quarantine, Delete, Delete via BC	1506148352	NVIDIA Streamer Server Component	(C) 2022 NVIDIA Corporation. All rights reserved.	MD5=638DC600050BCFC5CDAC29703A88FFF2 1352.54 kb, rsAh, created: 08.12.2022 18:41:00, modified: 04.08.2022 01:53:47	12872
C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryAPI32.dll Script: Quarantine, Delete, Delete via BC	1494482944	NVIDIA Telemetry API	(C) 2022 NVIDIA Corporation. All rights reserved.	MD5=ABACD97967D0B8AA7C2D45B4DC799176 473.62 kb, rsAh, created: 08.12.2022 17:25:08, modified: 13.10.2022 13:05:23	12872
C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryBridge32.dll Script: Quarantine, Delete, Delete via BC	1492254720	NVIDIA Telemetry Bridge	(C) 2022 NVIDIA Corporation. All rights reserved.	MD5=57F8CC4CDD90B6821ECDEC622DD3156A 333.62 kb, rsAh, created: 08.12.2022 17:25:08, modified: 13.10.2022 13:05:23	12872
C:\Program Files (x86)\NVIDIA Corporation\ShadowPlay\IpcCommon.dll Script: Quarantine, Delete, Delete via BC	1487339520	NVIDIA IpcCommon	(C) NVIDIA Corporation. All rights reserved.	MD5=2C29ED7381BD63A72D45B35350E9DF65 751.05 kb, rsAh, created: 08.12.2022 17:25:11, modified: 17.10.2022 01:25:20	12872
C:\Program Files (x86)\NVIDIA Corporation\ShadowPlay\nvspapi.dll Script: Quarantine, Delete, Delete via BC	1488125952	NVIDIA ShadowPlay API	(C) NVIDIA Corporation. All rights reserved.	MD5=94A686BEC105CEBA7D9B7B100923E69F 2007.04 kb, rsAh, created: 08.12.2022 17:25:11, modified: 17.10.2022 01:25:22	12872
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackendAPI32.dll Script: Quarantine, Delete, Delete via BC	1508507648	NVIDIA Backend API	(C) 2020 NVIDIA Corporation. All rights reserved.	MD5=C1459866A7619180D4369F755CF001E0 843.55 kb, rsAh, created: 08.12.2022 17:25:08, modified: 13.10.2022 13:05:19	12872
C:\Program Files (x86)\Razer\Synapse3\Service\cpprest140_2_10.dll Script: Quarantine, Delete, Delete via BC	1396441088	A Microsoft project for cloud-based client-server communication in native code using a modern asynchronous C++ API design	Copyright (c) Microsoft Corporation.	MD5=6E9049EC64C7515CDFD195BCFF0E7AB1 4514.51 kb, rsAh, created: 06.11.2022 22:57:50, modified: 06.11.2022 22:57:50	7976
C:\Program Files (x86)\Razer\Synapse3\UserProcess\RSy3_AudioAppStreamsWrapper.dll Script: Quarantine, Delete, Delete via BC	1357709312			MD5=0DBF095C5831D8CCC13DAF08F9130E9B 554.13 kb, rsAh, created: 06.11.2022 22:49:24, modified: 06.11.2022 22:49:24	23104
C:\Program Files (x86)\Razer\Synapse3\UserProcess\Synapse3.UserInteractive.DeviceDetection.dll Script: Quarantine, Delete, Delete via BC	1344929792			MD5=873857F06A8392B1AEB056CF98B667F8 176.51 kb, rsAh, created: 06.11.2022 22:58:06, modified: 06.11.2022 22:58:06	23104
C:\Program Files (x86)\Samsung\Samsung Magician\BCOM.dll Script: Quarantine, Delete, Delete via BC	1806958592	BCOM	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=47050B2A274FEA12E359826F3BFF2F55 2072.07 kb, rsAh, created: 07.12.2022 19:28:05, modified: 01.09.2022 20:20:32	6304
C:\Program Files (x86)\Samsung\Samsung Magician\BDD.dll Script: Quarantine, Delete, Delete via BC	1611661312	BDD	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=A599EE8E393177C4276BCA44D0187BF1 137.56 kb, rsAh, created: 07.12.2022 19:28:04, modified: 01.09.2022 20:20:28	6304
C:\Program Files (x86)\Samsung\Samsung Magician\BDIM.dll Script: Quarantine, Delete, Delete via BC	1822294016	BDIM	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=4691C07A475CECB5434CC73A766B62FA 182.06 kb, rsAh, created: 07.12.2022 19:28:05, modified: 01.09.2022 20:20:34	6304
C:\Program Files (x86)\Samsung\Samsung Magician\BDIS.dll Script: Quarantine, Delete, Delete via BC	1611071488	BDIS	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=776B40179E0700784E668C97DC44111A 100.07 kb, rsAh, created: 07.12.2022 19:28:04, modified: 01.09.2022 20:20:46	6304
C:\Program Files (x86)\Samsung\Samsung Magician\BDM.dll Script: Quarantine, Delete, Delete via BC	1606156288	BDM	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=8D8CB13E474ECDA7CCF48CF78074F51E 64.06 kb, rsAh, created: 07.12.2022 19:28:04, modified: 01.09.2022 20:21:04	6304
C:\Program Files (x86)\Samsung\Samsung Magician\BDS.dll Script: Quarantine, Delete, Delete via BC	1609433088	BDS	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=9F66765E081F6CC982B7211C3942FC2C 46.06 kb, rsAh, created: 07.12.2022 19:28:04, modified: 01.09.2022 20:20:50	6304
C:\Program Files (x86)\Samsung\Samsung Magician\BFIT.dll Script: Quarantine, Delete, Delete via BC	1613692928	BFIT	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=B147F4F4FBFAAF64A415C58E39734463 1865.57 kb, rsAh, created: 07.12.2022 19:28:05, modified: 01.09.2022 20:20:42	6304
C:\Program Files (x86)\Samsung\Samsung Magician\BHOME.dll Script: Quarantine, Delete, Delete via BC	1711013888	BHOME	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=2FD251E74B8A7E782BF70BC690F48990 89.57 kb, rsAh, created: 07.12.2022 19:28:04, modified: 01.09.2022 20:20:28	6304
C:\Program Files (x86)\Samsung\Samsung Magician\BOVG.dll Script: Quarantine, Delete, Delete via BC	1610612736	BOVG	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=1B92100425968D019555853E34E75CB2 212.56 kb, rsAh, created: 07.12.2022 19:28:04, modified: 01.09.2022 20:20:52	6304
C:\Program Files (x86)\Samsung\Samsung Magician\BPB.dll Script: Quarantine, Delete, Delete via BC	1664548864	BPB	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=C40A1DAA85882CED7A605D7544A2E231 111.56 kb, rsAh, created: 07.12.2022 19:28:05, modified: 01.09.2022 20:20:44	6304
C:\Program Files (x86)\Samsung\Samsung Magician\BPO.dll Script: Quarantine, Delete, Delete via BC	1727004672	BPO	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=4480381F241306A6945BC21323FC3979 49.57 kb, rsAh, created: 07.12.2022 19:28:02, modified: 01.09.2022 20:20:52	6304
C:\Program Files (x86)\Samsung\Samsung Magician\BPR.dll Script: Quarantine, Delete, Delete via BC	1704198144	BPR	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=2A4B4CB288CA525F996CCD2522E3233D 63.56 kb, rsAh, created: 07.12.2022 19:28:04, modified: 01.09.2022 20:20:48	6304
C:\Program Files (x86)\Samsung\Samsung Magician\BPSSD.dll Script: Quarantine, Delete, Delete via BC	1669857280	BPSSD	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=24A34D1A7116C19DD7BF3B7BF4E118FD 173.56 kb, rsAh, created: 07.12.2022 19:28:04, modified: 01.09.2022 20:20:54	6304
C:\Program Files (x86)\Samsung\Samsung Magician\BSE.dll Script: Quarantine, Delete, Delete via BC	1609760768	BSE	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=6686CF1592FF213D6EE40EFDB157FCF2 673.07 kb, rsAh, created: 07.12.2022 19:28:02, modified: 01.09.2022 20:20:46	6304
C:\Program Files (x86)\Samsung\Samsung Magician\BSIM.dll Script: Quarantine, Delete, Delete via BC	1859059712	BSIM	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=E51BCD70C8E96ACC430CDBFB0381F1BE 436.06 kb, rsAh, created: 07.12.2022 19:28:05, modified: 01.09.2022 20:20:34	6304
C:\Program Files (x86)\Samsung\Samsung Magician\BUPPLC.dll Script: Quarantine, Delete, Delete via BC	1832255488	BUPPLC	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=DAC53A333C9B0280F6F86DE7FA81F85E 66.06 kb, rsAh, created: 07.12.2022 19:28:05, modified: 01.09.2022 20:20:32	6304
C:\Program Files (x86)\Samsung\Samsung Magician\BVM.dll Script: Quarantine, Delete, Delete via BC	1813905408	BVM	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=106239AE255A604FD17BC8D478D361D8 419.06 kb, rsAh, created: 07.12.2022 19:28:05, modified: 01.09.2022 20:20:32	6304
C:\Program Files (x86)\Samsung\Samsung Magician\DDF.dll Script: Quarantine, Delete, Delete via BC	1611857920	DDF	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=9119C9A315E45F81F6E53CB5148C2F6A 167.56 kb, rsAh, created: 07.12.2022 19:28:04, modified: 01.09.2022 20:20:28	6304
C:\Program Files (x86)\Samsung\Samsung Magician\DISF.dll Script: Quarantine, Delete, Delete via BC	1611202560	DISF	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=BCE2B9160E855C78B738E2A9D1644B33 178.06 kb, rsAh, created: 07.12.2022 19:28:04, modified: 01.09.2022 20:20:46	6304
C:\Program Files (x86)\Samsung\Samsung Magician\DMF.dll Script: Quarantine, Delete, Delete via BC	1606287360	DMF	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=AA7AA917510B01FAFF97883C6810D715 134.07 kb, rsAh, created: 07.12.2022 19:28:04, modified: 01.09.2022 20:21:04	6304
C:\Program Files (x86)\Samsung\Samsung Magician\DSF.dll Script: Quarantine, Delete, Delete via BC	1609498624	DSF	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=0BB71CD305F39CA9E799DC9622328894 104.56 kb, rsAh, created: 07.12.2022 19:28:04, modified: 01.09.2022 20:20:50	6304
C:\Program Files (x86)\Samsung\Samsung Magician\FBM.dll Script: Quarantine, Delete, Delete via BC	1862139904	FBM	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=40B52C11DCCE1293861C84B51495925C 41.06 kb, rsAh, created: 07.12.2022 19:28:04, modified: 01.09.2022 20:20:26	6304
C:\Program Files (x86)\Samsung\Samsung Magician\ffmpeg.dll Script: Quarantine, Delete, Delete via BC	2066481152			MD5=9702E03C357B4961C4298A35E4501B2A 2506.50 kb, rsAh, created: 07.12.2022 19:28:10, modified: 01.09.2022 20:13:38	20844, 20132, 24556, 19592
C:\Program Files (x86)\Samsung\Samsung Magician\FITF.dll Script: Quarantine, Delete, Delete via BC	1726873600	FITF	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=A7DF8F76DDE162EB038CC3C9BE3FB7BD 101.07 kb, rsAh, created: 07.12.2022 19:28:05, modified: 01.09.2022 20:20:42	6304
C:\Program Files (x86)\Samsung\Samsung Magician\FITP.dll Script: Quarantine, Delete, Delete via BC	1873215488	FITP	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=FE79203489D29D5DF3817C40207BE086 94.57 kb, rsAh, created: 07.12.2022 19:28:05, modified: 01.09.2022 20:20:42	6304
C:\Program Files (x86)\Samsung\Samsung Magician\FMM.dll Script: Quarantine, Delete, Delete via BC	1873870848	FMM	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=97489CCC77658F523A639284BA3113E8 96.56 kb, rsAh, created: 07.12.2022 19:28:04, modified: 01.09.2022 20:20:26	6304
C:\Program Files (x86)\Samsung\Samsung Magician\HashChecker.dll Script: Quarantine, Delete, Delete via BC	1813774336	HashChecker	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=02D35235D2695CFF4384B1821A81CC6F 54.07 kb, rsAh, created: 07.12.2022 19:28:05, modified: 01.09.2022 20:20:36	6304
C:\Program Files (x86)\Samsung\Samsung Magician\HELPF.dll Script: Quarantine, Delete, Delete via BC	1607598080	HELPF	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=6E6950DC0EB1D2101CBCDDEB1B9A15DC 36.56 kb, rsAh, created: 07.12.2022 19:28:10, modified: 01.09.2022 20:21:34	6304
C:\Program Files (x86)\Samsung\Samsung Magician\HOMEF.dll Script: Quarantine, Delete, Delete via BC	1612382208	HOMEF	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=8F5B8FB71341DFF1592274A919449CE9 1020.56 kb, rsAh, created: 07.12.2022 19:28:04, modified: 01.09.2022 20:20:26	6304
C:\Program Files (x86)\Samsung\Samsung Magician\libegl.dll Script: Quarantine, Delete, Delete via BC	2025717760	ANGLE libEGL Dynamic Link Library	Copyright (C) 2015 Google Inc.	MD5=5FF7AC1B20534E522B4655BF161AE182 349.50 kb, rsAh, created: 07.12.2022 19:28:11, modified: 01.09.2022 20:13:38	19592
C:\Program Files (x86)\Samsung\Samsung Magician\libglesv2.dll Script: Quarantine, Delete, Delete via BC	2015625216	ANGLE libGLESv2 Dynamic Link Library	Copyright (C) 2015 Google Inc.	MD5=89AA4A03BF9A949970AF3658F147E2BB 6669.50 kb, rsAh, created: 07.12.2022 19:28:11, modified: 01.09.2022 20:13:38	19592
C:\Program Files (x86)\Samsung\Samsung Magician\Logger.dll Script: Quarantine, Delete, Delete via BC	1832386560	LOGGER	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=37A7C78F75155518B4613F852AEB938E 104.57 kb, rsAh, created: 07.12.2022 19:28:05, modified: 01.09.2022 20:20:40	6304
C:\Program Files (x86)\Samsung\Samsung Magician\MigrationService\MigDLL.dll Script: Quarantine, Delete, Delete via BC	1789067264	MigDLL	Copyright (C) 2020	MD5=665D68216B86A5D9EB04C616475C4D69 496.07 kb, rsAh, created: 07.12.2022 19:28:05, modified: 01.09.2022 20:21:28	6780
C:\Program Files (x86)\Samsung\Samsung Magician\MigrationService\Restore.dll Script: Quarantine, Delete, Delete via BC	1818296320	WinClon Engine	Copyright (C) 2020 by Clonix Co.,Ltd.	MD5=F9C6A4A96C79C848F8A27D173F732A77 1997.56 kb, rsAh, created: 07.12.2022 19:28:05, modified: 01.09.2022 20:21:30	6780
C:\Program Files (x86)\Samsung\Samsung Magician\MigrationService\SSDInfo.dll Script: Quarantine, Delete, Delete via BC	1804795904			MD5=1713D280FE59A37EA0A2C2F8D36A494D 2034.57 kb, rsAh, created: 07.12.2022 19:28:05, modified: 01.09.2022 20:21:30	6780
C:\Program Files (x86)\Samsung\Samsung Magician\OVGF.dll Script: Quarantine, Delete, Delete via BC	1610874880	OVGF	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=877D9A364E4EF0EB31C402DF62D7AE30 132.06 kb, rsAh, created: 07.12.2022 19:28:04, modified: 01.09.2022 20:20:52	6304
C:\Program Files (x86)\Samsung\Samsung Magician\PBF.dll Script: Quarantine, Delete, Delete via BC	1611399168	PBF	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=223D14EB29BAA0CFD7A958C378963C85 207.56 kb, rsAh, created: 07.12.2022 19:28:05, modified: 01.09.2022 20:20:44	6304
C:\Program Files (x86)\Samsung\Samsung Magician\POF.dll Script: Quarantine, Delete, Delete via BC	1732575232	SPOF	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=3A3DE07AF07B683ADCBE6A700D515D01 177.07 kb, rsAh, created: 07.12.2022 19:28:02, modified: 01.09.2022 20:20:52	6304
C:\Program Files (x86)\Samsung\Samsung Magician\PRF.dll Script: Quarantine, Delete, Delete via BC	1609629696	PRF	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=848622EC84D2EA2BA16D4B5909DEA5D8 120.07 kb, rsAh, created: 07.12.2022 19:28:04, modified: 01.09.2022 20:20:48	6304
C:\Program Files (x86)\Samsung\Samsung Magician\PSSDF.dll Script: Quarantine, Delete, Delete via BC	1668218880	PSSDF	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=9FCD5553BF44A2CA33B7D40CC2FA9B50 222.57 kb, rsAh, created: 07.12.2022 19:28:04, modified: 01.09.2022 20:20:54	6304
C:\Program Files (x86)\Samsung\Samsung Magician\resources\app\dist\magutils-napi.node Script: Quarantine, Delete, Delete via BC	2071658496			MD5=C725327FCFDDDD80CCAB16867F55FB45 95.00 kb, rsAh, created: 07.12.2022 19:28:14, modified: 01.09.2022 20:13:40	24556
C:\Program Files (x86)\Samsung\Samsung Magician\resources\app\dist\magvibrancy-napi.node Script: Quarantine, Delete, Delete via BC	2071527424			MD5=B63C521A807DF80AE4C6AC05106F81C2 85.00 kb, rsAh, created: 07.12.2022 19:28:14, modified: 01.09.2022 20:13:40	24556
C:\Program Files (x86)\Samsung\Samsung Magician\resources\app\dist\uimpewrapper-napi.node Script: Quarantine, Delete, Delete via BC	2071789568			MD5=141EBFC2A492DAE1007FF4352F7A9B36 551.50 kb, rsAh, created: 07.12.2022 19:28:14, modified: 01.09.2022 20:13:42	24556
C:\Program Files (x86)\Samsung\Samsung Magician\SCF.dll Script: Quarantine, Delete, Delete via BC	1609105408	SCF	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=F5FE2BAA2D6A133CE6E79BE3B5344F47 259.56 kb, rsAh, created: 07.12.2022 19:26:27, modified: 01.09.2022 20:20:44	6304
C:\Program Files (x86)\Samsung\Samsung Magician\SEF.dll Script: Quarantine, Delete, Delete via BC	1610481664	SEF	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=26234BAF2B94176BB2243467BBEC3536 118.06 kb, rsAh, created: 07.12.2022 19:26:24, modified: 01.09.2022 20:20:44	6304
C:\Program Files (x86)\Samsung\Samsung Magician\SILA00.dll Script: Quarantine, Delete, Delete via BC	1748107264	SILA00	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=1B95C0ACDA793E0E516E538A5536C8FE 203.07 kb, rsAh, created: 07.12.2022 19:26:27, modified: 01.09.2022 20:20:38	6304
C:\Program Files (x86)\Samsung\Samsung Magician\SILA01.dll Script: Quarantine, Delete, Delete via BC	1751777280	SILA01	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=58E2629EDDFCB727673957256B2A2017 61.57 kb, rsAh, created: 07.12.2022 19:26:26, modified: 01.09.2022 20:20:50	6304
C:\Program Files (x86)\Samsung\Samsung Magician\SILA03.dll Script: Quarantine, Delete, Delete via BC	1747845120	SILA03	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=8ACDAB8B57873CA796D360400A783D10 52.57 kb, rsAh, created: 07.12.2022 19:26:24, modified: 01.09.2022 20:20:54	6304
C:\Program Files (x86)\Samsung\Samsung Magician\SILA05.dll Script: Quarantine, Delete, Delete via BC	1747779584	SILA05	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=55C0399960E1E314BC23C6AAAEA57480 64.07 kb, rsAh, created: 07.12.2022 19:26:27, modified: 01.09.2022 20:20:46	6304
C:\Program Files (x86)\Samsung\Samsung Magician\SILA06.dll Script: Quarantine, Delete, Delete via BC	1747714048	SILA06	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=D80CC435C1E19B0C7DB75A533EE64A5F 63.07 kb, rsAh, created: 07.12.2022 19:26:27, modified: 01.09.2022 20:20:48	6304
C:\Program Files (x86)\Samsung\Samsung Magician\SILA07.dll Script: Quarantine, Delete, Delete via BC	1747451904	SILA07	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=A7DAC65940641B04A0D4B8EDFF80A9AC 192.57 kb, rsAh, created: 07.12.2022 19:26:27, modified: 01.09.2022 20:20:38	6304
C:\Program Files (x86)\Samsung\Samsung Magician\SILAL.dll Script: Quarantine, Delete, Delete via BC	1747910656	SILAL	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=49B5829C382A8F372FA8682F0A146CD7 152.57 kb, rsAh, created: 07.12.2022 19:26:27, modified: 01.09.2022 20:20:36	6304
C:\Program Files (x86)\Samsung\Samsung Magician\SILM.dll Script: Quarantine, Delete, Delete via BC	1822097408	SILM	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=B5EA8604610DD0CC08F95528A61D3866 84.07 kb, rsAh, created: 07.12.2022 19:26:27, modified: 01.09.2022 20:20:36	6304
C:\Program Files (x86)\Samsung\Samsung Magician\SILN00.dll Script: Quarantine, Delete, Delete via BC	1747189760	SILN00	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=88185F4CCF3DF74FCAB91DBEC177E2BA 207.06 kb, rsAh, created: 07.12.2022 19:26:27, modified: 01.09.2022 20:20:38	6304
C:\Program Files (x86)\Samsung\Samsung Magician\SILN03.dll Script: Quarantine, Delete, Delete via BC	1746927616	SILN03	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=65922DCE2F7E3880B46B2D18F6816535 60.57 kb, rsAh, created: 07.12.2022 19:26:24, modified: 01.09.2022 20:20:54	6304
C:\Program Files (x86)\Samsung\Samsung Magician\SILN04.dll Script: Quarantine, Delete, Delete via BC	1746862080	SILN04	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=397FFE7CCC1170E76A748B93E11C3320 59.57 kb, rsAh, created: 07.12.2022 19:26:26, modified: 01.09.2022 20:20:52	6304
C:\Program Files (x86)\Samsung\Samsung Magician\SILN05.dll Script: Quarantine, Delete, Delete via BC	1746796544	SILN05	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=8E89C203B6BB8C0AC9256D33A1DEA328 60.57 kb, rsAh, created: 07.12.2022 19:26:27, modified: 01.09.2022 20:20:48	6304
C:\Program Files (x86)\Samsung\Samsung Magician\SILN06.dll Script: Quarantine, Delete, Delete via BC	1746665472	SILN06	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=2F4A0DFC84B1791ED23247D92052F760 127.56 kb, rsAh, created: 07.12.2022 19:26:27, modified: 01.09.2022 20:20:50	6304
C:\Program Files (x86)\Samsung\Samsung Magician\SILN07.dll Script: Quarantine, Delete, Delete via BC	1746206720	SILN07	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=BE23E1E0FE6431F45AD7E2D0826D3798 435.06 kb, rsAh, created: 07.12.2022 19:26:27, modified: 01.09.2022 20:20:38	6304
C:\Program Files (x86)\Samsung\Samsung Magician\SILN08.dll Script: Quarantine, Delete, Delete via BC	1746141184	SILN08	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=6DB8F6678937953214D9BEC8AC15C253 46.06 kb, rsAh, created: 07.12.2022 19:28:04, modified: 01.09.2022 20:21:02	6304
C:\Program Files (x86)\Samsung\Samsung Magician\SILN09.dll Script: Quarantine, Delete, Delete via BC	1746075648	SILN09	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=9A6D03CA1FB46BB7DB1B983352B57F18 53.57 kb, rsAh, created: 07.12.2022 19:28:05, modified: 01.09.2022 20:20:42	6304
C:\Program Files (x86)\Samsung\Samsung Magician\SILNL.dll Script: Quarantine, Delete, Delete via BC	1746993152	SILNL	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=7EB41BE049BA1B55EF0A8D06EC76123F 178.06 kb, rsAh, created: 07.12.2022 19:26:27, modified: 01.09.2022 20:20:36	6304
C:\Program Files (x86)\Samsung\Samsung Magician\UIMP.dll Script: Quarantine, Delete, Delete via BC	1887174656	UIMP	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED	MD5=D06B3EA710423D06B662C2C94E7B8C41 436.06 kb, rsAh, created: 07.12.2022 19:26:26, modified: 01.09.2022 20:20:26	6304
C:\Program Files (x86)\Steam\bin\chromehtml.DLL Script: Quarantine, Delete, Delete via BC	1548550144			MD5=E0CAF5750C904780A70BDE25CEAE0BCC 1270.85 kb, rsAh, created: 07.12.2022 13:16:43, modified: 01.12.2022 17:46:38	14308
C:\Program Files (x86)\Steam\bin\filesystem_stdio.DLL Script: Quarantine, Delete, Delete via BC	1550843904	FileSystem_Stdio.dll	Copyright (C) 2005 Valve Corporation	MD5=7AC8E293BDA4ED40DB2F4AF9730BF48A 192.35 kb, rsAh, created: 07.12.2022 13:16:43, modified: 01.12.2022 17:46:38	14308
c:\program files (x86)\steam\bin\friendsui.DLL Script: Quarantine, Delete, Delete via BC	1446969344	Steam Friends UI	Copyright (C) 2005 Valve Corporation	MD5=50ED1F9874ADDFD508F8592C001497A9 5068.35 kb, rsAh, created: 07.12.2022 13:16:43, modified: 01.12.2022 17:46:38	14308
c:\program files (x86)\steam\bin\serverbrowser.DLL Script: Quarantine, Delete, Delete via BC	1444806656	Steam Server Browser Library	Copyright (C) 2008 Valve Corporation	MD5=61B815101B45CE3B16CDB21F72ADCE7E 2066.35 kb, rsAh, created: 07.12.2022 13:16:43, modified: 01.12.2022 17:46:38	14308
C:\Program Files (x86)\Steam\bin\vgui2_s.DLL Script: Quarantine, Delete, Delete via BC	1549926400	vgui2_s.dll	Copyright (C) 2007 Valve Corporation	MD5=3938B6125091AA5B76B48CC85B97ED7E 819.85 kb, rsAh, created: 07.12.2022 13:16:43, modified: 01.12.2022 17:46:40	14308
C:\Program Files (x86)\Steam\crashhandler.dll Script: Quarantine, Delete, Delete via BC	1601961984	Steam Crash Handler Library	Copyright (C) 2010	MD5=930E9BB656F2559E7BA051856C7FA6DF 368.85 kb, rsAh, created: 07.12.2022 13:16:43, modified: 01.12.2022 17:46:40	14308
C:\Program Files (x86)\Steam\libavcodec-58.dll Script: Quarantine, Delete, Delete via BC	1564540928			MD5=37ED5037B4CEF56BB5697DD575F3E62E 4314.39 kb, rsAh, created: 07.12.2022 13:16:43, modified: 18.07.2022 11:52:18	14308
C:\Program Files (x86)\Steam\libavformat-58.dll Script: Quarantine, Delete, Delete via BC	1563230208			MD5=956B17A1E7508007823DE8970CBCAACF 1215.89 kb, rsAh, created: 07.12.2022 13:16:43, modified: 18.07.2022 11:52:18	14308
C:\Program Files (x86)\Steam\libavresample-4.dll Script: Quarantine, Delete, Delete via BC	1561657344			MD5=1ADC683960FE451F144FC016AB2868D4 578.39 kb, rsAh, created: 07.12.2022 13:16:43, modified: 18.07.2022 11:52:18	14308
C:\Program Files (x86)\Steam\libavutil-56.dll Script: Quarantine, Delete, Delete via BC	1557725184			MD5=8073FCC89965725B55D8326F509CCC4A 1263.89 kb, rsAh, created: 07.12.2022 13:16:43, modified: 18.07.2022 11:52:18	14308
C:\Program Files (x86)\Steam\libswscale-5.dll Script: Quarantine, Delete, Delete via BC	1556611072			MD5=5D713A62B0940905DD2CA1785FD86FA4 1020.39 kb, rsAh, created: 07.12.2022 13:16:43, modified: 18.07.2022 11:52:18	14308
C:\Program Files (x86)\Steam\SDL2.dll Script: Quarantine, Delete, Delete via BC	1581121536	SDL	Copyright (C) 2022 Sam Lantinga	MD5=7DEBBAEE9B6D3579DD2AC4C11A8D7DC6 1241.85 kb, rsAh, created: 07.12.2022 13:16:43, modified: 30.11.2022 18:56:00	14308
C:\Program Files (x86)\Steam\steamclient.dll Script: Quarantine, Delete, Delete via BC	1468137472	Steamclient.dll	Copyright (C) 2005 Valve Corporation	MD5=C0FA84B1244BE2BBB26964647B953A4E 18458.85 kb, rsAh, created: 07.12.2022 13:16:43, modified: 01.12.2022 17:46:40	14308
C:\Program Files (x86)\Steam\steamui.dll Script: Quarantine, Delete, Delete via BC	1582432256	SteamUI Dynamic Link Library	Copyright (C) 2007	MD5=92FF55938B3C05CEB2CF57BBA17989DF 13238.35 kb, rsAh, created: 07.12.2022 13:16:43, modified: 01.12.2022 17:46:38	14308
C:\Program Files (x86)\Steam\tier0_s.dll Script: Quarantine, Delete, Delete via BC	1580466176	tier0_s Dynamic Link Library	Copyright (C) 2007	MD5=7DF5032A27455E66458577A7AB63EEEB 336.35 kb, rsAh, created: 07.12.2022 13:16:43, modified: 01.12.2022 17:46:42	14308
C:\Program Files (x86)\Steam\video.dll Script: Quarantine, Delete, Delete via BC	1571160064			MD5=10C51D97A1CB42D544725CB1D5455204 3621.35 kb, rsAh, created: 07.12.2022 13:16:43, modified: 01.12.2022 17:46:42	14308
C:\Program Files (x86)\Steam\vstdlib_s.dll Script: Quarantine, Delete, Delete via BC	1570570240	vstdlib_ s.dll	Copyright (C) 2005 Valve Corporation	MD5=18F81CE6CC3510ABA3600AC9036B364A 529.85 kb, rsAh, created: 07.12.2022 13:16:43, modified: 01.12.2022 17:46:42	14308
C:\Program Files\ASUS\Aac_AIOFan\AacAIOFanHal_x86.dll Script: Quarantine, Delete, Delete via BC	1660354560	TODO: <File description>	Copyright (C) 2019	MD5=1ED7A027354718C816A7764389DB8350 891.86 kb, rsAh, created: 24.08.2022 15:55:08, modified: 24.08.2022 15:55:08	15664, 7092
C:\Program Files\ASUS\AuraSDK\AuraSdk_x86.dll Script: Quarantine, Delete, Delete via BC	1761083392	AuraSDK	Copyright (C) ASUSTek Computer Inc. 2015-2017	MD5=2DCF3D443C2F244643E41BE1DAE2951A 631.41 kb, rsAh, created: 19.09.2022 17:29:08, modified: 19.09.2022 17:29:08	7092
C:\Program Files\ENE\Aac_ENE RGB HAL\x86\AacHal_x86.dll Script: Quarantine, Delete, Delete via BC	1750728704	RGB HAL	Copyright (C) 2020	MD5=0FB0DB9761C6634ACF55E7CFE9D840D6 228.15 kb, rsAh, created: 03.08.2022 10:00:40, modified: 03.08.2022 10:00:40	7092
C:\Program Files\Patriot\Aac_Patriot Viper DRAM RGB\AacHal_x86.dll Script: Quarantine, Delete, Delete via BC	1741815808	VIPER RGB DRAM HAL	Copyright (C) 2020	MD5=838A4427C6106BBC5CAED49AB2A6D488 289.93 kb, rsAh, created: 13.09.2022 15:06:56, modified: 13.09.2022 15:06:56	7092
C:\Program Files\Patriot\Aac_Patriot Viper DRAM RGB\MsIo32_Patriot.dll Script: Quarantine, Delete, Delete via BC	52822016	MsIo for Patriot	Copyright © 1998-2017, MS	MD5=ECCB3ADE98AD289E2177731014C424F9 78.93 kb, rsAh, created: 13.09.2022 14:56:58, modified: 13.09.2022 14:56:58	7092
C:\Program Files\Patriot\Aac_Patriot Viper M2 SSD RGB\AacHal_x86.dll Script: Quarantine, Delete, Delete via BC	1739456512	VIPER RGB M.2 SSD HAL	Copyright (C) 2020	MD5=DB679419EA0AE39A2041BE3BB9ACC75E 295.04 kb, rsAh, created: 06.06.2022 15:50:48, modified: 06.06.2022 15:50:48	7092
C:\Program Files\Patriot\Aac_Patriot Viper M2 SSD RGB\VSCmiddlex86.dll Script: Quarantine, Delete, Delete via BC	1739325440			MD5=CFA2DA5423978C37861191BB4BED255A 110.98 kb, rsAh, created: 17.03.2022 12:03:26, modified: 17.03.2022 12:03:26	7092
C:\Program Files\PD\Aac_Universal Holtek RGB DRAM\AacHal_x86.dll Script: Quarantine, Delete, Delete via BC	1735000064	Universal Holtek RGB DRAM HAL	Copyright (C) 2020	MD5=610E9802ED339684AE38E6B7BC2F1487 289.93 kb, rsAh, created: 14.09.2022 11:37:14, modified: 14.09.2022 11:37:14	7092
C:\Program Files\PD\Aac_Universal Holtek RGB DRAM\MsIo32_UH.dll Script: Quarantine, Delete, Delete via BC	53608448	MsIo for Universal Holtek	Copyright © 1998-2018, MS	MD5=F88E122D7AF4F787FADC929AE645417A 80.93 kb, rsAh, created: 13.09.2022 17:20:18, modified: 13.09.2022 17:20:18	7092
C:\ProgramData\A-Volute\A-Volute.28054DF1F58B4\Modules\ScheduledModules\ActionTriggerDaemonModule.dll Script: Quarantine, Delete, Delete via BC	1455357952		Copyright (c) Nahimic. All rights reserved.	MD5=59F1CAC8D37F829568B8B94D05A211A9 319.88 kb, rsAh, created: 08.12.2022 14:20:43, modified: 08.12.2022 14:20:43	15408
C:\ProgramData\A-Volute\A-Volute.28054DF1F58B4\Modules\ScheduledModules\AudioDevProps2.dll Script: Quarantine, Delete, Delete via BC	310575104		Copyright A-Volute. All rights reserved.	MD5=E8AB93E12788CC56615223943BAEE28A 977.76 kb, rsAh, created: 08.12.2022 14:20:43, modified: 08.12.2022 14:20:43	22920, 20872, 15408, 14308
C:\ProgramData\A-Volute\A-Volute.28054DF1F58B4\Modules\ScheduledModules\AudioSessionsMonDaemonModule.dll Script: Quarantine, Delete, Delete via BC	1454964736		Copyright (c) Nahimic. All rights reserved.	MD5=D237F30E0E9562A14F5FE7CBA5B07D9C 347.88 kb, rsAh, created: 08.12.2022 14:20:43, modified: 08.12.2022 14:20:43	15408
C:\ProgramData\A-Volute\A-Volute.28054DF1F58B4\Modules\ScheduledModules\CaptureDaemonModule.dll Script: Quarantine, Delete, Delete via BC	1444610048		Copyright (c) Nahimic. All rights reserved.	MD5=EEE9FBA05F8DD206E6904C71008689A7 159.88 kb, rsAh, created: 08.12.2022 14:20:43, modified: 08.12.2022 14:20:43	15408
C:\ProgramData\A-Volute\A-Volute.28054DF1F58B4\Modules\ScheduledModules\DynamicCursor3DDaemonModule.dll Script: Quarantine, Delete, Delete via BC	1443430400	Cursor 3D Daemon Module	Copyright (C) 2018	MD5=FB1F74A5B43F7EA60A65C2563B84E724 1063.76 kb, rsAh, created: 08.12.2022 14:20:43, modified: 08.12.2022 14:20:43	15408
C:\ProgramData\A-Volute\A-Volute.28054DF1F58B4\Modules\ScheduledModules\DynamicEnhancerAutomationDaemonModule.dll Script: Quarantine, Delete, Delete via BC	1440415744	SonicMapper Dynamic Enhancer Automation Daemon Module	Copyright (C) 2018	MD5=49A670A56A740E892D7223F63831659D 542.76 kb, rsAh, created: 08.12.2022 14:20:43, modified: 08.12.2022 14:20:43	15408
C:\ProgramData\A-Volute\A-Volute.28054DF1F58B4\Modules\ScheduledModules\DynamicEnhancerDaemonModule.dll Script: Quarantine, Delete, Delete via BC	1439236096	SonicMapper Enhancer Daemon Module	Copyright (C) 2018	MD5=953587FBB8B63FCC586948EE294A0667 1069.76 kb, rsAh, created: 08.12.2022 14:20:43, modified: 08.12.2022 14:20:43	15408
C:\ProgramData\A-Volute\A-Volute.28054DF1F58B4\Modules\ScheduledModules\DynamicRadarDaemonModule.dll Script: Quarantine, Delete, Delete via BC	1438056448	SonicMapper Radar Daemon Module	Copyright (C) 2018	MD5=9A0264E2CBA2A688887E737776B320FC 1065.76 kb, rsAh, created: 08.12.2022 14:20:43, modified: 08.12.2022 14:20:43	15408
C:\ProgramData\A-Volute\A-Volute.28054DF1F58B4\Modules\ScheduledModules\DynamicSMProfileDaemonModule.dll Script: Quarantine, Delete, Delete via BC	1437138944	SonicMapper Profile	Copyright (C) 2018	MD5=44B8C4C48B05F9574172ABB851C5B1B0 813.26 kb, rsAh, created: 08.12.2022 14:20:43, modified: 08.12.2022 14:20:43	15408
C:\ProgramData\A-Volute\A-Volute.28054DF1F58B4\Modules\ScheduledModules\DynamicSMShortcutsDaemonModule.dll Script: Quarantine, Delete, Delete via BC	1436418048	SonicMapper Shortcuts Daemon Module	Copyright (C) 2018	MD5=EAA741C80AEC9A1F6BF49A4DA8F01F8A 662.76 kb, rsAh, created: 08.12.2022 14:20:43, modified: 08.12.2022 14:20:43	15408
C:\ProgramData\A-Volute\A-Volute.28054DF1F58B4\Modules\ScheduledModules\DynamicSonicMapperConfiguratorDaemonModule.dll Script: Quarantine, Delete, Delete via BC	1435631616	SonicMapper Configurator Daemon Module	Copyright (C) 2018	MD5=257FEB1BADCCC66847548568B9207CEF 714.76 kb, rsAh, created: 08.12.2022 14:20:43, modified: 08.12.2022 14:20:43	15408
C:\ProgramData\A-Volute\A-Volute.28054DF1F58B4\Modules\ScheduledModules\GfxOverlayDaemonModule.dll Script: Quarantine, Delete, Delete via BC	1434910720	GfxOverlayDaemon	Copyright (C) 2018	MD5=3A7BE639982AD4FF042A32F3C711F3A1 622.26 kb, rsAh, created: 08.12.2022 14:20:43, modified: 08.12.2022 14:20:43	15408
C:\ProgramData\A-Volute\A-Volute.28054DF1F58B4\Modules\ScheduledModules\GfxStreamServerDaemonModule.dll Script: Quarantine, Delete, Delete via BC	1434058752	GfxStreamServerDaemon	Copyright (C) 2018	MD5=D63418CA1840E9852ED85C36CD3D2F27 777.76 kb, rsAh, created: 08.12.2022 14:20:43, modified: 08.12.2022 14:20:43	15408
C:\ProgramData\A-Volute\A-Volute.28054DF1F58B4\Modules\ScheduledModules\InputHookDaemonModule.dll Script: Quarantine, Delete, Delete via BC	1433862144		Copyright (c) Nahimic. All rights reserved.	MD5=4424B5C2323DEFF874F24D0B08B0E130 164.88 kb, rsAh, created: 08.12.2022 14:20:43, modified: 08.12.2022 14:20:43	15408
C:\ProgramData\A-Volute\A-Volute.28054DF1F58B4\Modules\ScheduledModules\KeyboardShortcutDaemonModule.dll Script: Quarantine, Delete, Delete via BC	1433337856		Copyright (c) Nahimic. All rights reserved.	MD5=43F2CF88799B695ADB55375366B18620 443.88 kb, rsAh, created: 08.12.2022 14:20:43, modified: 08.12.2022 14:20:43	15408
C:\ProgramData\A-Volute\A-Volute.28054DF1F58B4\Modules\ScheduledModules\NahimicOSD.dll Script: Quarantine, Delete, Delete via BC	1429733376	NahimicOSD	Copyright (C) 2018	MD5=69EA176EDC84C6B39CAAE5D3EEF28137 552.76 kb, rsAh, created: 08.12.2022 14:20:43, modified: 08.12.2022 14:20:43	22920, 20872, 15408, 14308
C:\ProgramData\A-Volute\A-Volute.28054DF1F58B4\Modules\ScheduledModules\ProductInfo.dll Script: Quarantine, Delete, Delete via BC	308805632			MD5=4E108ACACE9250AC5069479166640DE1 97.26 kb, rsAh, created: 08.12.2022 14:20:43, modified: 08.12.2022 14:20:43	22920, 20872, 15408, 14308
C:\ProgramData\A-Volute\A-Volute.28054DF1F58B4\Modules\ScheduledModules\ShortcutEventSourceDaemonModule.dll Script: Quarantine, Delete, Delete via BC	1433141248		Copyright (c) Nahimic. All rights reserved.	MD5=A7F78B08C4F168BD77F37EC3ADFD2C9E 154.88 kb, rsAh, created: 08.12.2022 14:20:43, modified: 08.12.2022 14:20:43	15408
C:\ProgramData\A-Volute\A-Volute.28054DF1F58B4\Modules\ScheduledModules\ShortcutManagerDaemonModule.dll Script: Quarantine, Delete, Delete via BC	1432748032		Copyright (c) Nahimic. All rights reserved.	MD5=92EF4186E90BAC2FCCDD0D247767E400 319.88 kb, rsAh, created: 08.12.2022 14:20:43, modified: 08.12.2022 14:20:43	15408
C:\ProgramData\A-Volute\A-Volute.28054DF1F58B4\Modules\ScheduledModules\SysAudioHook2DaemonModule.dll Script: Quarantine, Delete, Delete via BC	1432354816		Copyright A-Volute. All rights reserved.	MD5=13394B47CBA315A8795CE08319F1768E 312.76 kb, rsAh, created: 08.12.2022 14:20:43, modified: 08.12.2022 14:20:43	15408
C:\ProgramData\A-Volute\A-Volute.SonicStudio3\Modules\ScheduledModules\AudioDevProps2.dll Script: Quarantine, Delete, Delete via BC	1735720960		Copyright A-Volute. All rights reserved.	MD5=E8AB93E12788CC56615223943BAEE28A 977.76 kb, rsAh, created: 08.12.2022 14:20:58, modified: 08.12.2022 14:20:57	23376, 22920, 20872, 21912, 13484, 15408, 13204, 12872, 23104, 14308
C:\ProgramData\A-Volute\A-Volute.SonicStudio3\Modules\ScheduledModules\AudioSessionsMonDaemonModule.dll Script: Quarantine, Delete, Delete via BC	1664155648		Copyright (c) Nahimic. All rights reserved.	MD5=D237F30E0E9562A14F5FE7CBA5B07D9C 347.88 kb, rsAh, created: 08.12.2022 14:20:58, modified: 08.12.2022 14:20:57	13204
C:\ProgramData\A-Volute\A-Volute.SonicStudio3\Modules\ScheduledModules\DeviceRoutingDaemonModule.dll Script: Quarantine, Delete, Delete via BC	1663434752		(c) Nahimic. All rights reserved.	MD5=A47C48A10AB1523B4A810224F3BD12CA 610.26 kb, rsAh, created: 08.12.2022 14:20:58, modified: 08.12.2022 14:20:57	13204
C:\ProgramData\A-Volute\A-Volute.SonicStudio3\Modules\ScheduledModules\ProductInfo.dll Script: Quarantine, Delete, Delete via BC	1735589888			MD5=78A4E044B8AC7B34A0C340616E9D5A90 97.26 kb, rsAh, created: 08.12.2022 14:20:58, modified: 08.12.2022 14:20:57	22920, 20872, 13204, 14308
C:\ProgramData\A-Volute\A-Volute.SonicStudio3\Modules\ScheduledModules\SysAudioHook2DaemonModule.dll Script: Quarantine, Delete, Delete via BC	1663041536		Copyright A-Volute. All rights reserved.	MD5=13394B47CBA315A8795CE08319F1768E 312.76 kb, rsAh, created: 08.12.2022 14:20:58, modified: 08.12.2022 14:20:57	13204
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\X86\MPCLIENT.DLL Script: Quarantine, Delete, Delete via BC	1812332544	Client Interface	© Microsoft Corporation. All rights reserved.	MD5=23002C9B3EBB08609398AFB4B377E917 901.28 kb, rsAh, created: 08.12.2022 18:49:13, modified: 08.12.2022 18:49:10	5544, 5456
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\X86\MpOav.dll Script: Quarantine, Delete, Delete via BC	1954873344	IOfficeAntiVirus Module	© Microsoft Corporation. All rights reserved.	MD5=BF6CA7B4CADBB3F2A7D952BE02FEC419 424.75 kb, rsAh, created: 08.12.2022 18:49:13, modified: 08.12.2022 18:49:10	9368, 15696, 15768, 6680, 3440, 18984, 7024, 5376, 22920, 5544, 5456, 2980, 6780, 23104, 7976, 6484, 6304, 14308, 8668
C:\ProgramData\Razer\Synapse3\Service\Bin\BLEConnectWrapper.dll Script: Quarantine, Delete, Delete via BC	1424359424		Copyright (C) 2020	MD5=543F53EDF511022B6B0E2F688D8F4836 176.90 kb, rsAh, created: 07.12.2022 18:20:35, modified: 18.10.2022 03:19:54	7976
C:\ProgramData\Razer\Synapse3\Service\Bin\Common.ChromaSDKWrapper.dll Script: Quarantine, Delete, Delete via BC	1424162816			MD5=FEF1528857E1C82E7498AE5AD8FB6168 159.02 kb, rsAh, created: 07.12.2022 18:20:33, modified: 06.11.2022 22:53:34	7976
C:\ProgramData\Razer\Synapse3\Service\Bin\Common.NativeDeviceDetectionWrapper.dll Script: Quarantine, Delete, Delete via BC	1423638528			MD5=14205BFB1D115EAED7076C5FA58B1C50 467.51 kb, rsAh, created: 07.12.2022 18:20:35, modified: 06.11.2022 22:53:58	7976
C:\ProgramData\Razer\Synapse3\Service\Bin\Common.NativeWifiDeviceDetectionWrapper.dll Script: Quarantine, Delete, Delete via BC	1423310848			MD5=ED636E8E13C9B83C37BCDF001F143510 298.02 kb, rsAh, created: 07.12.2022 18:20:35, modified: 06.11.2022 22:54:00	7976
C:\ProgramData\Razer\Synapse3\Service\Bin\Common.PowerPlan.dll Script: Quarantine, Delete, Delete via BC	1423048704			MD5=35F344B68D146B89827E1BDE31CFDD52 201.51 kb, rsAh, created: 07.12.2022 18:20:35, modified: 06.11.2022 22:54:04	7976
C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Harper Extended\Bin\RSy3_DeviceStatus.dll Script: Quarantine, Delete, Delete via BC	1408827392			MD5=00EBFC1687B3D92E319D0542A9CC3B9D 922.12 kb, rsAh, created: 07.12.2022 18:20:41, modified: 03.01.2022 13:39:26	7976
C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Harper Extended\Bin\RSy3_DriverMode.dll Script: Quarantine, Delete, Delete via BC	1356660736			MD5=42FB457BDAF105BB5D398D5DB4544467 485.62 kb, rsAh, created: 07.12.2022 18:20:41, modified: 03.01.2022 13:39:26	7976
C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Harper Extended\Bin\RSy3_LightingBrightness.dll Script: Quarantine, Delete, Delete via BC	1356070912			MD5=BDA7A8D7F9BDF440910FB6AFBEC5D0BE 527.12 kb, rsAh, created: 07.12.2022 18:20:41, modified: 03.01.2022 13:39:34	7976
C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Harper Extended\Bin\RSy3_LightingPwrState.dll Script: Quarantine, Delete, Delete via BC	1355546624			MD5=39C42A064BC3B9EAF74D139F79B2AC2E 488.12 kb, rsAh, created: 07.12.2022 18:20:41, modified: 03.01.2022 13:39:36	7976
C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Mw\RzCtl_0C02.dll Script: Quarantine, Delete, Delete via BC	1396113408	Razer Device Access	Copyright © 2020 Razer Inc. All rights reserved	MD5=460936F92BF20FEC00890AD6E97632CB 285.97 kb, rsAh, created: 07.12.2022 18:20:42, modified: 30.11.2020 04:27:20	7976
C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_GlobalShortcuts.dll Script: Quarantine, Delete, Delete via BC	1417150464			MD5=0ADF4A9108EA7C856996C2FB52219EEE 889.01 kb, rsAh, created: 07.12.2022 18:20:39, modified: 06.11.2022 15:06:46	7976
C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_KeyboardKeys.dll Script: Quarantine, Delete, Delete via BC	1401487360			MD5=4CC23D33F78DEF15AA44C2B56A9552E1 63.52 kb, rsAh, created: 07.12.2022 18:20:39, modified: 06.11.2022 15:06:48	7976
C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_KeyboardKeysWrapper.dll Script: Quarantine, Delete, Delete via BC	1428160512			MD5=E9A7359112FC1A83CD2EFA49D3307988 136.63 kb, rsAh, created: 07.12.2022 18:20:35, modified: 06.11.2022 22:49:24	7976
C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_LightingEffects.dll Script: Quarantine, Delete, Delete via BC	1416495104	Razer Chroma Engine	Razer Copyright (C) 2022	MD5=AC8EBF6E3EA1291FAA166FED84C4B0A9 610.01 kb, rsAh, created: 07.12.2022 18:20:31, modified: 06.11.2022 15:06:50	7976
C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_LightingImportExport.dll Script: Quarantine, Delete, Delete via BC	1415577600	Razer Chroma Engine	Razer Copyright (C) 2017	MD5=A0398E259D1150A3D8962D3700861CD5 865.01 kb, rsAh, created: 07.12.2022 18:20:31, modified: 06.11.2022 15:06:52	7976
C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_ManagedCommon.dll Script: Quarantine, Delete, Delete via BC	1415446528			MD5=CDF5A5C5DD3704737A9290628C71877A 90.52 kb, rsAh, created: 07.12.2022 18:20:39, modified: 06.11.2022 15:06:52	7976
C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_ManagedMacros.dll Script: Quarantine, Delete, Delete via BC	1414791168			MD5=3C86DE59E6CE97A29DF0088517090A58 587.02 kb, rsAh, created: 07.12.2022 18:20:31, modified: 06.11.2022 15:06:54	7976
C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_MappingTypesM.dll Script: Quarantine, Delete, Delete via BC	1414397952			MD5=6D8E9462925B281B0CC14B0880D51BB6 320.52 kb, rsAh, created: 07.12.2022 18:20:39, modified: 06.11.2022 15:06:58	7976
C:\ProgramData\Razer\Synapse3\Service\Bin\RzLightingEngine.dll Script: Quarantine, Delete, Delete via BC	1427636224	Razer Lighting Engine	Copyright © 2021 Razer Inc. All rights reserved	MD5=CF83D6B7F3E0E9880A4B832920E2D91A 466.41 kb, rsAh, created: 07.12.2022 18:20:31, modified: 26.10.2021 05:20:54	7976
C:\ProgramData\Razer\Synapse3\Service\Lib\DetectManager\rzS3detmgr.dll Script: Quarantine, Delete, Delete via BC	1401094144	Razer Device Detection Manager	Copyright © 2022 Razer Inc. All rights reserved	MD5=44648D0D52588AE0DA8BCA7050D01A4B 365.30 kb, rsAh, created: 07.12.2022 18:20:43, modified: 18.10.2022 03:19:54	7976
C:\Users\retox\AppData\Local\Discord\app-1.0.9007\ffmpeg.dll Script: Quarantine, Delete, Delete via BC	1392312320			MD5=F190360F49791D3B9DE761227008BA14 2551.77 kb, rsAh, created: 08.12.2022 13:45:43, modified: 21.10.2022 11:28:10	22920, 22536, 20872, 24512, 21912, 22392
C:\Users\retox\AppData\Local\Discord\app-1.0.9007\libegl.dll Script: Quarantine, Delete, Delete via BC	1366753280	ANGLE libEGL Dynamic Link Library	Copyright (C) 2015 Google Inc.	MD5=4351061539C06A5AEFC16D6B93A3DB6C 364.77 kb, rsAh, created: 08.12.2022 13:45:44, modified: 21.10.2022 11:28:10	22392
C:\Users\retox\AppData\Local\Discord\app-1.0.9007\libglesv2.dll Script: Quarantine, Delete, Delete via BC	1367146496	ANGLE libGLESv2 Dynamic Link Library	Copyright (C) 2015 Google Inc.	MD5=A737CE8E27A321B021EF52E0997CE612 6780.77 kb, rsAh, created: 08.12.2022 13:45:44, modified: 21.10.2022 11:28:10	22392
C:\Users\retox\AppData\Local\Discord\app-1.0.9007\modules\discord_cloudsync-1\discord_cloudsync\discord_cloudsync.node Script: Quarantine, Delete, Delete via BC	2053242880			MD5=1B3E0CBB5FB333122A8682C49F8EBC55 3732.77 kb, rsAh, created: 08.12.2022 13:45:53, modified: 21.10.2022 14:16:43	22920
C:\Users\retox\AppData\Local\Discord\app-1.0.9007\modules\discord_dispatch-1\discord_dispatch\discord_dispatch.node Script: Quarantine, Delete, Delete via BC	616824832			MD5=E56F9C760A5F4176A3E11525D0852211 7734.27 kb, rsAh, created: 08.12.2022 13:47:20, modified: 21.10.2022 14:16:50	22920
C:\Users\retox\AppData\Local\Discord\app-1.0.9007\modules\discord_erlpack-1\discord_erlpack\discord_erlpack.node Script: Quarantine, Delete, Delete via BC	2007367680			MD5=3BD9162AB40C4696351433D0B8F18F83 541.27 kb, rsAh, created: 08.12.2022 13:45:49, modified: 21.10.2022 14:16:56	22920
C:\Users\retox\AppData\Local\Discord\app-1.0.9007\modules\discord_game_utils-1\discord_game_utils\discord_game_utils.node Script: Quarantine, Delete, Delete via BC	2046951424			MD5=6D62135B1A0E3B4769B248883D7FDC68 907.77 kb, rsAh, created: 08.12.2022 13:45:52, modified: 21.10.2022 14:17:00	22920
C:\Users\retox\AppData\Local\Discord\app-1.0.9007\modules\discord_krisp-1\discord_krisp\discord_krisp.node Script: Quarantine, Delete, Delete via BC	2020999168			MD5=8E0AD46954D5EC7181CEDE4691394AC2 21282.77 kb, rsAh, created: 08.12.2022 13:45:51, modified: 21.10.2022 14:17:21	22920
C:\Users\retox\AppData\Local\Discord\app-1.0.9007\modules\discord_media-1\discord_media\discord_media.node Script: Quarantine, Delete, Delete via BC	2057109504			MD5=16F3BD5B08ACE7FE091FBBA54D12019A 556.27 kb, rsAh, created: 08.12.2022 13:47:19, modified: 21.10.2022 14:17:29	22920
C:\Users\retox\AppData\Local\Discord\app-1.0.9007\modules\discord_modules-1\discord_modules\discord_modules.node Script: Quarantine, Delete, Delete via BC	2058027008			MD5=A532E129439855362CDE228852AB971E 497.27 kb, rsAh, created: 08.12.2022 13:47:20, modified: 21.10.2022 14:17:37	22920
C:\Users\retox\AppData\Local\Discord\app-1.0.9007\modules\discord_overlay2-1\discord_overlay2\discord_overlay2.node Script: Quarantine, Delete, Delete via BC	2047934464			MD5=C3AFD8817184E60F0FB1002BCF467F7F 674.27 kb, rsAh, created: 08.12.2022 13:45:54, modified: 21.10.2022 14:17:43	22920
C:\Users\retox\AppData\Local\Discord\app-1.0.9007\modules\discord_utils-1\discord_utils\discord_utils.node Script: Quarantine, Delete, Delete via BC	2007957504			MD5=4A88BB90E028D5241F55AAA2EB4B9CBD 702.77 kb, rsAh, created: 08.12.2022 13:45:49, modified: 21.10.2022 14:18:05	22920
C:\Users\retox\AppData\Local\Discord\app-1.0.9007\modules\discord_utils-1\discord_utils\node_modules\macos-notification-state\build\Release\notificationstate.node Script: Quarantine, Delete, Delete via BC	1343094784			MD5=3981A8709F12690AD0CFE0B75B06B0EC 434.77 kb, rsAh, created: 08.12.2022 13:45:49, modified: 21.10.2022 14:18:03	22920
C:\Users\retox\AppData\Local\Discord\app-1.0.9007\modules\discord_utils-1\discord_utils\node_modules\windows-notification-state\build\Release\notificationstate.node Script: Quarantine, Delete, Delete via BC	1342570496			MD5=17A299A14E6DD61A2915E5508EEC5693 455.27 kb, rsAh, created: 08.12.2022 13:45:50, modified: 21.10.2022 14:18:01	22920
C:\Users\retox\AppData\Local\Discord\app-1.0.9007\modules\discord_voice-5\discord_voice\discord_voice.node Script: Quarantine, Delete, Delete via BC	2064711680			MD5=B441DBAB6B6C2F83371F5C387A461C23 12638.27 kb, rsAh, created: 08.12.2022 13:45:49, modified: 29.11.2022 15:43:54	22920
C:\Users\retox\AppData\Local\Discord\app-1.0.9007\modules\discord_voice-5\discord_voice\mediapipe.dll Script: Quarantine, Delete, Delete via BC	2015625216			MD5=ACE49A44EC554174073F7266CBAC8880 5138.77 kb, rsAh, created: 08.12.2022 13:45:49, modified: 29.11.2022 15:43:50	22920
C:\Users\retox\AppData\Local\Discord\app-1.0.9007\updater.node Script: Quarantine, Delete, Delete via BC	1362952192			MD5=39C09C1C4D8FC5156532995533036715 3680.27 kb, rsAh, created: 08.12.2022 13:45:44, modified: 21.10.2022 11:28:10	20872
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Mf49f6405#\a0bab4e8c300d48a3adac161b3ac8560\Microsoft.Management.Infrastructure.ni.dll Script: Quarantine, Delete, Delete via BC	2070806528	cs	Copyright (c) Microsoft Corporation. All rights reserved.	MD5=77310BB6EA0957F4648ED0C46732A3A6 501.00 kb, rsAh, created: 08.12.2022 14:09:50, modified: 08.12.2022 14:09:50	2980
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P1706cafe#\e7711dea1a946d6ac44f89515825d4ca\Microsoft.PowerShell.Commands.Diagnostics.ni.dll Script: Quarantine, Delete, Delete via BC	2070413312		Copyright (c) Microsoft Corporation. All rights reserved.	MD5=2A3675B95DF8ED36961FD6BEDF9B1CC5 319.50 kb, rsAh, created: 08.12.2022 14:09:51, modified: 08.12.2022 14:09:51	2980
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W193497eb#\ad50d9cf84fd3c80a5231be9c24f071a\Microsoft.WSMan.Runtime.ni.dll Script: Quarantine, Delete, Delete via BC	1342242816		Copyright (c) Microsoft Corporation. All rights reserved.	MD5=19AFD21BA66C8047FC2EFD9BC00D4C3F 11.50 kb, rsAh, created: 08.12.2022 14:09:55, modified: 08.12.2022 14:09:55	2980
C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\54c227bf307d6189c1e101923c57de80\PresentationFramework.ni.dll Script: Quarantine, Delete, Delete via BC	1670053888	PresentationFramework.dll	© Microsoft Corporation. All rights reserved.	MD5=1FD2B614D40B41CDFF75B249C5A65C26 20610.00 kb, rsAh, created: 08.12.2022 14:09:09, modified: 08.12.2022 14:09:09	9368, 13484, 23104
C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\e92e8f977c6b2ebd3def284049943b4a\PresentationFramework.Aero2.ni.dll Script: Quarantine, Delete, Delete via BC	1605042176	PresentationFramework.Aero2.dll	© Microsoft Corporation. All rights reserved.	MD5=EA5E68A3280363C1DED76766B924C930 551.50 kb, rsAh, created: 08.12.2022 14:09:10, modified: 08.12.2022 14:09:10	9368, 13484
C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9226d02f1fa1a6b94f19ab4a5253496b\PresentationCore.ni.dll Script: Quarantine, Delete, Delete via BC	1691222016	PresentationCore.dll	© Microsoft Corporation. All rights reserved.	MD5=F5EE376682F7C080F5C78DCDADD7008D 12615.00 kb, rsAh, created: 08.12.2022 14:09:04, modified: 08.12.2022 14:09:04	9368, 13484, 23104
C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3e44457596de091b5fff2f14be180933\SMDiagnostics.ni.dll Script: Quarantine, Delete, Delete via BC	1830420480	SMDiagnostics.dll	© Microsoft Corporation. All rights reserved.	MD5=0A3B74A26470803AF94882D672BE73E8 118.50 kb, rsAh, created: 09.12.2022 14:07:32, modified: 09.12.2022 14:07:32	5376, 5544, 13484, 5456, 23104, 7976, 6484
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\f35af71b9a725f2d893e0cb855f65856\System.Configuration.ni.dll Script: Quarantine, Delete, Delete via BC	1830551552	System.Configuration.dll	© Microsoft Corporation. All rights reserved.	MD5=287502BD02ADB82EB0A82364EE8B2279 1035.00 kb, rsAh, created: 08.12.2022 14:09:10, modified: 08.12.2022 14:09:10	9368, 15560, 5376, 5544, 13484, 5456, 2980, 23104, 7976, 6484
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\748e726831f362bceb1eed4aa56b7724\System.Core.ni.dll Script: Quarantine, Delete, Delete via BC	1832517632	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=57A54C3A602CAD0B114FBC1A0ED25E98 8277.00 kb, rsAh, created: 08.12.2022 14:09:01, modified: 08.12.2022 14:09:01	9368, 15560, 7024, 5376, 5544, 13484, 5456, 2980, 23104, 7976, 6484
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\4616baf200d13beb7bc5bcb8e0f10ed9\System.Data.ni.dll Script: Quarantine, Delete, Delete via BC	1796210688	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=CC58EFF22729928DBDA884DDB483CCA2 8314.00 kb, rsAh, created: 08.12.2022 14:09:24, modified: 08.12.2022 14:09:24	7024, 5376, 5544, 2980, 23104, 7976, 6484
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\504082b8f12bade8c80f0ed80c3c7aba\System.Drawing.ni.dll Script: Quarantine, Delete, Delete via BC	1859649536	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=69627C960EC88CEA27D651E575876D0C 1657.50 kb, rsAh, created: 08.12.2022 14:09:18, modified: 08.12.2022 14:09:18	9368, 15560, 13484, 5456, 2980, 23104, 7976
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IO.Cb3b124c8#\e564499a708deefd1d67ceaa4602f2ff\System.IO.Compression.ni.dll Script: Quarantine, Delete, Delete via BC	1708589056	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=FEE3CC8847CB9564C6BDA3AA39111ABB 175.00 kb, rsAh, created: 08.12.2022 14:09:22, modified: 08.12.2022 14:09:22	5544
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\36f35c159590e22559bfcb673c2c40a0\System.Management.ni.dll Script: Quarantine, Delete, Delete via BC	1815085056	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=21A08B9DA8EDC5344E970ED09978C2B2 1205.50 kb, rsAh, created: 08.12.2022 14:09:22, modified: 08.12.2022 14:09:22	9368, 7024, 5376, 5544, 2980, 23104, 7976, 6484
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.22cc68a8#\8c8f338f6b62837d47d34e976e552432\System.Net.Http.WebRequest.ni.dll Script: Quarantine, Delete, Delete via BC	1357250560	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=AD6F72B839B8D1113C3BC18BB4D728EE 36.00 kb, rsAh, created: 09.12.2022 14:07:32, modified: 09.12.2022 14:07:32	23104
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\19652d745cb4eda22956b0173731d4fc\System.Net.Http.ni.dll Script: Quarantine, Delete, Delete via BC	1767440384	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=C1523BB96E35018ED335799CBAF1673C 541.50 kb, rsAh, created: 08.12.2022 14:09:10, modified: 08.12.2022 14:09:10	5544, 23104, 7976
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\958c681138804c40c9f092c439e39a63\System.Numerics.ni.dll Script: Quarantine, Delete, Delete via BC	1817968640	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=FDA0F5FE0729D661DC0566489612DD1A 273.00 kb, rsAh, created: 08.12.2022 14:09:22, modified: 08.12.2022 14:09:22	7024, 5376, 5544, 2980, 23104, 7976, 6484
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\2f632debdd8a142e4d47a92fc18ee1aa\System.Runtime.Serialization.ni.dll Script: Quarantine, Delete, Delete via BC	1809186816	System.Runtime.Serialization.dll	© Microsoft Corporation. All rights reserved.	MD5=BA19193694DEDD50C35EFE917980CBBA 2882.50 kb, rsAh, created: 08.12.2022 14:09:11, modified: 08.12.2022 14:09:11	7024, 5376, 5544, 13484, 5456, 23104, 7976, 6484
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\9313788af4ca7ebd64aa5a86e27d84da\System.ServiceProcess.ni.dll Script: Quarantine, Delete, Delete via BC	1861877760	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=92FB22D2D0A3CAE3280698D3A4670FCB 231.50 kb, rsAh, created: 08.12.2022 14:09:29, modified: 08.12.2022 14:09:29	5376, 5544, 5456, 2980, 23104, 7976, 6484
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\d81d6bfa695756d26d83abfca2fa23ff\System.ServiceModel.ni.dll Script: Quarantine, Delete, Delete via BC	1768030208	System.ServiceModel.dll	© Microsoft Corporation. All rights reserved.	MD5=501F0EF9FD29636D352AFB16B7C21081 20516.50 kb, rsAh, created: 08.12.2022 14:09:29, modified: 08.12.2022 14:09:29	5376, 5544, 13484, 5456, 23104, 7976
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3c28369a9fce2fbae2d50f971bc46aff\System.Windows.Forms.ni.dll Script: Quarantine, Delete, Delete via BC	1843265536	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=D1C8DBEF07F49AD2FAF15CB962A8CED4 14957.50 kb, rsAh, created: 08.12.2022 14:09:20, modified: 08.12.2022 14:09:20	9368, 15560, 5456, 2980, 23104, 7976
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f4a37e3b96fc54174bf7e29bf7c8564b\System.Xaml.ni.dll Script: Quarantine, Delete, Delete via BC	1665138688	System.Xaml.dll	© Microsoft Corporation. All rights reserved.	MD5=4B16C967B1F6D292086FE14362220065 2050.50 kb, rsAh, created: 08.12.2022 14:09:11, modified: 08.12.2022 14:09:11	9368, 13484, 23104, 7976
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\cf030ec1c606e7b8a560a909b7c44e59\System.Xml.Linq.ni.dll Script: Quarantine, Delete, Delete via BC	1739784192	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=0CDDADB97D5ABB85AE3ED6F0E991B678 399.00 kb, rsAh, created: 08.12.2022 14:09:13, modified: 08.12.2022 14:09:13	23104, 7976, 6484
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\5b6909511ac835002863faa7fb286842\System.Xml.ni.dll Script: Quarantine, Delete, Delete via BC	1822490624	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=0DA11CA3BB3A4DE5499354B069779287 7586.00 kb, rsAh, created: 08.12.2022 14:09:13, modified: 08.12.2022 14:09:13	9368, 15560, 7024, 5376, 5544, 13484, 5456, 2980, 23104, 7976, 6484
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\8eab095ce7d0b47146979fc29f6b38ff\System.ni.dll Script: Quarantine, Delete, Delete via BC	1862598656	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=9B9F92B275B72AD8D1555044CA494B88 10337.00 kb, rsAh, created: 08.12.2022 14:08:59, modified: 08.12.2022 14:08:59	9368, 15560, 7024, 5376, 5544, 13484, 5456, 2980, 23104, 7976, 6484
C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\159c138a10427c6a1ef900b628a53ef3\WindowsBase.ni.dll Script: Quarantine, Delete, Delete via BC	1704263680	WindowsBase.dll	© Microsoft Corporation. All rights reserved.	MD5=78D0260C3666AD3081D3661715DFDD0F 4192.50 kb, rsAh, created: 08.12.2022 14:09:02, modified: 08.12.2022 14:09:02	9368, 13484, 23104, 7976
C:\Windows\system32\AsIO3.dll Script: Quarantine, Delete, Delete via BC	1831665664		Copyright (C) 2020	MD5=58FDD9C0444734D6EB06B233F7DF4F0A 523.95 kb, rsAh, created: 07.12.2022 12:56:50, modified: 14.06.2022 13:37:54	8304, 4188, 15696, 15768, 6680, 13160
C:\Windows\SYSTEM32\CONCRT140.dll Script: Quarantine, Delete, Delete via BC	1878458368	Microsoft® Concurrency Runtime Library	© Microsoft Corporation. All rights reserved.	MD5=39073E37118A0E0326DBBF0EF8D263C9 243.91 kb, rsAh, created: 10.06.2022 19:49:52, modified: 10.06.2022 19:49:52	6404, 7976
C:\Windows\system32\nvspcap.dll Script: Quarantine, Delete, Delete via BC	1424752640	NVIDIA Game Proxy	(C) NVIDIA Corporation. All rights reserved.	MD5=453CFBE54312D0EC330A8F6E35FC4323 2172.55 kb, rsAh, created: 08.12.2022 17:25:11, modified: 17.10.2022 01:25:23	15408
Modules found:536, recognized as trusted 301

Kernel Space Modules Viewer

Module	Redirector	Base address	Size in memory	Description	Manufacturer
C:\Windows\system32\drivers\wd\WdFilter.sys 462.28 kb, rsAh, created: 08.12.2022 18:49:12, modified: 08.12.2022 18:49:12 Script: Quarantine, Delete, Delete via BC	x64	4D970000	00077000 (487424)	Microsoft antimalware file system filter driver	© Microsoft Corporation. All rights reserved.
C:\Windows\system32\drivers\MsIo64.sys 18.06 kb, rsAh, created: 07.12.2022 13:00:47, modified: 09.06.2022 00:54:48 Script: Quarantine, Delete, Delete via BC	x64	63FE0000	00007000 (28672)	MICSYS IO driver	Copyright (c) 2021 MICSYS
C:\Windows\system32\drivers\CtiAIo64.sys 31.56 kb, rsAh, created: 09.12.2022 21:23:42, modified: 09.12.2022 21:23:42 Script: Quarantine, Delete, Delete via BC	x64	640D0000	0000A000 (40960)	CTIA IO driver	Copyright (c) 2021 CTI
C:\Windows\system32\drivers\AsIO3.sys 48.10 kb, rsAh, created: 07.12.2022 12:56:50, modified: 15.08.2022 23:40:22 Script: Quarantine, Delete, Delete via BC	x64	64100000	0000C000 (49152)
C:\Windows\System32\Drivers\dump_dumpstorport.sys error getting file info Script: Quarantine, Delete, Delete via BC	x64	815C0000	00011000 (69632)
C:\Windows\System32\drivers\dump_stornvme.sys error getting file info Script: Quarantine, Delete, Delete via BC	x64	81620000	0003B000 (241664)
C:\Windows\System32\Drivers\dump_dumpfve.sys error getting file info Script: Quarantine, Delete, Delete via BC	x64	81680000	0001E000 (122880)
C:\Windows\system32\drivers\wd\WdNisDrv.sys 97.28 kb, rsAh, created: 08.12.2022 18:49:12, modified: 08.12.2022 18:49:12 Script: Quarantine, Delete, Delete via BC	x64	ABEB0000	0001C000 (114688)	Windows Defender Network Stream Filter	© Microsoft Corporation. All rights reserved.
C:\Windows\temp\cpuz154\cpuz154_x64.sys 40.02 kb, rsAh, created: 09.12.2022 23:31:39, modified: 09.12.2022 23:31:39 Script: Quarantine, Delete, Delete via BC	x64	46790000	0000C000 (49152)	CPUID Driver	Copyright(C) 2022 CPUID
C:\Windows\system32\drivers\IOMap64.sys 45.63 kb, rsah, created: 07.12.2022 12:57:28, modified: 01.09.2022 17:28:14 Script: Quarantine, Delete, Delete via BC	x64	46810000	0000C000 (49152)	ASUS Kernel Mode Driver for NT	Copyright 2020 ASUSTeK Computer Inc.
Items found - 207, recognized as trusted - 197

Services

Service	Description	Status	File name	Redirector	Description	Manufacturer	Group	Dependencies
ArmouryCrateService Service: Stop, Delete, Disable, Delete via BC	ARMOURY CRATE Service	Running	C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe 385.61 kb, rsAh, created: 27.09.2022 08:06:40, modified: 27.09.2022 08:06:40 Script: Quarantine, Delete, Delete via BC	x64	ARMOURY CRATE Service	©ASUSTeK Computer Inc.All rights reserved.
asComSvc Service: Stop, Delete, Disable, Delete via BC	ASUS Com Service	Running	C:\Program Files (x86)\ASUS\AXSP\4.02.22\atkexComSvc.exe 873.85 kb, rsAh, created: 07.12.2022 13:02:28, modified: 31.10.2022 09:50:26 Script: Quarantine, Delete, Delete via BC	x64	ASUS Com Service	ASUSTeK Computer Inc. All rights reserved.	UIGroup	RPCSS
asus Service: Stop, Delete, Disable, Delete via BC	ASUS Update Service (asus)	Not started	C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe 149.52 kb, rsAh, created: 09.12.2022 21:20:02, modified: 09.12.2022 21:20:00 Script: Quarantine, Delete, Delete via BC	x64	ASUS Update	Copyright 2019 ASUSTeK Computer Inc.		RPCSS
AsusCertService Service: Stop, Delete, Disable, Delete via BC	AsusCertService	Running	C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe 545.02 kb, rsAh, created: 07.12.2022 12:56:50, modified: 19.05.2022 09:49:12 Script: Quarantine, Delete, Delete via BC	x64	AsusCertService.exe	(c) ASUSTek COMPUTER INC. All rights reserved.	Event Log	RPCSS
AsusFanControlService Service: Stop, Delete, Disable, Delete via BC	AsusFanControlService	Running	C:\Program Files (x86)\ASUS\AsusFanControlService\2.03.19\AsusFanControlService.exe 1681.85 kb, rsAh, created: 07.12.2022 13:02:29, modified: 01.11.2022 17:05:24 Script: Quarantine, Delete, Delete via BC	x64	ASUS Motherboard Fan Control Service	ASUSTeK Computer Inc. All rights reserved.		RPCSS
asusm Service: Stop, Delete, Disable, Delete via BC	ASUS Update Service (asusm)	Not started	C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe 149.52 kb, rsAh, created: 09.12.2022 21:20:02, modified: 09.12.2022 21:20:00 Script: Quarantine, Delete, Delete via BC	x64	ASUS Update	Copyright 2019 ASUSTeK Computer Inc.		RPCSS
AsusROGLSLService Service: Stop, Delete, Disable, Delete via BC	AsusROGLSLService Download ROGLSLoader	Not started	C:\Program Files (x86)\ASUS\AsusROGLSLService\AsusROGLSLService.exe 662.36 kb, rsAh, created: 09.12.2022 21:18:49, modified: 09.12.2022 21:18:49 Script: Quarantine, Delete, Delete via BC	x64		Copyright (C) 2019
AsusUpdateCheck Service: Stop, Delete, Disable, Delete via BC	AsusUpdateCheck	Not started	C:\Windows\System32\AsusUpdateCheck.exe 1129.97 kb, rsAh, created: 07.12.2022 15:36:03, modified: 09.12.2022 23:31:33 Script: Quarantine, Delete, Delete via BC	x64	WPBT_with_Universal_LAN_20210610_I225only_V1.0.2.14	Copyright (C) 2019
CMigrationService Service: Stop, Delete, Disable, Delete via BC	CMigrationService	Running	C:\Program Files (x86)\Samsung\Samsung Magician\MigrationService\MigrationService.exe 743.57 kb, rsAh, created: 07.12.2022 19:28:04, modified: 01.09.2022 20:21:04 Script: Quarantine, Delete, Delete via BC	x64	MigrationService	Copyright (C) 2021. Clonix Co., Ltd
CorsairLLAService Service: Stop, Delete, Disable, Delete via BC	Corsair LLA Service	Running	C:\Program Files\Corsair\CORSAIR iCUE 4 Software\CueLLAccessService.exe 233.04 kb, rsAh, created: 14.11.2022 14:19:10, modified: 14.11.2022 14:19:10 Script: Quarantine, Delete, Delete via BC	x64	iCUE service for interaction with CorsairLLAccess driver	Corsair Memory, Inc. © 2020, All rights reserved
CorsairService Service: Stop, Delete, Disable, Delete via BC	Corsair Service	Running	C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.exe 82.04 kb, rsAh, created: 14.11.2022 14:11:08, modified: 14.11.2022 14:11:08 Script: Quarantine, Delete, Delete via BC	x64	Corsair.Service	Copyright 2018 © Corsair Memory, Inc.		RpcSs
CorsairUniwillService Service: Stop, Delete, Disable, Delete via BC	Corsair Uniwill Cooling Service	Not started	C:\Program Files\Corsair\CORSAIR iCUE 4 Software\CueUniwillService.exe 105.54 kb, rsAh, created: 14.11.2022 14:19:16, modified: 14.11.2022 14:19:16 Script: Quarantine, Delete, Delete via BC	x64	iCUE service for interaction with CorsairUniwill driver	Corsair Memory, Inc. © 2020, All rights reserved
DSAService Service: Stop, Delete, Disable, Delete via BC	Intel(R) Driver & Support Assistant	Running	C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe 40.27 kb, rsAh, created: 26.10.2022 10:06:24, modified: 26.10.2022 10:06:24 Script: Quarantine, Delete, Delete via BC	x64	DSAService	Copyright © Intel Corporation
DSAUpdateService Service: Stop, Delete, Disable, Delete via BC	Intel(R) Driver & Support Assistant Updater	Running	C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe 196.77 kb, rsAh, created: 26.10.2022 10:02:46, modified: 26.10.2022 10:02:46 Script: Quarantine, Delete, Delete via BC	x64	DSAUpdateService	Copyright © Intel Corporation
Futuremark SystemInfo Service Service: Stop, Delete, Disable, Delete via BC	Futuremark SystemInfo Service	Not started	C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe 339.27 kb, rsAh, created: 22.11.2022 10:11:56, modified: 22.11.2022 10:11:56 Script: Quarantine, Delete, Delete via BC	x64	Futuremark SystemInfo Service	Copyright (C) Futuremark 2014		RPCSS
FvSvc Service: Stop, Delete, Disable, Delete via BC	NVIDIA FrameView SDK service	Not started	C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe 392.54 kb, rsAh, created: 07.12.2022 18:27:50, modified: 07.09.2022 09:56:16 Script: Quarantine, Delete, Delete via BC	x64		Copyright (C) 2018-2022, NVIDIA CORPORATION. All rights reserved
GameSDK Service Service: Stop, Delete, Disable, Delete via BC	GameSDK Service	Running	C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe 388.23 kb, rsAh, created: 31.05.2022 13:19:42, modified: 31.05.2022 13:19:42 Script: Quarantine, Delete, Delete via BC	x64	GameSDK	Copyright (C) ASUS Tek Computer Inc 2021
iCUEDevicePluginHost Service: Stop, Delete, Disable, Delete via BC	iCUE device plugin host service	Running	C:\Program Files\Corsair\CORSAIR iCUE 4 Software\iCUEDevicePluginHost.exe 450.54 kb, rsAh, created: 14.11.2022 14:19:18, modified: 14.11.2022 14:19:18 Script: Quarantine, Delete, Delete via BC	x64	Corsair iCUE Component	Corsair Memory, Inc. © 2022, All rights reserved
LGHUBUpdaterService Service: Stop, Delete, Disable, Delete via BC	LGHUB Updater Service	Running	C:\Program Files\LGHUB\lghub_updater.exe 9985.75 kb, rsAh, created: 07.12.2022 19:32:02, modified: 07.12.2022 19:31:59 Script: Quarantine, Delete, Delete via BC	x64	LGHUB Updater	Copyright © Logitech, Inc. 2022
LightingService Service: Stop, Delete, Disable, Delete via BC	LightingService	Running	C:\Program Files (x86)\LightingService\LightingService.exe 3796.85 kb, rsAh, created: 26.09.2022 18:46:32, modified: 26.09.2022 18:46:32 Script: Quarantine, Delete, Delete via BC	x64	LightingService	Copyright (C) ASUSTek Computer Inc. 2015-2017		RPCSS
MicrosoftEdgeElevationService Service: Stop, Delete, Disable, Delete via BC	Microsoft Edge Elevation Service (MicrosoftEdgeElevationService)	Not started	C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.42\elevation_service.exe 1698.41 kb, rsAh, created: 07.12.2022 15:41:26, modified: 05.12.2022 01:55:40 Script: Quarantine, Delete, Delete via BC	x64	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.		RPCSS
MozillaMaintenance Service: Stop, Delete, Disable, Delete via BC	Mozilla Maintenance Service	Not started	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 225.91 kb, rsAh, created: 07.12.2022 13:04:53, modified: 28.11.2022 11:24:19 Script: Quarantine, Delete, Delete via BC	x64		License: MPL 2
Origin Client Service Service: Stop, Delete, Disable, Delete via BC	Origin Client Service	Not started	C:\Program Files (x86)\Origin\OriginClientService.exe 2518.81 kb, rsAh, created: 08.12.2022 11:15:04, modified: 08.12.2022 11:14:54 Script: Quarantine, Delete, Delete via BC	x64	OriginClientService	Copyright (C) 2012
Origin Web Helper Service Service: Stop, Delete, Disable, Delete via BC	Origin Web Helper Service	Running	C:\Program Files (x86)\Origin\OriginWebHelperService.exe 3415.82 kb, rsAh, created: 08.12.2022 11:15:05, modified: 08.12.2022 11:14:55 Script: Quarantine, Delete, Delete via BC	x64	OriginWebHelperService	Copyright (C) 2015
Razer Game Manager Service Service: Stop, Delete, Disable, Delete via BC	Razer Game Manager	Running	C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe 248.27 kb, rsAh, created: 15.11.2021 23:01:19, modified: 15.11.2021 23:01:20 Script: Quarantine, Delete, Delete via BC	x64	GameManagerService	Copyright © 2021 Razer Inc. All rights reserved.
Razer Synapse Service Service: Stop, Delete, Disable, Delete via BC	Razer Synapse Service	Running	C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe 293.51 kb, rsAh, created: 06.11.2022 22:57:58, modified: 06.11.2022 22:57:58 Script: Quarantine, Delete, Delete via BC	x64	Razer Synapse Service	Copyright © 2015		RzActionSvc
ROG Live Service Service: Stop, Delete, Disable, Delete via BC	ROG Live Service	Running	C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe 6581.11 kb, rsAh, created: 21.09.2022 16:53:30, modified: 21.09.2022 16:53:30 Script: Quarantine, Delete, Delete via BC	x64	ROG Live Service	Copyright (C) 2019
RzActionSvc Service: Stop, Delete, Disable, Delete via BC	Razer Central Service	Running	C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe 525.30 kb, rsAh, created: 24.10.2022 00:04:36, modified: 24.10.2022 00:05:19 Script: Quarantine, Delete, Delete via BC	x64	Razer Central Service	Copyright © 2022 Razer Inc. All rights reserved.
SamsungMagicianSVC Service: Stop, Delete, Disable, Delete via BC	SamsungMagicianSVC	Running	C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe 363.07 kb, rsAh, created: 07.12.2022 19:26:26, modified: 01.09.2022 20:20:24 Script: Quarantine, Delete, Delete via BC	x64	SamsungMagicianSVC	COPYRIGHT. 2022 SAMSUNG ELECTRONICS CO., LTD. ALL RIGHTS RESERVED		RPCSS
Steam Client Service Service: Stop, Delete, Disable, Delete via BC	Steam Client Service	Running	C:\Program Files (x86)\Common Files\Steam\steamservice.exe 2601.35 kb, rsAh, created: 07.12.2022 13:16:28, modified: 01.12.2022 17:46:38 Script: Quarantine, Delete, Delete via BC	x64	Steam Client Service	Copyright (C) Valve Corporation
WdNisSvc Service: Stop, Delete, Disable, Delete via BC	Microsoft Defender Antivirus Network Inspection Service	Running	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\NisSrv.exe 3116.47 kb, rsAh, created: 08.12.2022 18:49:12, modified: 08.12.2022 18:49:11 Script: Quarantine, Delete, Delete via BC	x64	Microsoft Network Realtime Inspection Service	© Microsoft Corporation. All rights reserved.		WdNisDrv
WinDefend Service: Stop, Delete, Disable, Delete via BC	Microsoft Defender Antivirus Service	Running	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe 130.46 kb, rsAh, created: 08.12.2022 18:49:12, modified: 08.12.2022 18:49:11 Script: Quarantine, Delete, Delete via BC	x64	Antimalware Service Executable	© Microsoft Corporation. All rights reserved.		RpcSs
Items found - 300, recognized as trusted - 268

Drivers

Service	Description	Status	File name	Redirector	Description	Manufacturer	Group	Dependencies
Asusgio3 Driver: Unload, Delete, Disable, Delete via BC	Asusgio3	Running	C:\Windows\system32\drivers\AsIO3.sys 48.10 kb, rsAh, created: 07.12.2022 12:56:50, modified: 15.08.2022 23:40:22 Script: Quarantine, Delete, Delete via BC	x64
atvi-randgrid Driver: Unload, Delete, Disable, Delete via BC	atvi-randgrid	Not started	C:\ProgramData\Battle.net_components\randgridauks\randgrid.sys 2454.29 kb, rsAh, created: 08.12.2022 11:57:02, modified: 08.12.2022 11:57:03 Script: Quarantine, Delete, Delete via BC	x64	Randgrid Driver	(C)2022 Activision Blizzard, Inc.
cpuz154 Driver: Unload, Delete, Disable, Delete via BC	cpuz154	Running	C:\Windows\temp\cpuz154\cpuz154_x64.sys 40.02 kb, rsAh, created: 09.12.2022 23:31:39, modified: 09.12.2022 23:31:39 Script: Quarantine, Delete, Delete via BC	x64	CPUID Driver	Copyright(C) 2022 CPUID
CTIAIO Driver: Unload, Delete, Disable, Delete via BC	CTIAIO	Running	C:\Windows\system32\drivers\CtiAIo64.sys 31.56 kb, rsAh, created: 09.12.2022 21:23:42, modified: 09.12.2022 21:23:42 Script: Quarantine, Delete, Delete via BC	x64	CTIA IO driver	Copyright (c) 2021 CTI
IOMap Driver: Unload, Delete, Disable, Delete via BC	IOMap	Running	C:\Windows\system32\drivers\IOMap64.sys 45.63 kb, rsah, created: 07.12.2022 12:57:28, modified: 01.09.2022 17:28:14 Script: Quarantine, Delete, Delete via BC	x64	ASUS Kernel Mode Driver for NT	Copyright 2020 ASUSTeK Computer Inc.
MSIO Driver: Unload, Delete, Disable, Delete via BC	MSIO	Running	C:\Windows\system32\drivers\MsIo64.sys 18.06 kb, rsAh, created: 07.12.2022 13:00:47, modified: 09.06.2022 00:54:48 Script: Quarantine, Delete, Delete via BC	x64	MICSYS IO driver	Copyright (c) 2021 MICSYS
WdBoot Driver: Unload, Delete, Disable, Delete via BC	Microsoft Defender Antivirus Boot Driver	Not started	C:\Windows\system32\drivers\wd\WdBoot.sys 48.41 kb, rsAh, created: 08.12.2022 18:49:12, modified: 08.12.2022 18:49:12 Script: Quarantine, Delete, Delete via BC	x64	Microsoft antimalware boot driver	© Microsoft Corporation. All rights reserved.	Early-Launch
WdFilter Driver: Unload, Delete, Disable, Delete via BC	Microsoft Defender Antivirus Mini-Filter Driver	Running	C:\Windows\system32\drivers\wd\WdFilter.sys 462.28 kb, rsAh, created: 08.12.2022 18:49:12, modified: 08.12.2022 18:49:12 Script: Quarantine, Delete, Delete via BC	x64	Microsoft antimalware file system filter driver	© Microsoft Corporation. All rights reserved.	FSFilter Anti-Virus	FltMgr
WdNisDrv Driver: Unload, Delete, Disable, Delete via BC	Microsoft Defender Antivirus Network Inspection System Driver	Running	C:\Windows\system32\drivers\wd\WdNisDrv.sys 97.28 kb, rsAh, created: 08.12.2022 18:49:12, modified: 08.12.2022 18:49:12 Script: Quarantine, Delete, Delete via BC	x64	Windows Defender Network Stream Filter	© Microsoft Corporation. All rights reserved.		BFE
Items found - 406, recognized as trusted - 397

Autoruns

File name	Redirector	Startup method	Description
C:\Windows\System32\icardres.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\CardSpace 4.0.0.0, EventMessageFile
C:\Windows\System32\icardres.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\CardSpace 4.0.0.0, CategoryMessageFile
C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.42\eventlog_provider.dll 16.41 kb, rsAh, created: 07.12.2022 15:41:26, modified: 05.12.2022 01:55:25 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Edge, EventMessageFile
C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.42\eventlog_provider.dll 16.41 kb, rsAh, created: 07.12.2022 15:41:26, modified: 05.12.2022 01:55:25 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Edge, CategoryMessageFile
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.37\msedgeupdate.dll 2087.92 kb, rsAh, created: 08.12.2022 11:14:24, modified: 08.12.2022 11:14:24 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\edgeupdate, EventMessageFile
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.37\msedgeupdate.dll 2087.92 kb, rsAh, created: 08.12.2022 11:14:24, modified: 08.12.2022 11:14:24 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\edgeupdatem, EventMessageFile
C:\Program Files (x86)\Steam\bin\steamservice.exe 2601.35 kb, rsAh, created: 21.03.2022 21:23:12, modified: 01.12.2022 17:46:38 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Steam Client Service, EventMessageFile
C:\30d9e3ebf0e76393b1\DW\DW20.exe error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSSetup, EventMessageFile
C:\Windows\System32\DriverStore\FileRepository\e2f.inf_amd64_2d5cb0c750512550\e2fmsg.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\e2fexpress, EventMessageFile
%13%\ibtusb.sys error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ibtusb, EventMessageFile
C:\Windows\system32\drivers\iaLPSS2_GPIO2_ADL.sys error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Intel-iaLPSS2-GPIO2, EventMessageFile
C:\Windows\system32\drivers\iaLPSS2_I2C_ADL.sys error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Intel-iaLPSS2-I2C, EventMessageFile
C:\Windows\System32\Drivers\UMDF\UsbccidDriver.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-USB-CCID, EventMessageFile
C:\Windows\UUS\x86\wuaueng.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WindowsUpdateClient, EventMessageFile
%13%\Netwtw10.sys error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Netwtw10, EventMessageFile
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 3786.41 kb, rsAh, created: 11.04.2022 13:47:49, modified: 05.12.2022 01:54:53 Script: Quarantine, Delete, Delete via BC	x64	Shortcut in Startup folder	C:\Users\retox\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\retox\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk,
C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe 285.27 kb, rsAh, created: 26.10.2022 10:04:16, modified: 26.10.2022 10:04:16 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, Intel Driver & Support Assistant Delete
C:\Program Files (x86)\ASUS\AsusFCNotification\AsusFCNotification.exe 315.39 kb, rsAh, created: 27.07.2022 17:27:42, modified: 27.07.2022 17:27:42 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, AsusFCNotification Delete
C:\Users\retox\AppData\Local\Microsoft\OneDrive\OneDrive.exe 2564.92 kb, rsAh, created: 07.12.2022 12:46:42, modified: 09.12.2022 17:55:08 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, OneDrive Delete
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 3786.41 kb, rsAh, created: 11.04.2022 13:47:49, modified: 05.12.2022 01:54:53 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, MicrosoftEdgeAutoLaunch_7B0D5621E51254E18ABAFD4DB7AC2A81 Delete
C:\Program Files (x86)\Steam\steam.exe 4145.85 kb, rsAh, created: 21.03.2022 21:23:12, modified: 01.12.2022 17:46:38 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Steam Delete
C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe 23596.25 kb, rsAh, created: 07.12.2022 19:32:04, modified: 07.12.2022 19:31:59 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, LGHUB Delete
C:\Users\retox\AppData\Local\Discord\Update.exe 1489.27 kb, rsAh, created: 08.12.2022 13:45:42, modified: 21.10.2022 12:16:06 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Discord Delete
Discord.exe error getting file info Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Discord Delete
C:\Windows\system32\bootim.exe error getting file info Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\, BootShell
C:\Windows\System32\win32k.sys error getting file info Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Kmode
C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer error getting file info Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_USERS, .DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run, Synapse3 Delete
3.exe error getting file info Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_USERS, .DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run, Synapse3 Delete
C:\Windows\System32\OneDriveSetup.exe error getting file info Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_USERS, S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run, OneDriveSetup Delete
C:\Windows\System32\OneDriveSetup.exe error getting file info Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_USERS, S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run, OneDriveSetup Delete
C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer error getting file info Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_USERS, S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run, Synapse3 Delete
3.exe error getting file info Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_USERS, S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run, Synapse3 Delete
C:\Program Files\Corsair\CORSAIR iCUE 4 Software\iCUE Launcher.exe 181.04 kb, rsAh, created: 14.11.2022 14:17:38, modified: 14.11.2022 14:17:38 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, CORSAIR iCUE 4 Software Delete
C:\Users\retox\AppData\Local\Microsoft\OneDrive\OneDrive.exe 2564.92 kb, rsAh, created: 07.12.2022 12:46:42, modified: 09.12.2022 17:55:08 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, OneDrive Delete
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 3786.41 kb, rsAh, created: 11.04.2022 13:47:49, modified: 05.12.2022 01:54:53 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, MicrosoftEdgeAutoLaunch_7B0D5621E51254E18ABAFD4DB7AC2A81 Delete
C:\Program Files (x86)\Steam\steam.exe 4145.85 kb, rsAh, created: 21.03.2022 21:23:12, modified: 01.12.2022 17:46:38 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Steam Delete
C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe 23596.25 kb, rsAh, created: 07.12.2022 19:32:04, modified: 07.12.2022 19:31:59 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, LGHUB Delete
C:\Users\retox\AppData\Local\Discord\Update.exe 1489.27 kb, rsAh, created: 08.12.2022 13:45:42, modified: 21.10.2022 12:16:06 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Discord Delete
Discord.exe error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Discord Delete
C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_USERS, .DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run, Synapse3 Delete
3.exe error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_USERS, .DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run, Synapse3 Delete
C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_USERS, S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run, Synapse3 Delete
3.exe error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_USERS, S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run, Synapse3 Delete
Items found - 1134, recognized as trusted - 1091

Internet Explorer extension modules (BHOs, Toolbars ...)

File name	Redirector	Type	Description	Manufacturer	CLSID
C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.42\BHO\ie_to_edge_bho.dll 446.41 kb, rsAh, created: 07.12.2022 15:41:26, modified: 05.12.2022 01:54:52 Script: Quarantine, Delete, Delete via BC	x32	BHO	IEToEdge BHO	Copyright Microsoft Corporation. All rights reserved.	{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} Delete
C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.42\BHO\ie_to_edge_bho_64.dll 581.41 kb, rsAh, created: 07.12.2022 15:41:26, modified: 05.12.2022 01:55:09 Script: Quarantine, Delete, Delete via BC	x64	BHO	IEToEdge BHO	Copyright Microsoft Corporation. All rights reserved.	{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} Delete
Items found - 4, recognized as trusted - 2

Windows Explorer extension modules

File name	Redirector	Destination	Description	Manufacturer	CLSID
Items found - 76, recognized as trusted - 76

Printing system extensions (print monitors, providers)

File name	Redirector	Name	Type	Description	Manufacturer
Items found - 7, recognized as trusted - 7

Task Scheduler jobs

File name	Redirector	Job name	Description	Manufacturer	Path	Command line
C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe 302.35 kb, rsAh, created: 09.12.2022 21:21:22, modified: 17.10.2022 10:27:08 Script: Quarantine, Delete, Delete via BC	x64	AcPowerNotification Script: Delete scheduler task	AcPowerNotification	Copyright © 2020	C:\Windows\system32\Tasks\ASUS\	C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe
C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe 1816.35 kb, rsAh, created: 09.12.2022 21:21:22, modified: 17.10.2022 10:29:54 Script: Quarantine, Delete, Delete via BC	x64	ArmourySocketServer Script: Delete scheduler task	ArmourySocketServer	Copyright (C) 2019	C:\Windows\system32\Tasks\ASUS\	C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe 149.52 kb, rsAh, created: 09.12.2022 21:20:02, modified: 09.12.2022 21:20:00 Script: Quarantine, Delete, Delete via BC	x64	ASUSUpdateTaskMachineCore Script: Delete scheduler task	ASUS Update	Copyright 2019 ASUSTeK Computer Inc.	C:\Windows\system32\Tasks\ASUS\	C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /c
C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe 149.52 kb, rsAh, created: 09.12.2022 21:20:02, modified: 09.12.2022 21:20:00 Script: Quarantine, Delete, Delete via BC	x64	ASUSUpdateTaskMachineUA Script: Delete scheduler task	ASUS Update	Copyright 2019 ASUSTeK Computer Inc.	C:\Windows\system32\Tasks\ASUS\	C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /ua /installsource scheduler
C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe 43836.43 kb, rsAh, created: 09.12.2022 21:20:33, modified: 04.11.2022 09:02:14 Script: Quarantine, Delete, Delete via BC	x64	Framework Service Script: Delete scheduler task	ASUS NodeJS Web Framework	Copyright Node.js contributors. MIT license.	C:\Windows\system32\Tasks\ASUS\	C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe
C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe 1225.35 kb, rsAh, created: 09.12.2022 21:24:46, modified: 29.09.2022 17:09:40 Script: Quarantine, Delete, Delete via BC	x64	NoiseCancelingEngine Script: Delete scheduler task	NoiseCancelingEngine	Copyright (C) 2020	C:\Windows\system32\Tasks\ASUS\	C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe
C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG error getting file info Script: Quarantine, Delete, Delete via BC	x64	P508PowerAgent_sdk Script: Delete scheduler task			C:\Windows\system32\Tasks\ASUS\	C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe
CARRY\P508PowerAgent.exe error getting file info Script: Quarantine, Delete, Delete via BC	x64	P508PowerAgent_sdk Script: Delete scheduler task			C:\Windows\system32\Tasks\ASUS\	C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe
C:\Windows\system32\MusNotification.exe error getting file info Script: Quarantine, Delete, Delete via BC	x64	USO_UxBroker Script: Delete scheduler task			C:\Windows\system32\Tasks\Microsoft\Windows\UpdateOrchestrator\	%systemroot%\system32\MusNotification.exe
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe 1554.87 kb, rsAh, created: 08.12.2022 18:49:12, modified: 08.12.2022 18:49:11 Script: Quarantine, Delete, Delete via BC	x64	Windows Defender Cache Maintenance Script: Delete scheduler task	Microsoft Malware Protection Command Line Utility	© Microsoft Corporation. All rights reserved.	C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender\	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe 1554.87 kb, rsAh, created: 08.12.2022 18:49:12, modified: 08.12.2022 18:49:11 Script: Quarantine, Delete, Delete via BC	x64	Windows Defender Cleanup Script: Delete scheduler task	Microsoft Malware Protection Command Line Utility	© Microsoft Corporation. All rights reserved.	C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender\	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe -IdleTask -TaskName WdCleanup
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe 1554.87 kb, rsAh, created: 08.12.2022 18:49:12, modified: 08.12.2022 18:49:11 Script: Quarantine, Delete, Delete via BC	x64	Windows Defender Scheduled Scan Script: Delete scheduler task	Microsoft Malware Protection Command Line Utility	© Microsoft Corporation. All rights reserved.	C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender\	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55 -IdleScheduledJob
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe 1554.87 kb, rsAh, created: 08.12.2022 18:49:12, modified: 08.12.2022 18:49:11 Script: Quarantine, Delete, Delete via BC	x64	Windows Defender Verification Script: Delete scheduler task	Microsoft Malware Protection Command Line Utility	© Microsoft Corporation. All rights reserved.	C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender\	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe -IdleTask -TaskName WdVerification
C:\Program Files\Mozilla Firefox\firefox.exe 646.91 kb, rsAh, created: 07.12.2022 13:04:52, modified: 28.11.2022 11:24:19 Script: Quarantine, Delete, Delete via BC	x64	Firefox Background Update 308046B0AF4A39CB Script: Delete scheduler task	Firefox	©Firefox and Mozilla Developers; available under the MPL 2 license.	C:\Windows\system32\Tasks\Mozilla\	C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate WorkingDirectory=C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log 2.89 kb, rsAh, created: 08.12.2022 11:19:22, modified: 09.12.2022 21:04:59 Script: Quarantine, Delete, Delete via BC	x64	Firefox Background Update 308046B0AF4A39CB Script: Delete scheduler task			C:\Windows\system32\Tasks\Mozilla\	C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate WorkingDirectory=C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB
C:\Program Files\Mozilla Firefox\default-browser-agent.exe 696.41 kb, rsAh, created: 07.12.2022 13:04:52, modified: 28.11.2022 11:24:19 Script: Quarantine, Delete, Delete via BC	x64	Firefox Default Browser Agent 308046B0AF4A39CB Script: Delete scheduler task	Firefox Default Browser Agent	License: MPL 2	C:\Windows\system32\Tasks\Mozilla\	C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log 6.05 kb, rsAh, created: 09.12.2022 12:25:01, modified: 09.12.2022 12:25:01 Script: Quarantine, Delete, Delete via BC	x64	NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} Script: Delete scheduler task			C:\Windows\system32\Tasks\	C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log WorkingDirectory=C:\Program Files\NVIDIA Corporation\NvContainer
C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe 3264.04 kb, rsAh, created: 08.12.2022 17:25:10, modified: 17.10.2022 01:52:57 Script: Quarantine, Delete, Delete via BC	x64	NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} Script: Delete scheduler task	NVIDIA GeForce Experience	(C) 2017-2022 NVIDIA Corporation. All rights reserved.	C:\Windows\system32\Tasks\	"C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe" WorkingDirectory=C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience
C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe 634.55 kb, rsAh, created: 08.12.2022 17:25:08, modified: 13.10.2022 13:05:36 Script: Quarantine, Delete, Delete via BC	x64	NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} Script: Delete scheduler task	NVIDIA nodejs launcher	(C) 2020 NVIDIA Corporation. All rights reserved.	C:\Windows\system32\Tasks\	C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe --launcher=TaskScheduler WorkingDirectory=C:\Program Files (x86)\NVIDIA Corporation\NvNode
C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe 887.55 kb, rsAh, created: 08.12.2022 17:25:07, modified: 13.10.2022 13:05:20 Script: Quarantine, Delete, Delete via BC	x64	NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} Script: Delete scheduler task	NVIDIA driver profile updater	(C) 2020 NVIDIA Corporation. All rights reserved.	C:\Windows\system32\Tasks\	C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe WorkingDirectory=C:\Program Files\NVIDIA Corporation\Update Core
C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe 887.55 kb, rsAh, created: 08.12.2022 17:25:07, modified: 13.10.2022 13:05:20 Script: Quarantine, Delete, Delete via BC	x64	NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} Script: Delete scheduler task	NVIDIA driver profile updater	(C) 2020 NVIDIA Corporation. All rights reserved.	C:\Windows\system32\Tasks\	C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe WorkingDirectory=C:\Program Files\NVIDIA Corporation\Update Core
C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe 1617.05 kb, rsAh, created: 08.12.2022 17:25:08, modified: 13.10.2022 13:05:20 Script: Quarantine, Delete, Delete via BC	x64	NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} Script: Delete scheduler task	NVIDIA crash and telemetry reporter	(C) 2020 NVIDIA Corporation. All rights reserved.	C:\Windows\system32\Tasks\	C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe WorkingDirectory=C:\Program Files\NVIDIA Corporation\NvBackend
C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe 1617.05 kb, rsAh, created: 08.12.2022 17:25:08, modified: 13.10.2022 13:05:20 Script: Quarantine, Delete, Delete via BC	x64	NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} Script: Delete scheduler task	NVIDIA crash and telemetry reporter	(C) 2020 NVIDIA Corporation. All rights reserved.	C:\Windows\system32\Tasks\	C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe WorkingDirectory=C:\Program Files\NVIDIA Corporation\NvBackend
C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe 1617.05 kb, rsAh, created: 08.12.2022 17:25:08, modified: 13.10.2022 13:05:20 Script: Quarantine, Delete, Delete via BC	x64	NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} Script: Delete scheduler task	NVIDIA crash and telemetry reporter	(C) 2020 NVIDIA Corporation. All rights reserved.	C:\Windows\system32\Tasks\	C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe WorkingDirectory=C:\Program Files\NVIDIA Corporation\NvBackend
C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe 1617.05 kb, rsAh, created: 08.12.2022 17:25:08, modified: 13.10.2022 13:05:20 Script: Quarantine, Delete, Delete via BC	x64	NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} Script: Delete scheduler task	NVIDIA crash and telemetry reporter	(C) 2020 NVIDIA Corporation. All rights reserved.	C:\Windows\system32\Tasks\	C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe WorkingDirectory=C:\Program Files\NVIDIA Corporation\NvBackend
C:\Users\retox\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe 4090.92 kb, rsAh, created: 07.12.2022 12:46:42, modified: 09.12.2022 17:55:08 Script: Quarantine, Delete, Delete via BC	x64	OneDrive Reporting Task-S-1-5-21-275161995-3302000363-3747719929-1001 Script: Delete scheduler task	Standalone Updater	© Microsoft Corporation. All rights reserved.	C:\Windows\system32\Tasks\	%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting
C:\Users\retox\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe 4090.92 kb, rsAh, created: 07.12.2022 12:46:42, modified: 09.12.2022 17:55:08 Script: Quarantine, Delete, Delete via BC	x64	OneDrive Standalone Update Task-S-1-5-21-275161995-3302000363-3747719929-1001 Script: Delete scheduler task	Standalone Updater	© Microsoft Corporation. All rights reserved.	C:\Windows\system32\Tasks\	%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe 118746.07 kb, rsAh, created: 07.12.2022 19:26:33, modified: 01.09.2022 20:20:24 Script: Quarantine, Delete, Delete via BC	x64	SamsungMagician Script: Delete scheduler task	SamsungMagician	Copyright © 2022 Samsung Electronics Co., Ltd.	C:\Windows\system32\Tasks\	"C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe" /AUTOHIDE WorkingDirectory=C:\Program Files (x86)\Samsung\Samsung Magician\
Items found - 123, recognized as trusted - 95

Namespace providers (NSP)

Manufacturer	Status	EXE file	Redirector	Description	Manufacturer	GUID
Items found - 14, recognized as trusted - 14

Transport protocol providers (TSP, LSP)

Protocol Name	EXE file	Redirector	Description	Manufacturer
Items found - 28, recognized as trusted - 28

TCP/UDP ports

Port	Status	Remote Host	Remote Port	Application	Redirector	Notes	Description	Manufacturer
TCP ports
445	LISTENING	0.0.0.0	0	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64	Microsoft NET
1042	LISTENING	0.0.0.0	0	c:\program files (x86)\asus\armourydevice\asus_framework.exe [8076] 43836.43 kb, rsAh, created: 09.12.2022 21:20:33, modified: 04.11.2022 09:02:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ASUS NodeJS Web Framework	Copyright Node.js contributors. MIT license.
1043	LISTENING	0.0.0.0	0	c:\program files (x86)\asus\armourydevice\asus_framework.exe [8076] 43836.43 kb, rsAh, created: 09.12.2022 21:20:33, modified: 04.11.2022 09:02:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ASUS NodeJS Web Framework	Copyright Node.js contributors. MIT license.
5426	LISTENING	0.0.0.0	0	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64
7680	LISTENING	0.0.0.0	0	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\108.0.1462.44\msedgewebview2.exe [10876] 3336.45 kb, rsAh, created: 07.12.2022 12:41:29, modified: 06.12.2022 13:27:05 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.
9012	LISTENING	0.0.0.0	0	c:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe [8184] 1816.35 kb, rsAh, created: 09.12.2022 21:21:22, modified: 17.10.2022 10:29:54 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ArmourySocketServer	Copyright (C) 2019
9013	LISTENING	0.0.0.0	0	c:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe [8184] 1816.35 kb, rsAh, created: 09.12.2022 21:21:22, modified: 17.10.2022 10:29:54 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ArmourySocketServer	Copyright (C) 2019
27036	LISTENING	0.0.0.0	0	c:\program files (x86)\steam\steam.exe [14308] 4145.85 kb, rsAh, created: 21.03.2022 21:23:12, modified: 01.12.2022 17:46:38 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Steam	Copyright (C) 2021 Valve Corporation
49665	LISTENING	0.0.0.0	0	wininit.exe [1104] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64
49672	LISTENING	0.0.0.0	0	services.exe [1172] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64
1042	ESTABLISHED	127.0.0.1	49728	c:\program files (x86)\asus\armourydevice\asus_framework.exe [8076] 43836.43 kb, rsAh, created: 09.12.2022 21:20:33, modified: 04.11.2022 09:02:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ASUS NodeJS Web Framework	Copyright Node.js contributors. MIT license.
1042	ESTABLISHED	127.0.0.1	49732	c:\program files (x86)\asus\armourydevice\asus_framework.exe [8076] 43836.43 kb, rsAh, created: 09.12.2022 21:20:33, modified: 04.11.2022 09:02:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ASUS NodeJS Web Framework	Copyright Node.js contributors. MIT license.
1042	ESTABLISHED	127.0.0.1	49740	c:\program files (x86)\asus\armourydevice\asus_framework.exe [8076] 43836.43 kb, rsAh, created: 09.12.2022 21:20:33, modified: 04.11.2022 09:02:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ASUS NodeJS Web Framework	Copyright Node.js contributors. MIT license.
1042	ESTABLISHED	127.0.0.1	56766	c:\program files (x86)\asus\armourydevice\asus_framework.exe [8076] 43836.43 kb, rsAh, created: 09.12.2022 21:20:33, modified: 04.11.2022 09:02:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ASUS NodeJS Web Framework	Copyright Node.js contributors. MIT license.
3213	LISTENING	0.0.0.0	0	c:\program files (x86)\origin\originwebhelperservice.exe [5596] 3415.82 kb, rsAh, created: 08.12.2022 11:15:05, modified: 08.12.2022 11:14:55 Script: Quarantine, Delete, Delete via BC, Terminate	x64		OriginWebHelperService	Copyright (C) 2015
6463	LISTENING	0.0.0.0	0	c:\users\retox\appdata\local\discord\app-1.0.9007\discord.exe [22920] 115235.77 kb, rsAh, created: 08.12.2022 13:45:43, modified: 21.10.2022 11:28:10 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Discord	Copyright (c) 2022 Discord Inc. All rights reserved.
9010	LISTENING	0.0.0.0	0	c:\program files\lghub\lghub_agent.exe [19984] 41845.75 kb, rsAh, created: 07.12.2022 19:32:01, modified: 07.12.2022 19:31:58 Script: Quarantine, Delete, Delete via BC, Terminate	x64		LGHUB Agent	Copyright © Logitech, Inc. 2022
9010	ESTABLISHED	127.0.0.1	49791	c:\program files\lghub\lghub_agent.exe [19984] 41845.75 kb, rsAh, created: 07.12.2022 19:32:01, modified: 07.12.2022 19:31:58 Script: Quarantine, Delete, Delete via BC, Terminate	x64		LGHUB Agent	Copyright © Logitech, Inc. 2022
9012	ESTABLISHED	127.0.0.1	49703	c:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe [8184] 1816.35 kb, rsAh, created: 09.12.2022 21:21:22, modified: 17.10.2022 10:29:54 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ArmourySocketServer	Copyright (C) 2019
9013	ESTABLISHED	127.0.0.1	49741	c:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe [8184] 1816.35 kb, rsAh, created: 09.12.2022 21:21:22, modified: 17.10.2022 10:29:54 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ArmourySocketServer	Copyright (C) 2019
9013	ESTABLISHED	127.0.0.1	56767	c:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe [8184] 1816.35 kb, rsAh, created: 09.12.2022 21:21:22, modified: 17.10.2022 10:29:54 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ArmourySocketServer	Copyright (C) 2019
9080	LISTENING	0.0.0.0	0	c:\program files\lghub\lghub_agent.exe [19984] 41845.75 kb, rsAh, created: 07.12.2022 19:32:01, modified: 07.12.2022 19:31:58 Script: Quarantine, Delete, Delete via BC, Terminate	x64		LGHUB Agent	Copyright © Logitech, Inc. 2022
9100	LISTENING	0.0.0.0	0	c:\program files\lghub\lghub_updater.exe [5440] 9985.75 kb, rsAh, created: 07.12.2022 19:32:02, modified: 07.12.2022 19:31:59 Script: Quarantine, Delete, Delete via BC, Terminate	x64		LGHUB Updater	Copyright © Logitech, Inc. 2022
9100	ESTABLISHED	127.0.0.1	49812	c:\program files\lghub\lghub_updater.exe [5440] 9985.75 kb, rsAh, created: 07.12.2022 19:32:02, modified: 07.12.2022 19:31:59 Script: Quarantine, Delete, Delete via BC, Terminate	x64		LGHUB Updater	Copyright © Logitech, Inc. 2022
9180	LISTENING	0.0.0.0	0	c:\program files\lghub\lghub_updater.exe [5440] 9985.75 kb, rsAh, created: 07.12.2022 19:32:02, modified: 07.12.2022 19:31:59 Script: Quarantine, Delete, Delete via BC, Terminate	x64		LGHUB Updater	Copyright © Logitech, Inc. 2022
13010	LISTENING	0.0.0.0	0	c:\program files\asus\armoury crate lite service\armourycrate.service.exe [5328] 385.61 kb, rsAh, created: 27.09.2022 08:06:40, modified: 27.09.2022 08:06:40 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ARMOURY CRATE Service	©ASUSTeK Computer Inc.All rights reserved.
13030	LISTENING	0.0.0.0	0	c:\program files (x86)\asus\rog live service\rogliveservice.exe [5524] 6581.11 kb, rsAh, created: 21.09.2022 16:53:30, modified: 21.09.2022 16:53:30 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ROG Live Service	Copyright (C) 2019
13031	LISTENING	0.0.0.0	0	c:\program files\asus\armoury crate lite service\armourycrate.usersessionhelper.exe [12180] 220.61 kb, rsAh, created: 27.09.2022 08:06:46, modified: 27.09.2022 08:06:46 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ARMOURY CRATE User Session Helper	©ASUSTeK Computer Inc.All rights reserved.
13032	LISTENING	0.0.0.0	0	c:\program files\asus\armoury crate lite service\armourycrate.usersessionhelper.exe [12180] 220.61 kb, rsAh, created: 27.09.2022 08:06:46, modified: 27.09.2022 08:06:46 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ARMOURY CRATE User Session Helper	©ASUSTeK Computer Inc.All rights reserved.
17532	LISTENING	0.0.0.0	0	c:\program files\asus\armoury crate lite service\armourycrate.service.exe [5328] 385.61 kb, rsAh, created: 27.09.2022 08:06:40, modified: 27.09.2022 08:06:40 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ARMOURY CRATE Service	©ASUSTeK Computer Inc.All rights reserved.
17532	ESTABLISHED	127.0.0.1	49743	c:\program files\asus\armoury crate lite service\armourycrate.service.exe [5328] 385.61 kb, rsAh, created: 27.09.2022 08:06:40, modified: 27.09.2022 08:06:40 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ARMOURY CRATE Service	©ASUSTeK Computer Inc.All rights reserved.
17945	LISTENING	0.0.0.0	0	c:\program files\asus\armoury crate lite service\armourycrate.usersessionhelper.exe [12180] 220.61 kb, rsAh, created: 27.09.2022 08:06:46, modified: 27.09.2022 08:06:46 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ARMOURY CRATE User Session Helper	©ASUSTeK Computer Inc.All rights reserved.
22112	LISTENING	0.0.0.0	0	c:\program files (x86)\asus\rog live service\rogliveservice.exe [5524] 6581.11 kb, rsAh, created: 21.09.2022 16:53:30, modified: 21.09.2022 16:53:30 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ROG Live Service	Copyright (C) 2019
27060	LISTENING	0.0.0.0	0	c:\program files (x86)\steam\steam.exe [14308] 4145.85 kb, rsAh, created: 21.03.2022 21:23:12, modified: 01.12.2022 17:46:38 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Steam	Copyright (C) 2021 Valve Corporation
27060	ESTABLISHED	127.0.0.1	60127	c:\program files (x86)\steam\steam.exe [14308] 4145.85 kb, rsAh, created: 21.03.2022 21:23:12, modified: 01.12.2022 17:46:38 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Steam	Copyright (C) 2021 Valve Corporation
27339	LISTENING	0.0.0.0	0	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64
28385	LISTENING	0.0.0.0	0	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64
28390	LISTENING	0.0.0.0	0	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64
45654	LISTENING	0.0.0.0	0	c:\program files\lghub\lghub_agent.exe [19984] 41845.75 kb, rsAh, created: 07.12.2022 19:32:01, modified: 07.12.2022 19:31:58 Script: Quarantine, Delete, Delete via BC, Terminate	x64		LGHUB Agent	Copyright © Logitech, Inc. 2022
49670	LISTENING	0.0.0.0	0	c:\program files\corsair\corsair icue 4 software\cuellaccessservice.exe [5360] 233.04 kb, rsAh, created: 14.11.2022 14:19:10, modified: 14.11.2022 14:19:10 Script: Quarantine, Delete, Delete via BC, Terminate	x64		iCUE service for interaction with CorsairLLAccess driver	Corsair Memory, Inc. © 2020, All rights reserved
49670	ESTABLISHED	127.0.0.1	63564	c:\program files\corsair\corsair icue 4 software\cuellaccessservice.exe [5360] 233.04 kb, rsAh, created: 14.11.2022 14:19:10, modified: 14.11.2022 14:19:10 Script: Quarantine, Delete, Delete via BC, Terminate	x64		iCUE service for interaction with CorsairLLAccess driver	Corsair Memory, Inc. © 2020, All rights reserved
49703	ESTABLISHED	127.0.0.1	9012	c:\program files\asus\armoury crate lite service\armourycrate.usersessionhelper.exe [12180] 220.61 kb, rsAh, created: 27.09.2022 08:06:46, modified: 27.09.2022 08:06:46 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ARMOURY CRATE User Session Helper	©ASUSTeK Computer Inc.All rights reserved.
49728	ESTABLISHED	127.0.0.1	1042	c:\program files (x86)\asus\armourydevice\dll\acpowernotification\acpowernotification.exe [9368] 302.35 kb, rsAh, created: 09.12.2022 21:21:22, modified: 17.10.2022 10:27:08 Script: Quarantine, Delete, Delete via BC, Terminate	x64		AcPowerNotification	Copyright © 2020
49730	LISTENING	0.0.0.0	0	c:\program files (x86)\nvidia corporation\nvnode\nvidia web helper.exe [12872] 28757.05 kb, rsAh, created: 08.12.2022 17:25:08, modified: 13.10.2022 13:05:27 Script: Quarantine, Delete, Delete via BC, Terminate	x64		NVIDIA Web Helper Service	Copyright Node.js contributors. MIT license.
49730	ESTABLISHED	127.0.0.1	49758	c:\program files (x86)\nvidia corporation\nvnode\nvidia web helper.exe [12872] 28757.05 kb, rsAh, created: 08.12.2022 17:25:08, modified: 13.10.2022 13:05:27 Script: Quarantine, Delete, Delete via BC, Terminate	x64		NVIDIA Web Helper Service	Copyright Node.js contributors. MIT license.
49732	ESTABLISHED	127.0.0.1	1042	c:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe [8184] 1816.35 kb, rsAh, created: 09.12.2022 21:21:22, modified: 17.10.2022 10:29:54 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ArmourySocketServer	Copyright (C) 2019
49740	ESTABLISHED	127.0.0.1	1042	c:\program files (x86)\asus\armourydevice\asus_framework.exe [17892] 43836.43 kb, rsAh, created: 09.12.2022 21:20:33, modified: 04.11.2022 09:02:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ASUS NodeJS Web Framework	Copyright Node.js contributors. MIT license.
49741	ESTABLISHED	127.0.0.1	9013	c:\program files (x86)\asus\armourydevice\asus_framework.exe [17892] 43836.43 kb, rsAh, created: 09.12.2022 21:20:33, modified: 04.11.2022 09:02:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ASUS NodeJS Web Framework	Copyright Node.js contributors. MIT license.
49743	ESTABLISHED	127.0.0.1	17532	c:\program files\asus\armoury crate lite service\armourycrate.usersessionhelper.exe [12180] 220.61 kb, rsAh, created: 27.09.2022 08:06:46, modified: 27.09.2022 08:06:46 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ARMOURY CRATE User Session Helper	©ASUSTeK Computer Inc.All rights reserved.
49758	ESTABLISHED	127.0.0.1	49730	c:\program files\nvidia corporation\nvidia geforce experience\nvidia share.exe [15220] 3264.04 kb, rsAh, created: 08.12.2022 17:25:10, modified: 17.10.2022 01:53:39 Script: Quarantine, Delete, Delete via BC, Terminate	x64		NVIDIA Share	(C) 2017-2022 NVIDIA Corporation. All rights reserved.
49791	ESTABLISHED	127.0.0.1	9010	c:\program files\lghub\system_tray\lghub_system_tray.exe [19868] 23596.25 kb, rsAh, created: 07.12.2022 19:32:04, modified: 07.12.2022 19:31:59 Script: Quarantine, Delete, Delete via BC, Terminate	x64		G HUB	Copyright © Logitech, Inc. 2022
49812	ESTABLISHED	127.0.0.1	9100	c:\program files\lghub\lghub_agent.exe [19984] 41845.75 kb, rsAh, created: 07.12.2022 19:32:01, modified: 07.12.2022 19:31:58 Script: Quarantine, Delete, Delete via BC, Terminate	x64		LGHUB Agent	Copyright © Logitech, Inc. 2022
52473	ESTABLISHED	127.0.0.1	52474	c:\program files\mozilla firefox\firefox.exe [23648] 646.91 kb, rsAh, created: 07.12.2022 13:04:52, modified: 28.11.2022 11:24:19 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Firefox	©Firefox and Mozilla Developers; available under the MPL 2 license.
52474	ESTABLISHED	127.0.0.1	52473	c:\program files\mozilla firefox\firefox.exe [23648] 646.91 kb, rsAh, created: 07.12.2022 13:04:52, modified: 28.11.2022 11:24:19 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Firefox	©Firefox and Mozilla Developers; available under the MPL 2 license.
52475	ESTABLISHED	127.0.0.1	52476	c:\program files\mozilla firefox\firefox.exe [10796] 646.91 kb, rsAh, created: 07.12.2022 13:04:52, modified: 28.11.2022 11:24:19 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Firefox	©Firefox and Mozilla Developers; available under the MPL 2 license.
52476	ESTABLISHED	127.0.0.1	52475	c:\program files\mozilla firefox\firefox.exe [10796] 646.91 kb, rsAh, created: 07.12.2022 13:04:52, modified: 28.11.2022 11:24:19 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Firefox	©Firefox and Mozilla Developers; available under the MPL 2 license.
56766	ESTABLISHED	127.0.0.1	1042	c:\program files (x86)\asus\armourydevice\asus_framework.exe [25564] 43836.43 kb, rsAh, created: 09.12.2022 21:20:33, modified: 04.11.2022 09:02:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ASUS NodeJS Web Framework	Copyright Node.js contributors. MIT license.
56767	ESTABLISHED	127.0.0.1	9013	c:\program files (x86)\asus\armourydevice\asus_framework.exe [25564] 43836.43 kb, rsAh, created: 09.12.2022 21:20:33, modified: 04.11.2022 09:02:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ASUS NodeJS Web Framework	Copyright Node.js contributors. MIT license.
60127	ESTABLISHED	127.0.0.1	27060	c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe [13608] 6204.85 kb, rsAh, created: 07.12.2022 13:16:43, modified: 01.12.2022 17:46:42 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Steam Client WebHelper	Copyright (C) 2014 Valve Corporation
63564	ESTABLISHED	127.0.0.1	49670	c:\program files\corsair\corsair icue 4 software\icue.exe [18404] 261.54 kb, rsAh, created: 14.11.2022 14:54:48, modified: 14.11.2022 14:54:48 Script: Quarantine, Delete, Delete via BC, Terminate	x64		iCUE	Corsair Memory, Inc. © 2020, All rights reserved
63604	LISTENING	0.0.0.0	0	c:\program files\corsair\corsair icue 4 software\icuedevicepluginhost.exe [24096] 450.54 kb, rsAh, created: 14.11.2022 14:19:18, modified: 14.11.2022 14:19:18 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Corsair iCUE Component	Corsair Memory, Inc. © 2022, All rights reserved
63604	ESTABLISHED	127.0.0.1	63605	c:\program files\corsair\corsair icue 4 software\icuedevicepluginhost.exe [24096] 450.54 kb, rsAh, created: 14.11.2022 14:19:18, modified: 14.11.2022 14:19:18 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Corsair iCUE Component	Corsair Memory, Inc. © 2022, All rights reserved
63605	ESTABLISHED	127.0.0.1	63604	c:\program files\corsair\corsair icue 4 software\icue.exe [18404] 261.54 kb, rsAh, created: 14.11.2022 14:54:48, modified: 14.11.2022 14:54:48 Script: Quarantine, Delete, Delete via BC, Terminate	x64		iCUE	Corsair Memory, Inc. © 2020, All rights reserved
139	LISTENING	0.0.0.0	0	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64	Microsoft NET
49724	ESTABLISHED	162.254.192.75	27025	c:\program files (x86)\steam\steam.exe [14308] 4145.85 kb, rsAh, created: 21.03.2022 21:23:12, modified: 01.12.2022 17:46:38 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Steam	Copyright (C) 2021 Valve Corporation
49818	ESTABLISHED	192.168.1.15	8009	c:\program files (x86)\microsoft\edge\application\msedge.exe [19436] 3786.41 kb, rsAh, created: 11.04.2022 13:47:49, modified: 05.12.2022 01:54:53 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.
52466	ESTABLISHED	23.96.94.139	443	c:\program files (x86)\microsoft\edgewebview\application\108.0.1462.44\msedgewebview2.exe [21972] 3336.45 kb, rsAh, created: 07.12.2022 12:41:29, modified: 06.12.2022 13:27:05 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.
52468	ESTABLISHED	40.87.92.60	443	c:\program files (x86)\microsoft\edgewebview\application\108.0.1462.44\msedgewebview2.exe [21972] 3336.45 kb, rsAh, created: 07.12.2022 12:41:29, modified: 06.12.2022 13:27:05 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.
52492	ESTABLISHED	104.16.248.249	443	c:\program files\mozilla firefox\firefox.exe [23648] 646.91 kb, rsAh, created: 07.12.2022 13:04:52, modified: 28.11.2022 11:24:19 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Firefox	©Firefox and Mozilla Developers; available under the MPL 2 license.
52531	ESTABLISHED	52.42.74.230	443	c:\program files\mozilla firefox\firefox.exe [23648] 646.91 kb, rsAh, created: 07.12.2022 13:04:52, modified: 28.11.2022 11:24:19 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Firefox	©Firefox and Mozilla Developers; available under the MPL 2 license.
52751	ESTABLISHED	142.251.163.94	443	c:\program files\mozilla firefox\firefox.exe [23648] 646.91 kb, rsAh, created: 07.12.2022 13:04:52, modified: 28.11.2022 11:24:19 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Firefox	©Firefox and Mozilla Developers; available under the MPL 2 license.
52784	TIME_WAIT	204.79.197.203	443	[0]	x64
52785	ESTABLISHED	142.251.16.138	443	c:\program files\mozilla firefox\firefox.exe [23648] 646.91 kb, rsAh, created: 07.12.2022 13:04:52, modified: 28.11.2022 11:24:19 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Firefox	©Firefox and Mozilla Developers; available under the MPL 2 license.
52787	TIME_WAIT	35.163.90.214	443	[0]	x64
52788	ESTABLISHED	72.21.91.29	80	c:\program files\mozilla firefox\firefox.exe [23648] 646.91 kb, rsAh, created: 07.12.2022 13:04:52, modified: 28.11.2022 11:24:19 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Firefox	©Firefox and Mozilla Developers; available under the MPL 2 license.
52789	TIME_WAIT	34.120.158.37	443	[0]	x64
52791	ESTABLISHED	23.222.12.10	80	c:\program files\mozilla firefox\firefox.exe [23648] 646.91 kb, rsAh, created: 07.12.2022 13:04:52, modified: 28.11.2022 11:24:19 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Firefox	©Firefox and Mozilla Developers; available under the MPL 2 license.
52794	TIME_WAIT	34.120.158.37	443	[0]	x64
52795	TIME_WAIT	34.120.158.37	443	[0]	x64
52796	TIME_WAIT	34.120.158.37	443	[0]	x64
52798	TIME_WAIT	34.120.158.37	443	[0]	x64
52799	TIME_WAIT	34.120.158.37	443	[0]	x64
52800	TIME_WAIT	34.120.158.37	443	[0]	x64
52803	TIME_WAIT	34.120.158.37	443	[0]	x64
52804	ESTABLISHED	20.189.173.2	443	c:\program files (x86)\microsoft\edgewebview\application\108.0.1462.44\msedgewebview2.exe [21972] 3336.45 kb, rsAh, created: 07.12.2022 12:41:29, modified: 06.12.2022 13:27:05 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.
52805	TIME_WAIT	52.191.219.104	443	[0]	x64
56762	ESTABLISHED	52.159.126.152	443	c:\users\retox\appdata\local\microsoft\onedrive\onedrive.exe [18884] 2564.92 kb, rsAh, created: 07.12.2022 12:46:42, modified: 09.12.2022 17:55:08 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft OneDrive	© Microsoft Corporation. All rights reserved.
63559	ESTABLISHED	162.159.135.234	443	c:\users\retox\appdata\local\discord\app-1.0.9007\discord.exe [22536] 115235.77 kb, rsAh, created: 08.12.2022 13:45:43, modified: 21.10.2022 11:28:10 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Discord	Copyright (c) 2022 Discord Inc. All rights reserved.
UDP ports
5353	LISTENING	--	--	c:\program files (x86)\microsoft\edge\application\msedge.exe [19128] 3786.41 kb, rsAh, created: 11.04.2022 13:47:49, modified: 05.12.2022 01:54:53 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.
5353	LISTENING	--	--	c:\program files (x86)\microsoft\edge\application\msedge.exe [19128] 3786.41 kb, rsAh, created: 11.04.2022 13:47:49, modified: 05.12.2022 01:54:53 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.
27036	LISTENING	--	--	c:\program files (x86)\steam\steam.exe [14308] 4145.85 kb, rsAh, created: 21.03.2022 21:23:12, modified: 01.12.2022 17:46:38 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Steam	Copyright (C) 2021 Valve Corporation
49999	LISTENING	--	--	c:\program files\mozilla firefox\firefox.exe [23648] 646.91 kb, rsAh, created: 07.12.2022 13:04:52, modified: 28.11.2022 11:24:19 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Firefox	©Firefox and Mozilla Developers; available under the MPL 2 license.
58915	LISTENING	--	--	c:\program files (x86)\origin\originwebhelperservice.exe [5596] 3415.82 kb, rsAh, created: 08.12.2022 11:15:05, modified: 08.12.2022 11:14:55 Script: Quarantine, Delete, Delete via BC, Terminate	x64		OriginWebHelperService	Copyright (C) 2015
10010	LISTENING	--	--	c:\program files (x86)\nvidia corporation\nvnode\nvidia web helper.exe [12872] 28757.05 kb, rsAh, created: 08.12.2022 17:25:08, modified: 13.10.2022 13:05:27 Script: Quarantine, Delete, Delete via BC, Terminate	x64		NVIDIA Web Helper Service	Copyright Node.js contributors. MIT license.
137	LISTENING	--	--	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64	Microsoft NET
138	LISTENING	--	--	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64	Microsoft NET
Items found - 120, recognized as trusted - 24

Downloaded Program Files (DPF)

File name	Redirector	Description	Manufacturer	CLSID	Source URL
Items found - 0, recognized as trusted - 0

Control Panel Applets (CPL)

File name	Redirector	Description	Manufacturer
Items found - 34, recognized as trusted - 34

Active Setup

File name	Redirector	Description	Manufacturer	CLSID
C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.42\Installer\setup.exe 3288.91 kb, rsAh, created: 07.12.2022 15:41:32, modified: 07.12.2022 15:41:19 Script: Quarantine, Delete, Delete via BC	x64	Microsoft Edge Installer	Copyright Microsoft Corporation. All rights reserved.	{9459C573-B17A-45AE-9F64-1857B5D58CEE} Delete
C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.42\Installer\setup.exe 3288.91 kb, rsAh, created: 07.12.2022 15:41:32, modified: 07.12.2022 15:41:19 Script: Quarantine, Delete, Delete via BC	x64	Microsoft Edge Installer	Copyright Microsoft Corporation. All rights reserved.	{9459C573-B17A-45AE-9F64-1857B5D58CEE} Delete
Items found - 20, recognized as trusted - 18

HOSTS file

Hosts file record

Protocols and handlers

File name	Redirector	Type	Description	Manufacturer	CLSID
Items found - 38, recognized as trusted - 38

Shared resources

Network name	Path	Notes
A$	A:\	Default share
B$	B:\	Default share
C$	C:\	Default share
ADMIN$	C:\Windows	Remote Admin
IPC$		Remote IPC

Background Intelligent Transfer Service (BITS) Jobs

BITS Job ID	Job name	Status	Source URL or file name	Destination file name	Notification program
{99AE2B71-CE34-434B-97DC-47F2E56CB164}	Edge Component Updater	TRANSFERRED	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/ef5f792e-9df7-4748-accf-02ec33a4a2c4?P1=1670875150&P2=404&P3=2&P4=doCsYT9uSOSKDBOnQW3tKpdEYG7E%2fAOMu8Yyp3%2fL%2f7jpRk1mM1xyxbfQz86yNXYiqv7OZ23jvMJs30JzyYySjQ%3d%3d	C:\Users\retox\AppData\Local\Temp\edge_BITS_2100_1115587358\ef5f792e-9df7-4748-accf-02ec33a4a2c4
{AE7F9F77-A516-43E5-A488-28801EE0025A}	Edge Component Updater	TRANSFERRED	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/ef5f792e-9df7-4748-accf-02ec33a4a2c4?P1=1670878743&P2=404&P3=2&P4=Kk0%2bxDIS3KMQUWNzXFUzGcdgg%2fSJ9VTOzRbpvepNXz1GyNZ1zNnCfsXqJKsROC7Lcxd6vopSb0i5yC6Rq0RwRg%3d%3d	C:\Users\retox\AppData\Local\Temp\edge_BITS_1284_1437889272\ef5f792e-9df7-4748-accf-02ec33a4a2c4
{B217ED6C-F382-4F1E-ACA8-65A220955E92}	Edge Component Updater	TRANSFERRED	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/b22f5f18-f7ea-4290-929d-b13c03908334?P1=1670877556&P2=404&P3=2&P4=ZgbhOm4TUyndc5xtFUPaviUInaRaL7Oee0q72B1vsOKpseMtPaKAWEpi%2fhcGiYJCk%2bk9WdB4%2f5O7Um6j%2fQpqVA%3d%3d	C:\Users\retox\AppData\Local\Temp\edge_BITS_21660_1796058464\b22f5f18-f7ea-4290-929d-b13c03908334
{8F44AE96-94AC-4628-A779-3184004277F4}	Edge Component Updater	TRANSFERRED	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2132f61f-f790-4ae6-a355-8cf9a1533800?P1=1670875150&P2=404&P3=2&P4=CcJKPrDnJgrAaDD4no9c82209st%2bC64z7C9qMA2qooOvsA94aRHgPFN6tPkN0lgt2pgmWjiyaSbpBRQDowWgWg%3d%3d	C:\Users\retox\AppData\Local\Temp\edge_BITS_21280_1554453192\2132f61f-f790-4ae6-a355-8cf9a1533800
{0872401E-399A-48F0-8D73-FD5C87A57F81}	Edge Component Updater	TRANSFERRED	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2132f61f-f790-4ae6-a355-8cf9a1533800?P1=1670873990&P2=404&P3=2&P4=BPmRunzftn0r%2f%2fv1NuXIy09KlPKmbROOd2Iqdc9McIsz6HT2tPRnDLtwXODQa%2bRA4wzHGXPbF5SC7jhzmoNHDw%3d%3d	C:\Users\retox\AppData\Local\Temp\edge_BITS_10628_1913737358\2132f61f-f790-4ae6-a355-8cf9a1533800

Suspicious objects

File

Redirector

Description

Type

Attention !!! Database was last updated 10/6/2022 it is necessary to update the database (via File - Database update)
AVZ Toolkit log; AVZ version is 5.63 private build [06.10.2022 18:46:05]
Scanning started at 09.12.2022 23:49:57
Database loaded: signatures - 9995, NN profile(s) - 2, malware removal microprograms - 23, signature database released 06.10.2022 16:00
Heuristic microprograms loaded: 417
PVS microprograms loaded: 10
Digital signatures of system files loaded: 638405
Heuristic analyzer mode: Maximum heuristics mode
Malware removal mode: disabled
Windows version is: 10.0.22621,  "Windows 10 Pro" (Windows 10 Pro) x64, install date 07.12.2022 15:38:11 ; AVZ is run with administrator rights (+)
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .rdata
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
2. Scanning RAM
 Number of processes found: 260
Extended process analysis: 2688 C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe
[ES]:Application has no visible windows
Extended process analysis: 3440 C:\Program Files (x86)\ASUS\AXSP\4.02.22\atkexComSvc.exe
[ES]:Application has no visible windows
Extended process analysis: 5376 C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
Extended process analysis: 5456 C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing ?
Extended process analysis: 5544 C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing ?
Extended process analysis: 6304 C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing ?
Extended process analysis: 6404 C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
Extended process analysis: 6484 C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing ?
Extended process analysis: 6780 C:\Program Files (x86)\Samsung\Samsung Magician\MigrationService\MigrationService.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
Extended process analysis: 7976 C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing ?
Extended process analysis: 7024 C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.DisplayAdapter.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
Extended process analysis: 9368 C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
Extended process analysis: 13160 C:\Program Files\ASUS\AacExtCard\extensionCardHal_x86.exe
[ES]:Application has no visible windows
Extended process analysis: 4188 C:\Program Files\ASUS\KINGSTON_Aac_DRAM\AacKingstonDramHal_x86.exe
[ES]:Application has no visible windows
Extended process analysis: 14192 C:\Program Files\ASUS\AacMB\Aac3572MbHal_x86.exe
[ES]:Application has no visible windows
Extended process analysis: 13484 C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
Extended process analysis: 15560 C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe
[ES]:Application has no visible windows
Extended process analysis: 17548 C:\Program Files\ASUS\AacMB\Aac3572MbHal_x86.exe
[ES]:Application has no visible windows
Extended process analysis: 23104 C:\Program Files (x86)\Razer\Synapse3\Service\..\UserProcess\Razer Synapse Service Process.exe
[ES]:Program code includes networking-related functionality
[ES]:Loads RASAPI DLL - may use dialing ?
Extended process analysis: 23376 C:\Program Files (x86)\ASUS\AsusFCNotification\AsusFCNotification.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
 Number of modules loaded: 536
Scanning RAM - complete
3. Scanning disks
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
 Checking - disabled by user
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Remote Desktop Services)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>>> Security: Internet Explorer allows ActiveX, not marked as safe
>>> Security: block ActiveX, not marked as safe, in Internet Explorer
>>> Security: Internet Explorer allows unsigned ActiveX elements
>>> Security: Internet Explorer allows automatic queries of ActiveX administrative elements
>>> Security: Internet Explorer allows running files and applications in IFRAME window without asking user
>> Security: sending Remote Assistant queries is enabled
>> Windows Explorer - show extensions of known file types
Checking - complete
9. Troubleshooting wizard
 >>  HDD autorun is allowed
 >>  Network drives autorun is allowed
 >>  Removable media autorun is allowed
Checking - complete
Files scanned: 796, extracted from archives: 0, malicious software found 0, suspicions - 0
Scanning finished at 09.12.2022 23:50:26
Time of scanning: 00:00:29
System Analysis in progress
Network diagnostics
 DNS and Ping test
  Host="yandex.ru", IP="77.88.55.50,5.255.255.88,77.88.55.55,5.255.255.80", Ping=OK (0,138,77.88.55.50)
  Host="google.ru", IP="172.253.62.94", Ping=OK (0,4,172.253.62.94)
  Host="google.com", IP="142.251.163.139,142.251.163.138,142.251.163.102,142.251.163.101,142.251.163.113,...", Ping=OK (0,3,142.251.163.139)
  Host="www.kaspersky.com", IP="144.121.3.166", Ping=Error (11010,0,0.0.0.0)
  Host="www.kaspersky.ru", IP="144.121.3.166", Ping=Error (11010,0,0.0.0.0)
  Host="dnl-03.geo.kaspersky.com", IP="66.110.49.80", Ping=OK (0,25,66.110.49.80)
  Host="dnl-11.geo.kaspersky.com", IP="38.117.98.253", Ping=OK (0,28,38.117.98.253)
  Host="activation-v2.kaspersky.com", IP="4.59.181.141", Ping=Error (11010,0,0.0.0.0)
  Host="odnoklassniki.ru", IP="5.61.23.11,217.20.155.13,217.20.147.1", Ping=OK (0,131,5.61.23.11)
  Host="vk.com", IP="87.240.129.133,87.240.132.78,93.186.225.194,87.240.137.164,87.240.132.67,...", Ping=OK (0,120,87.240.129.133)
  Host="vkontakte.ru", IP="87.240.129.133,87.240.132.78,87.240.132.72,87.240.137.164,87.240.132.67,...", Ping=OK (0,121,87.240.129.133)
  Host="twitter.com", IP="104.244.42.65", Ping=OK (0,23,104.244.42.65)
  Host="facebook.com", IP="31.13.66.35", Ping=OK (0,3,31.13.66.35)
  Host="ru-ru.facebook.com", IP="31.13.66.4", Ping=OK (0,3,31.13.66.4)
 Network IE settings
  IE setting AutoConfigURL=
  IE setting AutoConfigProxy=
  IE setting ProxyOverride=
  IE setting ProxyServer=
  IE setting Internet\ManualProxies=
 Network TCP/IP settings
  Interface: "Wi-Fi"
   IPAddress = "192.168.1.32"
   DHCPIPAddress = "192.168.1.32"
   SubnetMask = "255.255.255.0"
   DHCPSubnetMask = "255.255.255.0"
   DefaultGateway = ""
   NameServer = ""
   Domain = ""
   DhcpServer = "192.168.1.1"
  Interface: "Ethernet"
   IPAddress = "192.168.1.33"
   DHCPIPAddress = "192.168.1.33"
   SubnetMask = "255.255.255.0"
   DHCPSubnetMask = "255.255.255.0"
   DefaultGateway = ""
   NameServer = ""
   Domain = ""
   DhcpServer = "192.168.1.1"
 Network Persistent Routes

System Analysis - complete
Script commands Add commands to script:

Additional operations:

File list