Results of system analysis

Process List

File name	PID	Description	Copyright	MD5	Information
c:\programdata\battle.net\agent\agent.8067\agent.exe Script: Quarantine, Delete, Delete via BC, Terminate	7864	Battle.net Update Agent	© 2010-2022 Blizzard Entertainment Inc.	BE4F0EC8BB438EDF7BB92EB0F53443D7	5422.12 kb, rsAh,created: 08.12.2022 05:07:13,modified: 08.12.2022 05:07:14 Command line: "C:\ProgramData\Battle.net\Agent\Agent.8067\Agent.exe" --session=4730955704176207213
c:\users\cropp\appdata\local\temp\5hk3uolz.cnn\getsysteminfodllcache\avz\avz.exe Script: Quarantine, Delete, Delete via BC, Terminate	4752			343ED2D3905CA0C82A4E85217B4033FB	8924.64 kb, rsAh,created: 08.12.2022 12:20:27,modified: 18.10.2022 07:38:44 Command line: "C:\Users\cropp\AppData\Local\Temp\5hk3uolz.cnn\GetSystemInfoDllCache\avz\avz.exe" SpoolLog="C:\Users\cropp\AppData\Local\Temp\5hk3uolz.cnn\GetSystemInfo\avz.log" TempFolder="C:\Users\cropp\AppData\Local\Temp\5hk3uolz.cnn\GetSystemInfo\AvzTemp"
d:\program files\battle.net\battle.net.exe Script: Quarantine, Delete, Delete via BC, Terminate	13016	Battle·net	© 2012-2022 Blizzard Entertainment Inc.	DD3C6CBF75D6C7B383AEA296076CB51B	1064.62 kb, rsAh,created: 08.12.2022 05:08:13,modified: 08.12.2022 05:08:13 Command line: "D:\Program files\Battle.net\Battle.net.exe" --type=renderer --no-sandbox --log-file="C:\Users\cropp\AppData\Local\Battle.net\Logs\libcef-20221208T102038.225930.log" --field-trial-handle=3020,16838987802563087485,8543940187933043581,131072 --enable-features=CastMediaRouteProvider --disable-features=HardwareMediaKeyHandling,OutOfBlinkCors --lang=en-GB --log-file="C:\Users\cropp\AppData\Local\Battle.net\Logs\libcef-20221208T102038.225930.log" --log-severity=error --product-version="Battle.net/2.16.4.13859 (retail) Chrome/83.0.4103.106" --disable-spell-checking --uncaught-exception-stack-size=10 --watch-browser-pid=5388 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=4792 /prefetch:1 --battle-net-helper=Battle.net.13859
d:\program files\battle.net\battle.net.exe Script: Quarantine, Delete, Delete via BC, Terminate	5388	Battle·net	© 2012-2022 Blizzard Entertainment Inc.	DD3C6CBF75D6C7B383AEA296076CB51B	1064.62 kb, rsAh,created: 08.12.2022 05:08:13,modified: 08.12.2022 05:08:13 Command line: "D:\Program files\Battle.net\Battle.net.exe" --from-launcher
d:\program files\battle.net\battle.net.exe Script: Quarantine, Delete, Delete via BC, Terminate	3340	Battle·net	© 2012-2022 Blizzard Entertainment Inc.	DD3C6CBF75D6C7B383AEA296076CB51B	1064.62 kb, rsAh,created: 08.12.2022 05:08:13,modified: 08.12.2022 05:08:13 Command line: "D:\Program files\Battle.net\Battle.net.exe" --type=gpu-process --field-trial-handle=3020,16838987802563087485,8543940187933043581,131072 --enable-features=CastMediaRouteProvider --disable-features=HardwareMediaKeyHandling,OutOfBlinkCors --no-sandbox --log-file="C:\Users\cropp\AppData\Local\Battle.net\Logs\libcef-20221208T102038.225930.log" --log-severity=error --product-version="Battle.net/2.16.4.13859 (retail) Chrome/83.0.4103.106" --lang=en-GB --watch-browser-pid=5388 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\cropp\AppData\Local\Battle.net\Logs\libcef-20221208T102038.225930.log" --mojo-platform-channel-handle=3268 /prefetch:2 --battle-net-helper=Battle.net.13859
d:\program files\battle.net\battle.net.exe Script: Quarantine, Delete, Delete via BC, Terminate	11404	Battle·net	© 2012-2022 Blizzard Entertainment Inc.	DD3C6CBF75D6C7B383AEA296076CB51B	1064.62 kb, rsAh,created: 08.12.2022 05:08:13,modified: 08.12.2022 05:08:13 Command line: "D:\Program files\Battle.net\Battle.net.exe" --type=utility --field-trial-handle=3020,16838987802563087485,8543940187933043581,131072 --enable-features=CastMediaRouteProvider --disable-features=HardwareMediaKeyHandling,OutOfBlinkCors --lang=en-GB --service-sandbox-type=network --no-sandbox --log-file="C:\Users\cropp\AppData\Local\Battle.net\Logs\libcef-20221208T102038.225930.log" --log-severity=error --product-version="Battle.net/2.16.4.13859 (retail) Chrome/83.0.4103.106" --lang=en-GB --watch-browser-pid=5388 --log-file="C:\Users\cropp\AppData\Local\Battle.net\Logs\libcef-20221208T102038.225930.log" --mojo-platform-channel-handle=4016 /prefetch:8 --battle-net-helper=Battle.net.13859
d:\program files\battle.net\battle.net.exe Script: Quarantine, Delete, Delete via BC, Terminate	896	Battle·net	© 2012-2022 Blizzard Entertainment Inc.	DD3C6CBF75D6C7B383AEA296076CB51B	1064.62 kb, rsAh,created: 08.12.2022 05:08:13,modified: 08.12.2022 05:08:13 Command line: "D:\Program files\Battle.net\Battle.net.exe" --type=renderer --no-sandbox --log-file="C:\Users\cropp\AppData\Local\Battle.net\Logs\libcef-20221208T102038.225930.log" --field-trial-handle=3020,16838987802563087485,8543940187933043581,131072 --enable-features=CastMediaRouteProvider --disable-features=HardwareMediaKeyHandling,OutOfBlinkCors --lang=en-GB --log-file="C:\Users\cropp\AppData\Local\Battle.net\Logs\libcef-20221208T102038.225930.log" --log-severity=error --product-version="Battle.net/2.16.4.13859 (retail) Chrome/83.0.4103.106" --disable-spell-checking --uncaught-exception-stack-size=10 --watch-browser-pid=5388 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=4600 /prefetch:1 --battle-net-helper=Battle.net.13859
d:\program files\battle.net\battle.net.exe Script: Quarantine, Delete, Delete via BC, Terminate	12544	Battle·net	© 2012-2022 Blizzard Entertainment Inc.	DD3C6CBF75D6C7B383AEA296076CB51B	1064.62 kb, rsAh,created: 08.12.2022 05:08:13,modified: 08.12.2022 05:08:13 Command line: "D:\Program files\Battle.net\Battle.net.exe" --type=renderer --no-sandbox --log-file="C:\Users\cropp\AppData\Local\Battle.net\Logs\libcef-20221208T102038.225930.log" --field-trial-handle=3020,16838987802563087485,8543940187933043581,131072 --enable-features=CastMediaRouteProvider --disable-features=HardwareMediaKeyHandling,OutOfBlinkCors --lang=en-GB --log-file="C:\Users\cropp\AppData\Local\Battle.net\Logs\libcef-20221208T102038.225930.log" --log-severity=error --product-version="Battle.net/2.16.4.13859 (retail) Chrome/83.0.4103.106" --disable-spell-checking --uncaught-exception-stack-size=10 --watch-browser-pid=5388 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=4384 /prefetch:1 --battle-net-helper=Battle.net.13859
c:\users\cropp\appdata\local\discord\app-1.0.9007\discord.exe Script: Quarantine, Delete, Delete via BC, Terminate	9444	Discord	Copyright (c) 2022 Discord Inc. All rights reserved.	B34E4632CC0EF454E0788C7AC55DE11B	115235.77 kb, rsAh,created: 08.12.2022 05:01:43,modified: 21.10.2022 11:28:10 Command line: "C:\Users\cropp\AppData\Local\Discord\app-1.0.9007\Discord.exe" --type=gpu-process --field-trial-handle=1724,15463203726659412610,17776998929970922908,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,HardwareMediaKeyHandling,MediaSessionService,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1736 /prefetch:2
c:\users\cropp\appdata\local\discord\app-1.0.9007\discord.exe Script: Quarantine, Delete, Delete via BC, Terminate	9856	Discord	Copyright (c) 2022 Discord Inc. All rights reserved.	B34E4632CC0EF454E0788C7AC55DE11B	115235.77 kb, rsAh,created: 08.12.2022 05:01:43,modified: 21.10.2022 11:28:10 Command line: "C:\Users\cropp\AppData\Local\Discord\app-1.0.9007\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1724,15463203726659412610,17776998929970922908,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,HardwareMediaKeyHandling,MediaSessionService,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:8
c:\users\cropp\appdata\local\discord\app-1.0.9007\discord.exe Script: Quarantine, Delete, Delete via BC, Terminate	10020	Discord	Copyright (c) 2022 Discord Inc. All rights reserved.	B34E4632CC0EF454E0788C7AC55DE11B	115235.77 kb, rsAh,created: 08.12.2022 05:01:43,modified: 21.10.2022 11:28:10 Command line: "C:\Users\cropp\AppData\Local\Discord\app-1.0.9007\Discord.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1724,15463203726659412610,17776998929970922908,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,HardwareMediaKeyHandling,MediaSessionService,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=2692 /prefetch:8
c:\users\cropp\appdata\local\discord\app-1.0.9007\discord.exe Script: Quarantine, Delete, Delete via BC, Terminate	7408	Discord	Copyright (c) 2022 Discord Inc. All rights reserved.	B34E4632CC0EF454E0788C7AC55DE11B	115235.77 kb, rsAh,created: 08.12.2022 05:01:43,modified: 21.10.2022 11:28:10 Command line: "C:\Users\cropp\AppData\Local\Discord\app-1.0.9007\Discord.exe"
c:\users\cropp\appdata\local\discord\app-1.0.9007\discord.exe Script: Quarantine, Delete, Delete via BC, Terminate	10672	Discord	Copyright (c) 2022 Discord Inc. All rights reserved.	B34E4632CC0EF454E0788C7AC55DE11B	115235.77 kb, rsAh,created: 08.12.2022 05:01:43,modified: 21.10.2022 11:28:10 Command line: "C:\Users\cropp\AppData\Local\Discord\app-1.0.9007\Discord.exe" --type=renderer --autoplay-policy=no-user-gesture-required --field-trial-handle=1724,15463203726659412610,17776998929970922908,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,HardwareMediaKeyHandling,MediaSessionService,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-GB --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\cropp\AppData\Local\Discord\app-1.0.9007\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1 --enable-node-leakage-in-renderers
c:\users\cropp\appdata\local\discord\app-1.0.9007\discord.exe Script: Quarantine, Delete, Delete via BC, Terminate	8748	Discord	Copyright (c) 2022 Discord Inc. All rights reserved.	B34E4632CC0EF454E0788C7AC55DE11B	115235.77 kb, rsAh,created: 08.12.2022 05:01:43,modified: 21.10.2022 11:28:10 Command line: C:\Users\cropp\AppData\Local\Discord\app-1.0.9007\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\cropp\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\cropp\AppData\Roaming\discord\Crashpad --url=https://sentry.io/api/146342/minidump/?sentry_key=384ce4413de74fe0be270abe03b2b35a "--annotation=_companyName=Discord Inc." --annotation=_productName=Discord --annotation=_version=1.0.9007 --annotation=prod=Electron --annotation=ver=13.6.6 --initial-client-data=0x45c,0x480,0x484,0x434,0x488,0x7883850,0x7883860,0x788386c
d:\scoped_dir7372_823269388\gsi-6.2.2.33.exe Script: Quarantine, Delete, Delete via BC, Terminate	2068	Kaspersky Get System Info	© 2018 AO Kaspersky Lab. All Rights Reserved.	B9B243ADCA79925A5C471B2FE27EA660	13408.27 kb, rsAh,created: 08.12.2022 12:15:26,modified: 08.12.2022 12:16:33 Command line: "D:\scoped_dir7372_823269388\GSI-6.2.2.33.exe"
c:\users\cropp\appdata\local\temp\x1lg.0\gsi.exe Script: Quarantine, Delete, Delete via BC, Terminate	9488	Kaspersky Get System Info	2018 AO Kaspersky Lab. All Rights Reserved.	F4811C1F71D77F793FB07AFD32DA53A5	1328.77 kb, rsAh,created: 08.12.2022 12:17:08,modified: 18.10.2022 07:39:23 Command line: "C:\Users\cropp\AppData\Local\Temp\x1lg.0\GSI.exe"
c:\program files\windowsapps\microsoft.windows.photos_2022.30100.19004.0_x64__8wekyb3d8bbwe\microsoft.photos.exe Script: Quarantine, Delete, Delete via BC, Terminate	5672			1FA02C3B2C70BCB55FB819C986BE243B	739.00 kb, rsAh,created: 25.11.2022 20:08:34,modified: 25.11.2022 20:09:19 Command line:
c:\users\cropp\appdata\local\programs\opera gx\opera.exe Script: Quarantine, Delete, Delete via BC, Terminate	8940	Opera GX Internet Browser	Copyright Opera Software 2022	D291FF583B9AB6AE70E512DB4FE9D586	1443.95 kb, rsAh,created: 08.12.2022 02:28:21,modified: 06.12.2022 16:04:01 Command line:
c:\users\cropp\appdata\local\programs\opera gx\opera.exe Script: Quarantine, Delete, Delete via BC, Terminate	8952	Opera GX Internet Browser	Copyright Opera Software 2022	D291FF583B9AB6AE70E512DB4FE9D586	1443.95 kb, rsAh,created: 08.12.2022 02:28:21,modified: 06.12.2022 16:04:01 Command line:
c:\users\cropp\appdata\local\programs\opera gx\opera.exe Script: Quarantine, Delete, Delete via BC, Terminate	8964	Opera GX Internet Browser	Copyright Opera Software 2022	D291FF583B9AB6AE70E512DB4FE9D586	1443.95 kb, rsAh,created: 08.12.2022 02:28:21,modified: 06.12.2022 16:04:01 Command line:
c:\users\cropp\appdata\local\programs\opera gx\opera.exe Script: Quarantine, Delete, Delete via BC, Terminate	9116	Opera GX Internet Browser	Copyright Opera Software 2022	D291FF583B9AB6AE70E512DB4FE9D586	1443.95 kb, rsAh,created: 08.12.2022 02:28:21,modified: 06.12.2022 16:04:01 Command line:
c:\users\cropp\appdata\local\programs\opera gx\opera.exe Script: Quarantine, Delete, Delete via BC, Terminate	8152	Opera GX Internet Browser	Copyright Opera Software 2022	D291FF583B9AB6AE70E512DB4FE9D586	1443.95 kb, rsAh,created: 08.12.2022 02:28:21,modified: 06.12.2022 16:04:01 Command line:
c:\users\cropp\appdata\local\programs\opera gx\opera.exe Script: Quarantine, Delete, Delete via BC, Terminate	6848	Opera GX Internet Browser	Copyright Opera Software 2022	D291FF583B9AB6AE70E512DB4FE9D586	1443.95 kb, rsAh,created: 08.12.2022 02:28:21,modified: 06.12.2022 16:04:01 Command line:
c:\users\cropp\appdata\local\programs\opera gx\opera.exe Script: Quarantine, Delete, Delete via BC, Terminate	9220	Opera GX Internet Browser	Copyright Opera Software 2022	D291FF583B9AB6AE70E512DB4FE9D586	1443.95 kb, rsAh,created: 08.12.2022 02:28:21,modified: 06.12.2022 16:04:01 Command line:
c:\users\cropp\appdata\local\programs\opera gx\opera.exe Script: Quarantine, Delete, Delete via BC, Terminate	9240	Opera GX Internet Browser	Copyright Opera Software 2022	D291FF583B9AB6AE70E512DB4FE9D586	1443.95 kb, rsAh,created: 08.12.2022 02:28:21,modified: 06.12.2022 16:04:01 Command line:
c:\users\cropp\appdata\local\programs\opera gx\opera.exe Script: Quarantine, Delete, Delete via BC, Terminate	5104	Opera GX Internet Browser	Copyright Opera Software 2022	D291FF583B9AB6AE70E512DB4FE9D586	1443.95 kb, rsAh,created: 08.12.2022 02:28:21,modified: 06.12.2022 16:04:01 Command line:
c:\users\cropp\appdata\local\programs\opera gx\opera.exe Script: Quarantine, Delete, Delete via BC, Terminate	12836	Opera GX Internet Browser	Copyright Opera Software 2022	D291FF583B9AB6AE70E512DB4FE9D586	1443.95 kb, rsAh,created: 08.12.2022 02:28:21,modified: 06.12.2022 16:04:01 Command line:
c:\users\cropp\appdata\local\programs\opera gx\opera.exe Script: Quarantine, Delete, Delete via BC, Terminate	2664	Opera GX Internet Browser	Copyright Opera Software 2022	D291FF583B9AB6AE70E512DB4FE9D586	1443.95 kb, rsAh,created: 08.12.2022 02:28:21,modified: 06.12.2022 16:04:01 Command line:
c:\users\cropp\appdata\local\programs\opera gx\opera.exe Script: Quarantine, Delete, Delete via BC, Terminate	11076	Opera GX Internet Browser	Copyright Opera Software 2022	D291FF583B9AB6AE70E512DB4FE9D586	1443.95 kb, rsAh,created: 08.12.2022 02:28:21,modified: 06.12.2022 16:04:01 Command line:
c:\users\cropp\appdata\local\programs\opera gx\opera.exe Script: Quarantine, Delete, Delete via BC, Terminate	1820	Opera GX Internet Browser	Copyright Opera Software 2022	D291FF583B9AB6AE70E512DB4FE9D586	1443.95 kb, rsAh,created: 08.12.2022 02:28:21,modified: 06.12.2022 16:04:01 Command line:
c:\users\cropp\appdata\local\programs\opera gx\opera.exe Script: Quarantine, Delete, Delete via BC, Terminate	9248	Opera GX Internet Browser	Copyright Opera Software 2022	D291FF583B9AB6AE70E512DB4FE9D586	1443.95 kb, rsAh,created: 08.12.2022 02:28:21,modified: 06.12.2022 16:04:01 Command line:
c:\users\cropp\appdata\local\programs\opera gx\opera.exe Script: Quarantine, Delete, Delete via BC, Terminate	8268	Opera GX Internet Browser	Copyright Opera Software 2022	D291FF583B9AB6AE70E512DB4FE9D586	1443.95 kb, rsAh,created: 08.12.2022 02:28:21,modified: 06.12.2022 16:04:01 Command line:
c:\users\cropp\appdata\local\programs\opera gx\opera.exe Script: Quarantine, Delete, Delete via BC, Terminate	10920	Opera GX Internet Browser	Copyright Opera Software 2022	D291FF583B9AB6AE70E512DB4FE9D586	1443.95 kb, rsAh,created: 08.12.2022 02:28:21,modified: 06.12.2022 16:04:01 Command line:
c:\users\cropp\appdata\local\programs\opera gx\opera.exe Script: Quarantine, Delete, Delete via BC, Terminate	8284	Opera GX Internet Browser	Copyright Opera Software 2022	D291FF583B9AB6AE70E512DB4FE9D586	1443.95 kb, rsAh,created: 08.12.2022 02:28:21,modified: 06.12.2022 16:04:01 Command line:
c:\users\cropp\appdata\local\programs\opera gx\opera.exe Script: Quarantine, Delete, Delete via BC, Terminate	8608	Opera GX Internet Browser	Copyright Opera Software 2022	D291FF583B9AB6AE70E512DB4FE9D586	1443.95 kb, rsAh,created: 08.12.2022 02:28:21,modified: 06.12.2022 16:04:01 Command line:
c:\users\cropp\appdata\local\programs\opera gx\opera.exe Script: Quarantine, Delete, Delete via BC, Terminate	8708	Opera GX Internet Browser	Copyright Opera Software 2022	D291FF583B9AB6AE70E512DB4FE9D586	1443.95 kb, rsAh,created: 08.12.2022 02:28:21,modified: 06.12.2022 16:04:01 Command line:
c:\users\cropp\appdata\local\programs\opera gx\opera.exe Script: Quarantine, Delete, Delete via BC, Terminate	7372	Opera GX Internet Browser	Copyright Opera Software 2022	D291FF583B9AB6AE70E512DB4FE9D586	1443.95 kb, rsAh,created: 08.12.2022 02:28:21,modified: 06.12.2022 16:04:01 Command line:
c:\users\cropp\appdata\local\programs\opera gx\opera.exe Script: Quarantine, Delete, Delete via BC, Terminate	8860	Opera GX Internet Browser	Copyright Opera Software 2022	D291FF583B9AB6AE70E512DB4FE9D586	1443.95 kb, rsAh,created: 08.12.2022 02:28:21,modified: 06.12.2022 16:04:01 Command line:
c:\users\cropp\appdata\local\programs\opera gx\opera.exe Script: Quarantine, Delete, Delete via BC, Terminate	8924	Opera GX Internet Browser	Copyright Opera Software 2022	D291FF583B9AB6AE70E512DB4FE9D586	1443.95 kb, rsAh,created: 08.12.2022 02:28:21,modified: 06.12.2022 16:04:01 Command line:
c:\users\cropp\appdata\local\programs\opera gx\opera.exe Script: Quarantine, Delete, Delete via BC, Terminate	8932	Opera GX Internet Browser	Copyright Opera Software 2022	D291FF583B9AB6AE70E512DB4FE9D586	1443.95 kb, rsAh,created: 08.12.2022 02:28:21,modified: 06.12.2022 16:04:01 Command line:
C:\Users\cropp\AppData\Local\Programs\Opera GX\opera.exe Script: Quarantine, Delete, Delete via BC, Terminate	596	Opera GX Internet Browser	Copyright Opera Software 2022	D291FF583B9AB6AE70E512DB4FE9D586	1443.95 kb, rsAh,created: 08.12.2022 02:28:21,modified: 06.12.2022 16:04:01 Command line:
c:\users\cropp\appdata\local\programs\opera gx\93.0.4585.52\opera_crashreporter.exe Script: Quarantine, Delete, Delete via BC, Terminate	7616	Opera GX crash-reporter	Copyright Opera Software 2022	506B90E52817D09265D93BD68B5C1B77	2366.95 kb, rsAh,created: 08.12.2022 02:28:16,modified: 06.12.2022 16:04:06 Command line:
c:\program files\windowsapps\microsoft.yourphone_1.22092.214.0_x64__8wekyb3d8bbwe\phoneexperiencehost.exe Script: Quarantine, Delete, Delete via BC, Terminate	10052	Microsoft Phone Link	© Microsoft Corporation. All rights reserved.	24FD64C5574C3465B15A3DFB0A922487	484.89 kb, rsAh,created: 25.11.2022 20:08:20,modified: 25.11.2022 20:09:06 Command line:
Registry.exe Script: Quarantine, Delete, Delete via BC, Terminate	124			X	error getting file info Command line:
c:\program files\speccy\speccy64.exe Script: Quarantine, Delete, Delete via BC, Terminate	6364	Speccy	Copyright Piriform 2005-2020	D41812A78894D4E47DF163DB19D354E6	7459.09 kb, rsAh,created: 14.06.2022 06:51:48,modified: 14.06.2022 06:51:48 Command line:
Detected:173, recognized as trusted 128

Module name	Handle	Description	Copyright	Information	Used by processes
C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2211.5-0\X86\MpOav.dll Script: Quarantine, Delete, Delete via BC	1665138688	IOfficeAntiVirus Module	© Microsoft Corporation. All rights reserved.	MD5=BF6CA7B4CADBB3F2A7D952BE02FEC419 424.75 kb, rsAh, created: 08.12.2022 04:19:32, modified: 08.12.2022 04:19:25	7864, 4752, 5388, 10672
C:\Users\cropp\AppData\Local\Discord\app-1.0.9007\ffmpeg.dll Script: Quarantine, Delete, Delete via BC	1661140992			MD5=F190360F49791D3B9DE761227008BA14 2551.77 kb, rsAh, created: 08.12.2022 05:01:46, modified: 21.10.2022 11:28:10	9444, 9856, 10020, 7408, 10672, 8748
C:\Users\cropp\AppData\Local\Discord\app-1.0.9007\libegl.dll Script: Quarantine, Delete, Delete via BC	1628962816	ANGLE libEGL Dynamic Link Library	Copyright (C) 2015 Google Inc.	MD5=4351061539C06A5AEFC16D6B93A3DB6C 364.77 kb, rsAh, created: 08.12.2022 05:01:46, modified: 21.10.2022 11:28:10	9444
C:\Users\cropp\AppData\Local\Discord\app-1.0.9007\libglesv2.dll Script: Quarantine, Delete, Delete via BC	1629356032	ANGLE libGLESv2 Dynamic Link Library	Copyright (C) 2015 Google Inc.	MD5=A737CE8E27A321B021EF52E0997CE612 6780.77 kb, rsAh, created: 08.12.2022 05:01:46, modified: 21.10.2022 11:28:10	9444
C:\Users\cropp\AppData\Local\Discord\app-1.0.9007\modules\discord_cloudsync-1\discord_cloudsync\discord_cloudsync.node Script: Quarantine, Delete, Delete via BC	471859200			MD5=1B3E0CBB5FB333122A8682C49F8EBC55 3732.77 kb, rsAh, created: 08.12.2022 05:02:17, modified: 21.10.2022 19:16:43	10672
C:\Users\cropp\AppData\Local\Discord\app-1.0.9007\modules\discord_dispatch-1\discord_dispatch\discord_dispatch.node Script: Quarantine, Delete, Delete via BC	421527552			MD5=E56F9C760A5F4176A3E11525D0852211 7734.27 kb, rsAh, created: 08.12.2022 05:04:22, modified: 21.10.2022 19:16:50	10672
C:\Users\cropp\AppData\Local\Discord\app-1.0.9007\modules\discord_erlpack-1\discord_erlpack\discord_erlpack.node Script: Quarantine, Delete, Delete via BC	1967259648			MD5=3BD9162AB40C4696351433D0B8F18F83 541.27 kb, rsAh, created: 08.12.2022 05:02:04, modified: 21.10.2022 19:16:56	10672
C:\Users\cropp\AppData\Local\Discord\app-1.0.9007\modules\discord_game_utils-1\discord_game_utils\discord_game_utils.node Script: Quarantine, Delete, Delete via BC	1499856896			MD5=6D62135B1A0E3B4769B248883D7FDC68 907.77 kb, rsAh, created: 08.12.2022 05:02:19, modified: 21.10.2022 19:17:00	10672
C:\Users\cropp\AppData\Local\Discord\app-1.0.9007\modules\discord_krisp-1\discord_krisp\discord_krisp.node Script: Quarantine, Delete, Delete via BC	350224384			MD5=8E0AD46954D5EC7181CEDE4691394AC2 21282.77 kb, rsAh, created: 08.12.2022 05:02:15, modified: 21.10.2022 19:17:21	10672
C:\Users\cropp\AppData\Local\Discord\app-1.0.9007\modules\discord_media-1\discord_media\discord_media.node Script: Quarantine, Delete, Delete via BC	1536294912			MD5=16F3BD5B08ACE7FE091FBBA54D12019A 556.27 kb, rsAh, created: 08.12.2022 05:04:19, modified: 21.10.2022 19:17:29	10672
C:\Users\cropp\AppData\Local\Discord\app-1.0.9007\modules\discord_modules-1\discord_modules\discord_modules.node Script: Quarantine, Delete, Delete via BC	1535770624			MD5=A532E129439855362CDE228852AB971E 497.27 kb, rsAh, created: 08.12.2022 05:04:24, modified: 21.10.2022 19:17:37	10672
C:\Users\cropp\AppData\Local\Discord\app-1.0.9007\modules\discord_overlay2-1\discord_overlay2\discord_overlay2.node Script: Quarantine, Delete, Delete via BC	1499136000			MD5=C3AFD8817184E60F0FB1002BCF467F7F 674.27 kb, rsAh, created: 08.12.2022 05:02:18, modified: 21.10.2022 19:17:43	10672
C:\Users\cropp\AppData\Local\Discord\app-1.0.9007\modules\discord_spellcheck-1\discord_spellcheck\node_modules\cld\build\Release\cld.node Script: Quarantine, Delete, Delete via BC	524288000			MD5=55A810FE9B7BB5F6B96DFBC49222D7FD 2623.77 kb, rsAh, created: 08.12.2022 05:02:04, modified: 21.10.2022 19:17:52	10672
C:\Users\cropp\AppData\Local\Discord\app-1.0.9007\modules\discord_utils-1\discord_utils\discord_utils.node Script: Quarantine, Delete, Delete via BC	1530003456			MD5=4A88BB90E028D5241F55AAA2EB4B9CBD 702.77 kb, rsAh, created: 08.12.2022 05:02:05, modified: 21.10.2022 19:18:05	10672
C:\Users\cropp\AppData\Local\Discord\app-1.0.9007\modules\discord_utils-1\discord_utils\node_modules\macos-notification-state\build\Release\notificationstate.node Script: Quarantine, Delete, Delete via BC	1967849472			MD5=3981A8709F12690AD0CFE0B75B06B0EC 434.77 kb, rsAh, created: 08.12.2022 05:02:06, modified: 21.10.2022 19:18:03	10672
C:\Users\cropp\AppData\Local\Discord\app-1.0.9007\modules\discord_utils-1\discord_utils\node_modules\windows-notification-state\build\Release\notificationstate.node Script: Quarantine, Delete, Delete via BC	1530789888			MD5=17A299A14E6DD61A2915E5508EEC5693 455.27 kb, rsAh, created: 08.12.2022 05:02:06, modified: 21.10.2022 19:18:01	10672
C:\Users\cropp\AppData\Local\Discord\app-1.0.9007\modules\discord_utils-1\discord_utils\node_modules\windows-quiet-hours\build\Release\quiethours.node Script: Quarantine, Delete, Delete via BC	1965490176			MD5=3FC7F6F660F4A6E20585DE601BE14D1A 442.27 kb, rsAh, created: 08.12.2022 05:02:06, modified: 21.10.2022 19:17:59	10672
C:\Users\cropp\AppData\Local\Discord\app-1.0.9007\modules\discord_voice-5\discord_voice\discord_voice.node Script: Quarantine, Delete, Delete via BC	297795584			MD5=B441DBAB6B6C2F83371F5C387A461C23 12638.27 kb, rsAh, created: 08.12.2022 05:02:04, modified: 29.11.2022 20:43:54	10672
C:\Users\cropp\AppData\Local\Discord\app-1.0.9007\modules\discord_voice-5\discord_voice\mediapipe.dll Script: Quarantine, Delete, Delete via BC	1536884736			MD5=ACE49A44EC554174073F7266CBAC8880 5138.77 kb, rsAh, created: 08.12.2022 05:02:04, modified: 29.11.2022 20:43:50	10672
C:\Users\cropp\AppData\Local\Discord\app-1.0.9007\updater.node Script: Quarantine, Delete, Delete via BC	1655832576			MD5=39C09C1C4D8FC5156532995533036715 3680.27 kb, rsAh, created: 08.12.2022 05:01:47, modified: 21.10.2022 11:28:10	7408
D:\Program files\Battle.net\Battle.net.13859\Battle.net Helper.dll Script: Quarantine, Delete, Delete via BC	1573715968	Battle.net Browser Helper	© 2012-2022 Blizzard Entertainment Inc.	MD5=E0EBEB97AB3B60FC302C7FFEF8BE4C7D 4166.12 kb, rsAh, created: 08.12.2022 05:08:16, modified: 08.12.2022 05:08:16	13016, 3340, 11404, 896, 12544
D:\Program files\Battle.net\Battle.net.13859\battle.net.dll Script: Quarantine, Delete, Delete via BC	1927544832	Battle.net	© 2012-2022 Blizzard Entertainment Inc.	MD5=ACD9C6E03A726643463966FC6AFFB2FB 24787.62 kb, rsAh, created: 08.12.2022 05:08:18, modified: 08.12.2022 05:08:19	5388
Modules found:288, recognized as trusted 266

Kernel Space Modules Viewer

Module	Redirector	Base address	Size in memory	Description	Manufacturer
C:\Windows\system32\drivers\wd\WdFilter.sys 462.28 kb, rsAh, created: 08.12.2022 04:19:32, modified: 08.12.2022 04:19:28 Script: Quarantine, Delete, Delete via BC	x64	2E760000	00077000 (487424)	Microsoft antimalware file system filter driver	© Microsoft Corporation. All rights reserved.
C:\Windows\System32\Drivers\dump_diskdump.sys error getting file info Script: Quarantine, Delete, Delete via BC	x64	52C30000	0000F000 (61440)
C:\Windows\System32\drivers\dump_storahci.sys error getting file info Script: Quarantine, Delete, Delete via BC	x64	52C80000	00032000 (204800)
C:\Windows\System32\Drivers\dump_dumpfve.sys error getting file info Script: Quarantine, Delete, Delete via BC	x64	52CE0000	0001D000 (118784)
C:\Windows\system32\drivers\wd\WdNisDrv.sys 97.28 kb, rsAh, created: 08.12.2022 04:19:32, modified: 08.12.2022 04:19:28 Script: Quarantine, Delete, Delete via BC	x64	31E90000	0001C000 (114688)	Windows Defender Network Stream Filter	© Microsoft Corporation. All rights reserved.
Items found - 192, recognized as trusted - 187

Services

Service	Description	Status	File name	Redirector	Description	Manufacturer	Group	Dependencies
MicrosoftEdgeElevationService Service: Stop, Delete, Disable, Delete via BC	Microsoft Edge Elevation Service (MicrosoftEdgeElevationService)	Not started	C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.42\elevation_service.exe 1698.41 kb, rsAh, created: 08.12.2022 10:33:49, modified: 05.12.2022 06:55:40 Script: Quarantine, Delete, Delete via BC	x64	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.		RPCSS
WdNisSvc Service: Stop, Delete, Disable, Delete via BC	Microsoft Defender Antivirus Network Inspection Service	Running	C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2211.5-0\NisSrv.exe 3116.47 kb, rsAh, created: 08.12.2022 04:19:32, modified: 08.12.2022 04:19:26 Script: Quarantine, Delete, Delete via BC	x64	Microsoft Network Realtime Inspection Service	© Microsoft Corporation. All rights reserved.		WdNisDrv
WinDefend Service: Stop, Delete, Disable, Delete via BC	Microsoft Defender Antivirus Service	Running	C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2211.5-0\MsMpEng.exe 130.46 kb, rsAh, created: 08.12.2022 04:19:32, modified: 08.12.2022 04:19:26 Script: Quarantine, Delete, Delete via BC	x64	Antimalware Service Executable	© Microsoft Corporation. All rights reserved.		RpcSs
Items found - 251, recognized as trusted - 248

Drivers

Service	Description	Status	File name	Redirector	Description	Manufacturer	Group	Dependencies
WdBoot Driver: Unload, Delete, Disable, Delete via BC	Microsoft Defender Antivirus Boot Driver	Not started	C:\Windows\system32\drivers\wd\WdBoot.sys 48.41 kb, rsAh, created: 08.12.2022 04:19:32, modified: 08.12.2022 04:19:28 Script: Quarantine, Delete, Delete via BC	x64	Microsoft antimalware boot driver	© Microsoft Corporation. All rights reserved.	Early-Launch
WdFilter Driver: Unload, Delete, Disable, Delete via BC	Microsoft Defender Antivirus Mini-Filter Driver	Running	C:\Windows\system32\drivers\wd\WdFilter.sys 462.28 kb, rsAh, created: 08.12.2022 04:19:32, modified: 08.12.2022 04:19:28 Script: Quarantine, Delete, Delete via BC	x64	Microsoft antimalware file system filter driver	© Microsoft Corporation. All rights reserved.	FSFilter Anti-Virus	FltMgr
WdNisDrv Driver: Unload, Delete, Disable, Delete via BC	Microsoft Defender Antivirus Network Inspection System Driver	Running	C:\Windows\system32\drivers\wd\WdNisDrv.sys 97.28 kb, rsAh, created: 08.12.2022 04:19:32, modified: 08.12.2022 04:19:28 Script: Quarantine, Delete, Delete via BC	x64	Windows Defender Network Stream Filter	© Microsoft Corporation. All rights reserved.		BFE
Items found - 378, recognized as trusted - 375

Autoruns

File name	Redirector	Startup method	Description
C:\Windows\System32\drivers\ati2erec.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\ATIeRecord, EventMessageFile
C:\Windows\System32\drivers\ati2erec.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\ATIeRecord, CategoryMessageFile
C:\Windows\System32\icardres.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\CardSpace 4.0.0.0, EventMessageFile
C:\Windows\System32\icardres.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\CardSpace 4.0.0.0, CategoryMessageFile
C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.42\eventlog_provider.dll 16.41 kb, rsAh, created: 08.12.2022 10:33:49, modified: 05.12.2022 06:55:25 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Edge, EventMessageFile
C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.42\eventlog_provider.dll 16.41 kb, rsAh, created: 08.12.2022 10:33:49, modified: 05.12.2022 06:55:25 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Edge, CategoryMessageFile
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.37\msedgeupdate.dll 2087.92 kb, rsAh, created: 08.12.2022 10:20:42, modified: 08.12.2022 10:20:42 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\edgeupdate, EventMessageFile
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.37\msedgeupdate.dll 2087.92 kb, rsAh, created: 08.12.2022 10:20:42, modified: 08.12.2022 10:20:42 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\edgeupdatem, EventMessageFile
C:\Program Files\Common Files\Microsoft Shared\Ink\IPSEventLogMsg.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Handwriting Recognition, EventMessageFile
C:\Program Files\Common Files\Microsoft Shared\Ink\IPSEventLogMsg.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Handwriting Recognition, CategoryMessageFile
C:\Windows\System32\drivers\ati2erec.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\amdkmdag, EventMessageFile
C:\Windows\System32\drivers\ati2erec.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\amdkmdag, CategoryMessageFile
C:\Windows\System32\Drivers\UMDF\UsbccidDriver.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-USB-CCID, EventMessageFile
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 3786.41 kb, rsAh, created: 05.08.2021 22:41:46, modified: 05.12.2022 06:54:53 Script: Quarantine, Delete, Delete via BC	x64	Shortcut in Startup folder	C:\Users\cropp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\cropp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk,
C:\Users\cropp\AppData\Local\Discord\Update.exe 1489.27 kb, rsAh, created: 08.12.2022 05:01:43, modified: 21.10.2022 12:16:06 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Discord Delete
Discord.exe error getting file info Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Discord Delete
C:\Windows\system32\bootim.exe error getting file info Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\, BootShell
C:\Users\cropp\AppData\Local\Discord\Update.exe 1489.27 kb, rsAh, created: 08.12.2022 05:01:43, modified: 21.10.2022 12:16:06 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Discord Delete
Discord.exe error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Discord Delete
Items found - 1011, recognized as trusted - 992

Internet Explorer extension modules (BHOs, Toolbars ...)

File name	Redirector	Type	Description	Manufacturer	CLSID
C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.42\BHO\ie_to_edge_bho.dll 446.41 kb, rsAh, created: 08.12.2022 10:33:47, modified: 05.12.2022 06:54:52 Script: Quarantine, Delete, Delete via BC	x32	BHO	IEToEdge BHO	Copyright Microsoft Corporation. All rights reserved.	{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} Delete
C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.42\BHO\ie_to_edge_bho_64.dll 581.41 kb, rsAh, created: 08.12.2022 10:33:47, modified: 05.12.2022 06:55:09 Script: Quarantine, Delete, Delete via BC	x64	BHO	IEToEdge BHO	Copyright Microsoft Corporation. All rights reserved.	{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} Delete
Items found - 4, recognized as trusted - 2

Windows Explorer extension modules

File name	Redirector	Destination	Description	Manufacturer	CLSID
Items found - 70, recognized as trusted - 70

Printing system extensions (print monitors, providers)

File name	Redirector	Name	Type	Description	Manufacturer
Items found - 8, recognized as trusted - 8

Task Scheduler jobs

File name	Redirector	Job name	Description	Manufacturer	Path	Command line
%windir%\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& %windir%\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client" error getting file info Script: Quarantine, Delete, Delete via BC	x64	UninstallSMB1ClientTask Script: Delete scheduler task			C:\Windows\system32\Tasks\Microsoft\Windows\SMB\	%windir%\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& %windir%\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client"
%windir%\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& %windir%\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server" error getting file info Script: Quarantine, Delete, Delete via BC	x64	UninstallSMB1ServerTask Script: Delete scheduler task			C:\Windows\system32\Tasks\Microsoft\Windows\SMB\	%windir%\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& %windir%\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server"
C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2211.5-0\MpCmdRun.exe 1554.87 kb, rsAh, created: 08.12.2022 04:19:32, modified: 08.12.2022 04:19:26 Script: Quarantine, Delete, Delete via BC	x64	Windows Defender Cache Maintenance Script: Delete scheduler task	Microsoft Malware Protection Command Line Utility	© Microsoft Corporation. All rights reserved.	C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender\	C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2211.5-0\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2211.5-0\MpCmdRun.exe 1554.87 kb, rsAh, created: 08.12.2022 04:19:32, modified: 08.12.2022 04:19:26 Script: Quarantine, Delete, Delete via BC	x64	Windows Defender Cleanup Script: Delete scheduler task	Microsoft Malware Protection Command Line Utility	© Microsoft Corporation. All rights reserved.	C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender\	C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2211.5-0\MpCmdRun.exe -IdleTask -TaskName WdCleanup
C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2211.5-0\MpCmdRun.exe 1554.87 kb, rsAh, created: 08.12.2022 04:19:32, modified: 08.12.2022 04:19:26 Script: Quarantine, Delete, Delete via BC	x64	Windows Defender Scheduled Scan Script: Delete scheduler task	Microsoft Malware Protection Command Line Utility	© Microsoft Corporation. All rights reserved.	C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender\	C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2211.5-0\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55 -IdleScheduledJob
C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2211.5-0\MpCmdRun.exe 1554.87 kb, rsAh, created: 08.12.2022 04:19:32, modified: 08.12.2022 04:19:26 Script: Quarantine, Delete, Delete via BC	x64	Windows Defender Verification Script: Delete scheduler task	Microsoft Malware Protection Command Line Utility	© Microsoft Corporation. All rights reserved.	C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender\	C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2211.5-0\MpCmdRun.exe -IdleTask -TaskName WdVerification
C:\Users\cropp\AppData\Local\Programs\Opera GX\launcher.exe 2506.45 kb, rsAh, created: 08.12.2022 02:28:21, modified: 06.12.2022 16:03:56 Script: Quarantine, Delete, Delete via BC	x64	Opera GX scheduled Autoupdate 1670466497 Script: Delete scheduler task	Opera GX Internet Browser	Copyright Opera Software 2022	C:\Windows\system32\Tasks\	C:\Users\cropp\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate $(Arg0)
Items found - 101, recognized as trusted - 94

Namespace providers (NSP)

Manufacturer	Status	EXE file	Redirector	Description	Manufacturer	GUID
Items found - 14, recognized as trusted - 14

Transport protocol providers (TSP, LSP)

Protocol Name	EXE file	Redirector	Description	Manufacturer
Items found - 28, recognized as trusted - 28

TCP/UDP ports

Port	Status	Remote Host	Remote Port	Application	Redirector	Notes	Description	Manufacturer
TCP ports
445	LISTENING	0.0.0.0	0	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64	Microsoft NET
49665	LISTENING	0.0.0.0	0	wininit.exe [724] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64
49669	LISTENING	0.0.0.0	0	services.exe [796] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64
1120	LISTENING	0.0.0.0	0	c:\programdata\battle.net\agent\agent.8067\agent.exe [7864] 5422.12 kb, rsAh, created: 08.12.2022 05:07:13, modified: 08.12.2022 05:07:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Battle.net Update Agent	© 2010-2022 Blizzard Entertainment Inc.
1120	TIME_WAIT	127.0.0.1	60200	[0]	x64
1120	TIME_WAIT	127.0.0.1	60201	[0]	x64
1120	TIME_WAIT	127.0.0.1	60202	[0]	x64
1120	TIME_WAIT	127.0.0.1	60203	[0]	x64
1120	TIME_WAIT	127.0.0.1	60204	[0]	x64
1120	TIME_WAIT	127.0.0.1	60206	[0]	x64
1120	TIME_WAIT	127.0.0.1	60208	[0]	x64
1120	TIME_WAIT	127.0.0.1	60211	[0]	x64
1120	TIME_WAIT	127.0.0.1	60213	[0]	x64
1120	TIME_WAIT	127.0.0.1	60216	[0]	x64
1120	TIME_WAIT	127.0.0.1	60217	[0]	x64
1120	TIME_WAIT	127.0.0.1	60218	[0]	x64
1120	TIME_WAIT	127.0.0.1	60219	[0]	x64
1120	TIME_WAIT	127.0.0.1	60221	[0]	x64
1120	TIME_WAIT	127.0.0.1	60222	[0]	x64
1120	TIME_WAIT	127.0.0.1	60223	[0]	x64
1120	TIME_WAIT	127.0.0.1	60224	[0]	x64
1120	TIME_WAIT	127.0.0.1	60226	[0]	x64
1120	TIME_WAIT	127.0.0.1	60227	[0]	x64
1120	TIME_WAIT	127.0.0.1	60228	[0]	x64
1120	TIME_WAIT	127.0.0.1	60229	[0]	x64
1120	TIME_WAIT	127.0.0.1	60231	[0]	x64
1120	TIME_WAIT	127.0.0.1	60233	[0]	x64
1120	TIME_WAIT	127.0.0.1	60234	[0]	x64
1120	TIME_WAIT	127.0.0.1	60235	[0]	x64
1120	TIME_WAIT	127.0.0.1	60236	[0]	x64
1120	TIME_WAIT	127.0.0.1	60237	[0]	x64
1120	TIME_WAIT	127.0.0.1	60238	[0]	x64
1120	TIME_WAIT	127.0.0.1	60241	[0]	x64
1120	TIME_WAIT	127.0.0.1	60244	[0]	x64
1120	TIME_WAIT	127.0.0.1	60246	[0]	x64
1120	TIME_WAIT	127.0.0.1	60248	[0]	x64
1120	TIME_WAIT	127.0.0.1	60250	[0]	x64
1120	TIME_WAIT	127.0.0.1	60252	[0]	x64
1120	TIME_WAIT	127.0.0.1	60253	[0]	x64
1120	TIME_WAIT	127.0.0.1	60254	[0]	x64
1120	TIME_WAIT	127.0.0.1	60255	[0]	x64
1120	TIME_WAIT	127.0.0.1	60256	[0]	x64
1120	TIME_WAIT	127.0.0.1	60257	[0]	x64
1120	TIME_WAIT	127.0.0.1	60258	[0]	x64
1120	TIME_WAIT	127.0.0.1	60259	[0]	x64
1120	TIME_WAIT	127.0.0.1	60260	[0]	x64
1120	TIME_WAIT	127.0.0.1	60261	[0]	x64
1120	TIME_WAIT	127.0.0.1	60262	[0]	x64
1120	TIME_WAIT	127.0.0.1	60263	[0]	x64
1120	TIME_WAIT	127.0.0.1	60264	[0]	x64
1120	TIME_WAIT	127.0.0.1	60265	[0]	x64
1120	TIME_WAIT	127.0.0.1	60266	[0]	x64
1120	TIME_WAIT	127.0.0.1	60267	[0]	x64
1120	TIME_WAIT	127.0.0.1	60268	[0]	x64
1120	TIME_WAIT	127.0.0.1	60269	[0]	x64
1120	TIME_WAIT	127.0.0.1	60270	[0]	x64
1120	TIME_WAIT	127.0.0.1	60271	[0]	x64
1120	TIME_WAIT	127.0.0.1	60272	[0]	x64
1120	TIME_WAIT	127.0.0.1	60273	[0]	x64
6463	LISTENING	0.0.0.0	0	c:\users\cropp\appdata\local\discord\app-1.0.9007\discord.exe [10672] 115235.77 kb, rsAh, created: 08.12.2022 05:01:43, modified: 21.10.2022 11:28:10 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Discord	Copyright (c) 2022 Discord Inc. All rights reserved.
22885	LISTENING	0.0.0.0	0	d:\program files\battle.net\battle.net.exe [5388] 1064.62 kb, rsAh, created: 08.12.2022 05:08:13, modified: 08.12.2022 05:08:13 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Battle·net	© 2012-2022 Blizzard Entertainment Inc.
54203	ESTABLISHED	127.0.0.1	54204	d:\program files\battle.net\battle.net.exe [5388] 1064.62 kb, rsAh, created: 08.12.2022 05:08:13, modified: 08.12.2022 05:08:13 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Battle·net	© 2012-2022 Blizzard Entertainment Inc.
54204	ESTABLISHED	127.0.0.1	54203	d:\program files\battle.net\battle.net.exe [5388] 1064.62 kb, rsAh, created: 08.12.2022 05:08:13, modified: 08.12.2022 05:08:13 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Battle·net	© 2012-2022 Blizzard Entertainment Inc.
60216	TIME_WAIT	127.0.0.1	1120	[0]	x64
60262	TIME_WAIT	127.0.0.1	1120	[0]	x64
139	LISTENING	0.0.0.0	0	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64	Microsoft NET
54218	ESTABLISHED	34.96.102.137	443	c:\users\cropp\appdata\local\programs\opera gx\opera.exe [8284] 1443.95 kb, rsAh, created: 08.12.2022 02:28:21, modified: 06.12.2022 16:04:01 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Opera GX Internet Browser	Copyright Opera Software 2022
54231	ESTABLISHED	37.244.55.151	1119	d:\program files\battle.net\battle.net.exe [5388] 1064.62 kb, rsAh, created: 08.12.2022 05:08:13, modified: 08.12.2022 05:08:13 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Battle·net	© 2012-2022 Blizzard Entertainment Inc.
54353	ESTABLISHED	162.247.241.14	443	d:\program files\battle.net\battle.net.exe [11404] 1064.62 kb, rsAh, created: 08.12.2022 05:08:13, modified: 08.12.2022 05:08:13 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Battle·net	© 2012-2022 Blizzard Entertainment Inc.
54827	ESTABLISHED	2.17.209.130	443	c:\users\cropp\appdata\local\programs\opera gx\opera.exe [8284] 1443.95 kb, rsAh, created: 08.12.2022 02:28:21, modified: 06.12.2022 16:04:01 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Opera GX Internet Browser	Copyright Opera Software 2022
54836	ESTABLISHED	2.17.209.130	443	c:\users\cropp\appdata\local\programs\opera gx\opera.exe [8284] 1443.95 kb, rsAh, created: 08.12.2022 02:28:21, modified: 06.12.2022 16:04:01 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Opera GX Internet Browser	Copyright Opera Software 2022
57690	ESTABLISHED	162.159.130.234	443	c:\users\cropp\appdata\local\discord\app-1.0.9007\discord.exe [9856] 115235.77 kb, rsAh, created: 08.12.2022 05:01:43, modified: 21.10.2022 11:28:10 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Discord	Copyright (c) 2022 Discord Inc. All rights reserved.
60101	ESTABLISHED	162.159.130.235	443	c:\users\cropp\appdata\local\discord\app-1.0.9007\discord.exe [9856] 115235.77 kb, rsAh, created: 08.12.2022 05:01:43, modified: 21.10.2022 11:28:10 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Discord	Copyright (c) 2022 Discord Inc. All rights reserved.
60105	ESTABLISHED	162.247.241.14	443	d:\program files\battle.net\battle.net.exe [11404] 1064.62 kb, rsAh, created: 08.12.2022 05:08:13, modified: 08.12.2022 05:08:13 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Battle·net	© 2012-2022 Blizzard Entertainment Inc.
60205	TIME_WAIT	40.74.108.123	443	[0]	x64
60207	TIME_WAIT	20.42.65.90	443	[0]	x64
60209	ESTABLISHED	13.90.213.204	80	c:\users\cropp\appdata\local\programs\opera gx\opera.exe [8284] 1443.95 kb, rsAh, created: 08.12.2022 02:28:21, modified: 06.12.2022 16:04:01 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Opera GX Internet Browser	Copyright Opera Software 2022
60210	ESTABLISHED	13.90.213.204	80	c:\users\cropp\appdata\local\programs\opera gx\opera.exe [8284] 1443.95 kb, rsAh, created: 08.12.2022 02:28:21, modified: 06.12.2022 16:04:01 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Opera GX Internet Browser	Copyright Opera Software 2022
60214	TIME_WAIT	37.244.28.30	1119	[0]	x64
60215	TIME_WAIT	37.244.28.30	1119	[0]	x64
60230	TIME_WAIT	37.244.28.30	1119	[0]	x64
60232	TIME_WAIT	37.244.28.30	1119	[0]	x64
60239	TIME_WAIT	37.244.28.30	1119	[0]	x64
60242	ESTABLISHED	137.221.105.136	443	c:\programdata\battle.net\agent\agent.8067\agent.exe [7864] 5422.12 kb, rsAh, created: 08.12.2022 05:07:13, modified: 08.12.2022 05:07:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Battle.net Update Agent	© 2010-2022 Blizzard Entertainment Inc.
60245	ESTABLISHED	162.159.138.232	443	c:\users\cropp\appdata\local\discord\app-1.0.9007\discord.exe [7408] 115235.77 kb, rsAh, created: 08.12.2022 05:01:43, modified: 21.10.2022 11:28:10 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Discord	Copyright (c) 2022 Discord Inc. All rights reserved.
UDP ports
5353	LISTENING	--	--	c:\users\cropp\appdata\local\programs\opera gx\opera.exe [8284] 1443.95 kb, rsAh, created: 08.12.2022 02:28:21, modified: 06.12.2022 16:04:01 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Opera GX Internet Browser	Copyright Opera Software 2022
5353	LISTENING	--	--	c:\users\cropp\appdata\local\programs\opera gx\opera.exe [8284] 1443.95 kb, rsAh, created: 08.12.2022 02:28:21, modified: 06.12.2022 16:04:01 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Opera GX Internet Browser	Copyright Opera Software 2022
61710	LISTENING	--	--	c:\users\cropp\appdata\local\discord\app-1.0.9007\discord.exe [10672] 115235.77 kb, rsAh, created: 08.12.2022 05:01:43, modified: 21.10.2022 11:28:10 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Discord	Copyright (c) 2022 Discord Inc. All rights reserved.
137	LISTENING	--	--	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64	Microsoft NET
138	LISTENING	--	--	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64	Microsoft NET
Items found - 113, recognized as trusted - 23

Downloaded Program Files (DPF)

File name	Redirector	Description	Manufacturer	CLSID	Source URL
Items found - 0, recognized as trusted - 0

Control Panel Applets (CPL)

File name	Redirector	Description	Manufacturer
Items found - 35, recognized as trusted - 35

Active Setup

File name	Redirector	Description	Manufacturer	CLSID
C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.42\Installer\setup.exe 3288.91 kb, rsAh, created: 08.12.2022 10:34:01, modified: 08.12.2022 10:33:35 Script: Quarantine, Delete, Delete via BC	x64	Microsoft Edge Installer	Copyright Microsoft Corporation. All rights reserved.	{9459C573-B17A-45AE-9F64-1857B5D58CEE} Delete
C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.42\Installer\setup.exe 3288.91 kb, rsAh, created: 08.12.2022 10:34:01, modified: 08.12.2022 10:33:35 Script: Quarantine, Delete, Delete via BC	x64	Microsoft Edge Installer	Copyright Microsoft Corporation. All rights reserved.	{9459C573-B17A-45AE-9F64-1857B5D58CEE} Delete
Items found - 20, recognized as trusted - 18

HOSTS file

Hosts file record

Protocols and handlers

File name	Redirector	Type	Description	Manufacturer	CLSID
Items found - 44, recognized as trusted - 44

Shared resources

Network name	Path	Notes
C$	C:\	Default share
D$	D:\	Default share
F$	F:\	Default share
ADMIN$	C:\Windows	Remote Admin
IPC$		Remote IPC

Background Intelligent Transfer Service (BITS) Jobs

BITS Job ID

Job name

Status

Source URL or file name

Destination file name

Notification program

Suspicious objects

File

Redirector

Description

Type

Attention !!! Database was last updated 06/10/2022 it is necessary to update the database (via File - Database update)
AVZ Toolkit log; AVZ version is 5.63 private build [06.10.2022 18:46:05]
Scanning started at 08.12.2022 12:20:36
Database loaded: signatures - 9995, NN profile(s) - 2, malware removal microprograms - 23, signature database released 06.10.2022 16:00
Heuristic microprograms loaded: 417
PVS microprograms loaded: 10
Digital signatures of system files loaded: 638405
Heuristic analyzer mode: Maximum heuristics mode
Malware removal mode: disabled
Windows version is: 10.0.19045,  "Windows 10 Home" (Windows 10 Home) x64, install date 08.12.2022 00:08:33 ; AVZ is run with administrator rights (+)
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .rdata
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
2. Scanning RAM
 Number of processes found: 157
 Number of modules loaded: 288
Scanning RAM - complete
3. Scanning disks
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
 Checking - disabled by user
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Remote Desktop Services)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
>> Windows Explorer - show extensions of known file types
Checking - complete
9. Troubleshooting wizard
 >>  HDD autorun is allowed
 >>  Network drives autorun is allowed
 >>  Removable media autorun is allowed
Checking - complete
Files scanned: 445, extracted from archives: 0, malicious software found 0, suspicions - 0
Scanning finished at 08.12.2022 12:21:06
Time of scanning: 00:00:32
System Analysis in progress
Network diagnostics
 DNS and Ping test
  Host="yandex.ru", IP="77.88.55.50,77.88.55.55,5.255.255.80,5.255.255.88", Ping=OK (0,75,77.88.55.50)
  Host="google.ru", IP="142.250.200.35", Ping=OK (0,31,142.250.200.35)
  Host="google.com", IP="172.217.16.238", Ping=OK (0,33,172.217.16.238)
  Host="www.kaspersky.com", IP="185.85.15.47", Ping=OK (0,48,185.85.15.47)
  Host="www.kaspersky.ru", IP="77.74.178.40", Ping=OK (0,86,77.74.178.40)
  Host="dnl-03.geo.kaspersky.com", IP="80.239.197.106", Ping=OK (0,50,80.239.197.106)
  Host="dnl-11.geo.kaspersky.com", IP="193.45.6.10", Ping=OK (0,39,193.45.6.10)
  Host="activation-v2.kaspersky.com", IP="195.27.252.50", Ping=Error (11010,0,0.0.0.0)
  Host="odnoklassniki.ru", IP="217.20.155.13,217.20.147.1,5.61.23.11", Ping=OK (0,69,217.20.155.13)
  Host="vk.com", IP="93.186.225.194,87.240.132.78,87.240.132.67,87.240.129.133,87.240.132.72,...", Ping=OK (0,58,93.186.225.194)
  Host="vkontakte.ru", IP="87.240.132.72,87.240.132.78,87.240.129.133,87.240.137.164,87.240.132.67,...", Ping=OK (0,54,87.240.132.72)
  Host="twitter.com", IP="104.244.42.129", Ping=OK (0,15,104.244.42.129)
  Host="facebook.com", IP="157.240.221.35", Ping=OK (0,33,157.240.221.35)
  Host="ru-ru.facebook.com", IP="157.240.232.15", Ping=OK (0,36,157.240.232.15)
 Network IE settings
  IE setting AutoConfigURL=
  IE setting AutoConfigProxy=
  IE setting ProxyOverride=
  IE setting ProxyServer=
  IE setting Internet\ManualProxies=
 Network TCP/IP settings
  Interface: "Ethernet"
   IPAddress = "192.168.1.64"
   DHCPIPAddress = "192.168.1.64"
   SubnetMask = "255.255.255.0"
   DHCPSubnetMask = "255.255.255.0"
   DefaultGateway = ""
   NameServer = ""
   Domain = ""
   DhcpServer = "192.168.1.254"
 Network Persistent Routes

System Analysis - complete
Script commands Add commands to script:

Additional operations:

File list