Results of system analysis

Process List

File name	PID	Description	Copyright	MD5	Information
c:\program files\asus\asus_aac_dram\aac3572dramhal_x86.exe Script: Quarantine, Delete, Delete via BC, Terminate	6516	AAC DRAM HAL	Copyright (C) ASUSTeK Computer Inc. 2018-2020	B43283D368998C4C2601E144DD90D1E6	2255,41 kb, rsAh,created: 15.08.2022 10:29:38,modified: 15.08.2022 10:29:38 Command line: "C:\Program Files\ASUS\ASUS_Aac_DRAM\Aac3572DramHal_x86.exe" -Embedding
c:\program files\asus\aacmb\aac3572mbhal_x86.exe Script: Quarantine, Delete, Delete via BC, Terminate	11620	AAC MB HAL	Copyright (C) ASUSTek Computer Inc. 2018-2020	73C2CAD92A04DB1FF05AA560759523DD	816,36 kb, rsAh,created: 24.08.2022 09:55:18,modified: 24.08.2022 09:55:18 Command line: "C:\Program Files\ASUS\AacMB\Aac3572MbHal_x86.exe" -Embedding
c:\program files\asus\aacmb\aac3572mbhal_x86.exe Script: Quarantine, Delete, Delete via BC, Terminate	14168	AAC MB HAL	Copyright (C) ASUSTek Computer Inc. 2018-2020	73C2CAD92A04DB1FF05AA560759523DD	816,36 kb, rsAh,created: 24.08.2022 09:55:18,modified: 24.08.2022 09:55:18 Command line: "C:\Program Files\ASUS\AacMB\Aac3572MbHal_x86.exe" -Embedding
c:\program files\asus\kingston_aac_dram\aackingstondramhal_x64.exe Script: Quarantine, Delete, Delete via BC, Terminate	3996			8B0246FEBB475B421D62F550D12121DC	611,85 kb, rsAh,created: 19.09.2022 17:03:08,modified: 19.09.2022 17:03:08 Command line:
c:\program files\asus\kingston_aac_dram\aackingstondramhal_x86.exe Script: Quarantine, Delete, Delete via BC, Terminate	11236			B5F26D9BCB723189A6CA1A8EFD793E76	491,35 kb, rsAh,created: 19.09.2022 17:02:06,modified: 19.09.2022 17:02:06 Command line: "C:\Program Files\ASUS\KINGSTON_Aac_DRAM\AacKingstonDramHal_x86.exe" -Embedding
c:\program files (x86)\asus\armourydevice\dll\acpowernotification\acpowernotification.exe Script: Quarantine, Delete, Delete via BC, Terminate	7224	AcPowerNotification	Copyright © 2020	FD59B2D58FA73C9B7A99970D1C9C0A43	302,35 kb, rsAh,created: 10.12.2022 16:33:55,modified: 17.10.2022 10:27:08 Command line: "C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe"
c:\programdata\battle.net\agent\agent.8067\agent.exe Script: Quarantine, Delete, Delete via BC, Terminate	16440	Battle.net Update Agent	© 2010-2022 Blizzard Entertainment Inc.	BE4F0EC8BB438EDF7BB92EB0F53443D7	5422,12 kb, rsAh,created: 10.12.2022 17:12:58,modified: 10.12.2022 17:12:59 Command line: "C:\ProgramData\Battle.net\Agent\Agent.8067\Agent.exe" --session=4483989396906260705
c:\program files (x86)\asus\ai suite iii\aisuite3.exe Script: Quarantine, Delete, Delete via BC, Terminate	7212			87DF5DCB05D8089ED9920E26FA0200E7	2109,32 kb, rsAh,created: 11.12.2022 20:15:10,modified: 18.10.2021 11:18:22 Command line: "C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe" -schedule
c:\program files\asus\armoury crate lite service\armourycrate.service.exe Script: Quarantine, Delete, Delete via BC, Terminate	4704	ARMOURY CRATE Service	©ASUSTeK Computer Inc.All rights reserved.	33B76846D412C77796621D377DF79921	385,61 kb, rsAh,created: 27.09.2022 08:06:40,modified: 27.09.2022 08:06:40 Command line:
c:\program files\asus\armoury crate lite service\armourycrate.usersessionhelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	6864	ARMOURY CRATE User Session Helper	©ASUSTeK Computer Inc.All rights reserved.	A21D3266FBA3327E2B06359CA30DFAEF	220,61 kb, rsAh,created: 27.09.2022 08:06:46,modified: 27.09.2022 08:06:46 Command line:
c:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe Script: Quarantine, Delete, Delete via BC, Terminate	7300	ArmourySocketServer	Copyright (C) 2019	796AD21EDD32E084B064C7F166D643AB	1816,35 kb, rsAh,created: 10.12.2022 16:33:55,modified: 17.10.2022 10:29:54 Command line:
c:\program files (x86)\asus\armourydevice\dll\swagent\armouryswagent.exe Script: Quarantine, Delete, Delete via BC, Terminate	8836	ArmourySwAgent	Copyright © 2021	E96D6748CEFBC96F5C2870E8B55C224B	103,35 kb, rsAh,created: 10.12.2022 16:33:55,modified: 17.10.2022 10:26:54 Command line: "C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe" -s
c:\program files (x86)\asus\ai suite iii\aspowerbar\aspowerbar.exe Script: Quarantine, Delete, Delete via BC, Terminate	14208			A4804E79999EA7D5E11F26248ECD92F0	2165,32 kb, rsAh,created: 11.12.2022 20:15:10,modified: 18.10.2021 11:19:24 Command line: "C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\AsPowerBar.exe"
c:\program files (x86)\asus\armourydevice\asus_framework.exe Script: Quarantine, Delete, Delete via BC, Terminate	9568	ASUS NodeJS Web Framework	Copyright Node.js contributors. MIT license.	01E107B4593C3217E2FF82E57DA46B65	43836,43 kb, rsAh,created: 10.12.2022 16:33:25,modified: 04.11.2022 09:02:14 Command line: "C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe" D:\snapshot\AsusFramework\build\src\main\sdk
c:\program files (x86)\asus\armourydevice\asus_framework.exe Script: Quarantine, Delete, Delete via BC, Terminate	11948	ASUS NodeJS Web Framework	Copyright Node.js contributors. MIT license.	01E107B4593C3217E2FF82E57DA46B65	43836,43 kb, rsAh,created: 10.12.2022 16:33:25,modified: 04.11.2022 09:02:14 Command line: "C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe" D:\snapshot\AsusFramework\build\src\main\sdk
c:\program files (x86)\asus\armourydevice\asus_framework.exe Script: Quarantine, Delete, Delete via BC, Terminate	7472	ASUS NodeJS Web Framework	Copyright Node.js contributors. MIT license.	01E107B4593C3217E2FF82E57DA46B65	43836,43 kb, rsAh,created: 10.12.2022 16:33:25,modified: 04.11.2022 09:02:14 Command line: "C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe"
c:\program files (x86)\asus\armourydevice\asus_framework.exe Script: Quarantine, Delete, Delete via BC, Terminate	11392	ASUS NodeJS Web Framework	Copyright Node.js contributors. MIT license.	01E107B4593C3217E2FF82E57DA46B65	43836,43 kb, rsAh,created: 10.12.2022 16:33:25,modified: 04.11.2022 09:02:14 Command line: "C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe" D:\snapshot\AsusFramework\build\src\main\sdk
c:\program files (x86)\asus\armourydevice\asus_framework.exe Script: Quarantine, Delete, Delete via BC, Terminate	17676	ASUS NodeJS Web Framework	Copyright Node.js contributors. MIT license.	01E107B4593C3217E2FF82E57DA46B65	43836,43 kb, rsAh,created: 10.12.2022 16:33:25,modified: 04.11.2022 09:02:14 Command line: "C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe" "C:\Program Files (x86)\ASUS\ArmouryDevice\view\E7C8DA76-C9B9-4297-8681-DD878330AFE7\service.js"
c:\program files (x86)\asus\asuscertservice\asuscertservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	2388	AsusCertService.exe	(c) ASUSTek COMPUTER INC. All rights reserved.	1245FC35C73D1F67240AD3E17091E01D	545,02 kb, rsAh,created: 10.12.2022 15:02:24,modified: 19.05.2022 09:49:12 Command line: "C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe"
c:\program files (x86)\asus\asusfancontrolservice\2.03.08\asusfancontrolservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	4736	ASUS Motherboard Fan Control Service	ASUSTeK Computer Inc. All rights reserved.	298968B1B8293C3A3E479D69A79AE79E	1405,02 kb, rsAh,created: 10.12.2022 15:02:58,modified: 06.09.2022 15:01:08 Command line: "C:\Program Files (x86)\ASUS\AsusFanControlService\2.03.08\AsusFanControlService.exe"
c:\windows\system32\asusupdatecheck.exe Script: Quarantine, Delete, Delete via BC, Terminate	4696	AsusUpdateCheck_with_NoDriver	Copyright (C) 2019	301EB5E4A147D08A5BD1EC618FC82062	error getting file info Command line:
c:\program files (x86)\asus\axsp\4.02.15\atkexcomsvc.exe Script: Quarantine, Delete, Delete via BC, Terminate	3164	ASUS Com Service	ASUSTeK Computer Inc. All rights reserved.	07321F91BAD9653B4FA737E5C993DE90	457,52 kb, rsAh,created: 10.12.2022 15:02:55,modified: 06.09.2022 15:01:08 Command line: "C:\Program Files (x86)\ASUS\AXSP\4.02.15\atkexComSvc.exe"
c:\users\fbird\appdata\local\temp\nslxj3au.ytr\getsysteminfodllcache\avz\avz.exe Script: Quarantine, Delete, Delete via BC, Terminate	15284			343ED2D3905CA0C82A4E85217B4033FB	8924,64 kb, rsAh,created: 11.12.2022 20:25:13,modified: 18.10.2022 08:38:44 Command line: "C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe" SpoolLog="C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfo\avz.log" TempFolder="C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfo\AvzTemp"
C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe Script: Quarantine, Delete, Delete via BC, Terminate	1272			343ED2D3905CA0C82A4E85217B4033FB	8924,64 kb, rsAh,created: 11.12.2022 20:25:13,modified: 18.10.2022 08:38:44 Command line:
C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe Script: Quarantine, Delete, Delete via BC, Terminate	11404			343ED2D3905CA0C82A4E85217B4033FB	8924,64 kb, rsAh,created: 11.12.2022 20:25:13,modified: 18.10.2022 08:38:44 Command line:
C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe Script: Quarantine, Delete, Delete via BC, Terminate	4116			343ED2D3905CA0C82A4E85217B4033FB	8924,64 kb, rsAh,created: 11.12.2022 20:25:13,modified: 18.10.2022 08:38:44 Command line:
c:\program files (x86)\battle.net\battle.net.exe Script: Quarantine, Delete, Delete via BC, Terminate	14560	Battle·net	© 2012-2022 Blizzard Entertainment Inc.	D2D97A7DB225152F15810100F91FA401	1064,62 kb, rsAh,created: 10.12.2022 17:13:16,modified: 10.12.2022 17:13:16 Command line: "C:\Program Files (x86)\Battle.net\Battle.net.exe" --autostarted
c:\program files (x86)\battle.net\battle.net.exe Script: Quarantine, Delete, Delete via BC, Terminate	16740	Battle·net	© 2012-2022 Blizzard Entertainment Inc.	D2D97A7DB225152F15810100F91FA401	1064,62 kb, rsAh,created: 10.12.2022 17:13:16,modified: 10.12.2022 17:13:16 Command line: "C:\Program Files (x86)\Battle.net\Battle.net.exe" --type=gpu-process --field-trial-handle=3208,1682282901688274006,11984740250213409050,131072 --enable-features=CastMediaRouteProvider --disable-features=HardwareMediaKeyHandling,OutOfBlinkCors --no-sandbox --log-file="C:\Users\fbird\AppData\Local\Battle.net\Logs\libcef-20221211T192334.669888.log" --log-severity=error --product-version="Battle.net/2.16.5.13894 (retail) Chrome/83.0.4103.106" --lang=de --watch-browser-pid=14560 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\fbird\AppData\Local\Battle.net\Logs\libcef-20221211T192334.669888.log" --mojo-platform-channel-handle=3224 /prefetch:2 --battle-net-helper=Battle.net.13894
c:\program files (x86)\battle.net\battle.net.exe Script: Quarantine, Delete, Delete via BC, Terminate	16768	Battle·net	© 2012-2022 Blizzard Entertainment Inc.	D2D97A7DB225152F15810100F91FA401	1064,62 kb, rsAh,created: 10.12.2022 17:13:16,modified: 10.12.2022 17:13:16 Command line: "C:\Program Files (x86)\Battle.net\Battle.net.exe" --type=utility --field-trial-handle=3208,1682282901688274006,11984740250213409050,131072 --enable-features=CastMediaRouteProvider --disable-features=HardwareMediaKeyHandling,OutOfBlinkCors --lang=de --service-sandbox-type=network --no-sandbox --log-file="C:\Users\fbird\AppData\Local\Battle.net\Logs\libcef-20221211T192334.669888.log" --log-severity=error --product-version="Battle.net/2.16.5.13894 (retail) Chrome/83.0.4103.106" --lang=de --watch-browser-pid=14560 --log-file="C:\Users\fbird\AppData\Local\Battle.net\Logs\libcef-20221211T192334.669888.log" --mojo-platform-channel-handle=4072 /prefetch:8 --battle-net-helper=Battle.net.13894
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	15420	Google Chrome	Copyright 2022 Google LLC. All rights reserved.	5B5B3C9715DCCC9A5D034DFAA3A36B78	3060,27 kb, rsAh,created: 10.12.2022 16:16:10,modified: 07.12.2022 02:36:41 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	15444	Google Chrome	Copyright 2022 Google LLC. All rights reserved.	5B5B3C9715DCCC9A5D034DFAA3A36B78	3060,27 kb, rsAh,created: 10.12.2022 16:16:10,modified: 07.12.2022 02:36:41 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	6748	Google Chrome	Copyright 2022 Google LLC. All rights reserved.	5B5B3C9715DCCC9A5D034DFAA3A36B78	3060,27 kb, rsAh,created: 10.12.2022 16:16:10,modified: 07.12.2022 02:36:41 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	11776	Google Chrome	Copyright 2022 Google LLC. All rights reserved.	5B5B3C9715DCCC9A5D034DFAA3A36B78	3060,27 kb, rsAh,created: 10.12.2022 16:16:10,modified: 07.12.2022 02:36:41 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	12900	Google Chrome	Copyright 2022 Google LLC. All rights reserved.	5B5B3C9715DCCC9A5D034DFAA3A36B78	3060,27 kb, rsAh,created: 10.12.2022 16:16:10,modified: 07.12.2022 02:36:41 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	14868	Google Chrome	Copyright 2022 Google LLC. All rights reserved.	5B5B3C9715DCCC9A5D034DFAA3A36B78	3060,27 kb, rsAh,created: 10.12.2022 16:16:10,modified: 07.12.2022 02:36:41 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	15728	Google Chrome	Copyright 2022 Google LLC. All rights reserved.	5B5B3C9715DCCC9A5D034DFAA3A36B78	3060,27 kb, rsAh,created: 10.12.2022 16:16:10,modified: 07.12.2022 02:36:41 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	16348	Google Chrome	Copyright 2022 Google LLC. All rights reserved.	5B5B3C9715DCCC9A5D034DFAA3A36B78	3060,27 kb, rsAh,created: 10.12.2022 16:16:10,modified: 07.12.2022 02:36:41 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	15292	Google Chrome	Copyright 2022 Google LLC. All rights reserved.	5B5B3C9715DCCC9A5D034DFAA3A36B78	3060,27 kb, rsAh,created: 10.12.2022 16:16:10,modified: 07.12.2022 02:36:41 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	14460	Google Chrome	Copyright 2022 Google LLC. All rights reserved.	5B5B3C9715DCCC9A5D034DFAA3A36B78	3060,27 kb, rsAh,created: 10.12.2022 16:16:10,modified: 07.12.2022 02:36:41 Command line:
c:\program files (x86)\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	15408	Google Chrome	Copyright 2022 Google LLC. All rights reserved.	5B5B3C9715DCCC9A5D034DFAA3A36B78	3060,27 kb, rsAh,created: 10.12.2022 16:16:10,modified: 07.12.2022 02:36:41 Command line:
c:\program files\daemon tools lite\discsoftbusservicelite.exe Script: Quarantine, Delete, Delete via BC, Terminate	17784	Disc Soft Bus Service Lite	© 2000-2020 Disc Soft Ltd.	4E8A28089597134F7502246864735B36	4912,45 kb, rsAh,created: 11.12.2022 20:17:42,modified: 11.12.2022 20:17:43 Command line:
c:\program files\daemon tools lite\dtagent.exe Script: Quarantine, Delete, Delete via BC, Terminate	17612	DAEMON Tools Lite Agent	Copyright © 2000-2020 Disc Soft Ltd.	B1CA22A022336C823ED0E9023E666F05	399,45 kb, rsAh,created: 11.12.2022 20:17:42,modified: 11.12.2022 20:17:43 Command line:
c:\program files\daemon tools lite\dtshellhlp.exe Script: Quarantine, Delete, Delete via BC, Terminate	2320	DAEMON Tools Shell Extensions Helper	© 2000-2020 Disc Soft Ltd.	C7159D8E7564B53D506839EF8FE0617D	3756,45 kb, rsAh,created: 11.12.2022 20:17:42,modified: 11.12.2022 20:17:43 Command line:
c:\program files\asus\aacextcard\extensioncardhal_x86.exe Script: Quarantine, Delete, Delete via BC, Terminate	7456	ASUS AURA Extension Card HAL	Copyright (C) ASUSTeK Computer Inc. 2018-2020	8165CB4903DF748575A4144245310688	564,47 kb, rsAh,created: 10.02.2022 11:21:22,modified: 10.02.2022 11:21:22 Command line: "C:\Program Files\ASUS\AacExtCard\extensionCardHal_x86.exe" -Embedding
c:\program files (x86)\asus\gamesdk service\gamesdk.exe Script: Quarantine, Delete, Delete via BC, Terminate	4832	GameSDK	Copyright (C) ASUS Tek Computer Inc 2021	AA51980C871FADC3FCFB74C0D117639C	388,23 kb, rsAh,created: 31.05.2022 13:19:42,modified: 31.05.2022 13:19:42 Command line: "C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe"
c:\users\fbird\downloads\gsi-6.2.2.33.exe Script: Quarantine, Delete, Delete via BC, Terminate	1204	Kaspersky Get System Info	© 2018 AO Kaspersky Lab. All Rights Reserved.	B9B243ADCA79925A5C471B2FE27EA660	13408,27 kb, rsAh,created: 11.12.2022 19:23:51,modified: 11.12.2022 19:23:54 Command line: "C:\Users\fbird\Downloads\GSI-6.2.2.33.exe"
c:\users\fbird\appdata\local\temp\xxg.0\gsi.exe Script: Quarantine, Delete, Delete via BC, Terminate	3356	Kaspersky Get System Info	2018 AO Kaspersky Lab. All Rights Reserved.	F4811C1F71D77F793FB07AFD32DA53A5	1328,77 kb, rsAh,created: 11.12.2022 20:24:33,modified: 18.10.2022 08:39:23 Command line: "C:\Users\fbird\AppData\Local\Temp\xxg.0\GSI.exe"
c:\program files (x86)\lightingservice\lightingservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	4840	LightingService	Copyright (C) ASUSTek Computer Inc. 2015-2017	9DE4B2ACED352568A35A9717C75D57D3	3796,85 kb, rsAh,created: 26.09.2022 18:46:32,modified: 26.09.2022 18:46:32 Command line: "C:\Program Files (x86)\LightingService\LightingService.exe"
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	14404	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	F2FD6690DAC5C50F3EC2F6CB346A8A7E	3786,41 kb, rsAh,created: 05.08.2021 23:41:46,modified: 08.12.2022 13:19:52 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	19092	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	F2FD6690DAC5C50F3EC2F6CB346A8A7E	3786,41 kb, rsAh,created: 05.08.2021 23:41:46,modified: 08.12.2022 13:19:52 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	18988	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	F2FD6690DAC5C50F3EC2F6CB346A8A7E	3786,41 kb, rsAh,created: 05.08.2021 23:41:46,modified: 08.12.2022 13:19:52 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	15236	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	F2FD6690DAC5C50F3EC2F6CB346A8A7E	3786,41 kb, rsAh,created: 05.08.2021 23:41:46,modified: 08.12.2022 13:19:52 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	14508	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	F2FD6690DAC5C50F3EC2F6CB346A8A7E	3786,41 kb, rsAh,created: 05.08.2021 23:41:46,modified: 08.12.2022 13:19:52 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	15220	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	F2FD6690DAC5C50F3EC2F6CB346A8A7E	3786,41 kb, rsAh,created: 05.08.2021 23:41:46,modified: 08.12.2022 13:19:52 Command line:
c:\program files (x86)\microsoft\edge\application\msedge.exe Script: Quarantine, Delete, Delete via BC, Terminate	14408	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.	F2FD6690DAC5C50F3EC2F6CB346A8A7E	3786,41 kb, rsAh,created: 05.08.2021 23:41:46,modified: 08.12.2022 13:19:52 Command line:
c:\program files (x86)\microsoft\edgewebview\application\108.0.1462.46\msedgewebview2.exe Script: Quarantine, Delete, Delete via BC, Terminate	20208	Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.	8B5F13C50C956DFDD560B3C468077EFD	3336,41 kb, rsAh,created: 10.12.2022 14:55:58,modified: 08.12.2022 13:18:37 Command line:
c:\program files (x86)\microsoft\edgewebview\application\108.0.1462.46\msedgewebview2.exe Script: Quarantine, Delete, Delete via BC, Terminate	20408	Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.	8B5F13C50C956DFDD560B3C468077EFD	3336,41 kb, rsAh,created: 10.12.2022 14:55:58,modified: 08.12.2022 13:18:37 Command line:
c:\program files (x86)\microsoft\edgewebview\application\108.0.1462.46\msedgewebview2.exe Script: Quarantine, Delete, Delete via BC, Terminate	8260	Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.	8B5F13C50C956DFDD560B3C468077EFD	3336,41 kb, rsAh,created: 10.12.2022 14:55:58,modified: 08.12.2022 13:18:37 Command line:
c:\program files (x86)\microsoft\edgewebview\application\108.0.1462.46\msedgewebview2.exe Script: Quarantine, Delete, Delete via BC, Terminate	17928	Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.	8B5F13C50C956DFDD560B3C468077EFD	3336,41 kb, rsAh,created: 10.12.2022 14:55:58,modified: 08.12.2022 13:18:37 Command line:
c:\program files (x86)\microsoft\edgewebview\application\108.0.1462.46\msedgewebview2.exe Script: Quarantine, Delete, Delete via BC, Terminate	18284	Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.	8B5F13C50C956DFDD560B3C468077EFD	3336,41 kb, rsAh,created: 10.12.2022 14:55:58,modified: 08.12.2022 13:18:37 Command line:
c:\program files (x86)\microsoft\edgewebview\application\108.0.1462.46\msedgewebview2.exe Script: Quarantine, Delete, Delete via BC, Terminate	18348	Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.	8B5F13C50C956DFDD560B3C468077EFD	3336,41 kb, rsAh,created: 10.12.2022 14:55:58,modified: 08.12.2022 13:18:37 Command line:
c:\program files (x86)\microsoft\edgewebview\application\108.0.1462.46\msedgewebview2.exe Script: Quarantine, Delete, Delete via BC, Terminate	17588	Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.	8B5F13C50C956DFDD560B3C468077EFD	3336,41 kb, rsAh,created: 10.12.2022 14:55:58,modified: 08.12.2022 13:18:37 Command line:
c:\program files (x86)\microsoft\edgewebview\application\108.0.1462.46\msedgewebview2.exe Script: Quarantine, Delete, Delete via BC, Terminate	17584	Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.	8B5F13C50C956DFDD560B3C468077EFD	3336,41 kb, rsAh,created: 10.12.2022 14:55:58,modified: 08.12.2022 13:18:37 Command line:
c:\program files (x86)\microsoft\edgewebview\application\108.0.1462.46\msedgewebview2.exe Script: Quarantine, Delete, Delete via BC, Terminate	17768	Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.	8B5F13C50C956DFDD560B3C468077EFD	3336,41 kb, rsAh,created: 10.12.2022 14:55:58,modified: 08.12.2022 13:18:37 Command line:
c:\program files (x86)\microsoft\edgewebview\application\108.0.1462.46\msedgewebview2.exe Script: Quarantine, Delete, Delete via BC, Terminate	17604	Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.	8B5F13C50C956DFDD560B3C468077EFD	3336,41 kb, rsAh,created: 10.12.2022 14:55:58,modified: 08.12.2022 13:18:37 Command line:
c:\program files (x86)\microsoft\edgewebview\application\108.0.1462.46\msedgewebview2.exe Script: Quarantine, Delete, Delete via BC, Terminate	2888	Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.	8B5F13C50C956DFDD560B3C468077EFD	3336,41 kb, rsAh,created: 10.12.2022 14:55:58,modified: 08.12.2022 13:18:37 Command line:
c:\program files (x86)\microsoft\edgewebview\application\108.0.1462.46\msedgewebview2.exe Script: Quarantine, Delete, Delete via BC, Terminate	6620	Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.	8B5F13C50C956DFDD560B3C468077EFD	3336,41 kb, rsAh,created: 10.12.2022 14:55:58,modified: 08.12.2022 13:18:37 Command line:
c:\program files\windowsapps\microsoftteams_22287.702.1670.9453_x64__8wekyb3d8bbwe\msteams.exe Script: Quarantine, Delete, Delete via BC, Terminate	17856	Microsoft Teams	Copyright (C) 2021 Microsoft Corporation. All rights reserved.	8A637964BBE5943EE8154FB4C7D3E712	10018,78 kb, rsAh,created: 11.12.2022 20:11:15,modified: 11.12.2022 20:11:36 Command line:
c:\program files (x86)\asus\armourydevice\dll\mbledsdk\noisecancelingengine.exe Script: Quarantine, Delete, Delete via BC, Terminate	6260	NoiseCancelingEngine	Copyright (C) 2020	DC835C992C6E0498EE7140A75862A309	1225,35 kb, rsAh,created: 10.12.2022 16:37:19,modified: 29.09.2022 17:09:40 Command line:
c:\program files\norton security\engine\22.20.5.40\nortonsecurity.exe Script: Quarantine, Delete, Delete via BC, Terminate	4908	Norton Security	Copyright (c) 2020 Symantec Corporation. All rights reserved.	0FB6A6CB71D6F0D28D9C7007E5D1CD5E	336,68 kb, RsAh,created: 11.12.2022 20:17:08,modified: 01.08.2020 17:34:44 Command line:
c:\program files\norton security\engine\22.20.5.40\nortonsecurity.exe Script: Quarantine, Delete, Delete via BC, Terminate	6848	Norton Security	Copyright (c) 2020 Symantec Corporation. All rights reserved.	0FB6A6CB71D6F0D28D9C7007E5D1CD5E	336,68 kb, RsAh,created: 11.12.2022 20:17:08,modified: 01.08.2020 17:34:44 Command line:
c:\program files\nvidia corporation\nvidia geforce experience\nvidia share.exe Script: Quarantine, Delete, Delete via BC, Terminate	12868	NVIDIA Share	(C) 2017-2022 NVIDIA Corporation. All rights reserved.	6F350196E54F49183693B8AFB39612CE	3264,04 kb, rsAh,created: 10.12.2022 16:48:07,modified: 17.10.2022 07:53:39 Command line:
c:\program files\nvidia corporation\nvidia geforce experience\nvidia share.exe Script: Quarantine, Delete, Delete via BC, Terminate	13228	NVIDIA Share	(C) 2017-2022 NVIDIA Corporation. All rights reserved.	6F350196E54F49183693B8AFB39612CE	3264,04 kb, rsAh,created: 10.12.2022 16:48:07,modified: 17.10.2022 07:53:39 Command line:
c:\program files\nvidia corporation\nvidia geforce experience\nvidia share.exe Script: Quarantine, Delete, Delete via BC, Terminate	4084	NVIDIA Share	(C) 2017-2022 NVIDIA Corporation. All rights reserved.	6F350196E54F49183693B8AFB39612CE	3264,04 kb, rsAh,created: 10.12.2022 16:48:07,modified: 17.10.2022 07:53:39 Command line:
c:\program files (x86)\nvidia corporation\nvnode\nvidia web helper.exe Script: Quarantine, Delete, Delete via BC, Terminate	11072	NVIDIA Web Helper Service	Copyright Node.js contributors. MIT license.	B562E89CA15E65E8040582A1481C1682	28757,05 kb, rsAh,created: 10.12.2022 16:48:06,modified: 13.10.2022 19:05:27 Command line: "C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe" index.js
c:\program files\nvidia corporation\shadowplay\nvsphelper64.exe Script: Quarantine, Delete, Delete via BC, Terminate	3872	NVIDIA ShadowPlay Helper	(C) 2020 NVIDIA Corporation. All rights reserved.	27BC5D7CCE6446ACA668DBFB9A714FE4	829,05 kb, rsAh,created: 10.12.2022 16:48:08,modified: 17.10.2022 07:25:08 Command line:
c:\users\fbird\appdata\local\microsoft\onedrive\onedrive.exe Script: Quarantine, Delete, Delete via BC, Terminate	14924	Microsoft OneDrive	© Microsoft Corporation. All rights reserved.	57D84697AC70502B19FEE262BFDB6D7E	2564,92 kb, rsAh,created: 10.12.2022 14:58:17,modified: 11.12.2022 15:58:08 Command line:
c:\program files\windowsapps\microsoft.yourphone_1.22092.214.0_x64__8wekyb3d8bbwe\phoneexperiencehost.exe Script: Quarantine, Delete, Delete via BC, Terminate	11560	Microsoft Phone Link	© Microsoft Corporation. All rights reserved.	24FD64C5574C3465B15A3DFB0A922487	484,89 kb, rsAh,created: 24.11.2022 21:30:47,modified: 24.11.2022 21:31:32 Command line:
Registry.exe Script: Quarantine, Delete, Delete via BC, Terminate	168			X	error getting file info Command line:
c:\program files (x86)\asus\rog live service\rogliveservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	4808	ROG Live Service	Copyright (C) 2019	1EEF279EEA63E1F5B3E4182CCCA512DF	6581,11 kb, rsAh,created: 21.09.2022 16:53:30,modified: 21.09.2022 16:53:30 Command line:
c:\program files\speccy\speccy64.exe Script: Quarantine, Delete, Delete via BC, Terminate	20436	Speccy	Copyright Piriform 2005-2020	D41812A78894D4E47DF163DB19D354E6	7459,09 kb, rsAh,created: 14.06.2022 07:51:48,modified: 14.06.2022 07:51:48 Command line:
c:\program files (x86)\steam\steam.exe Script: Quarantine, Delete, Delete via BC, Terminate	16252	Steam	Copyright (C) 2021 Valve Corporation	0B478CFEE9764C3076C9DBD851E75135	4145,85 kb, rsAh,created: 22.03.2022 03:23:12,modified: 01.12.2022 23:46:38 Command line: "C:\Program Files (x86)\Steam\steam.exe" -silent
c:\program files (x86)\common files\steam\steamservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	16784	Steam Client Service	Copyright (C) Valve Corporation	18EC798F702D00E176A9B9C1F1115865	2601,35 kb, rsAh,created: 10.12.2022 16:42:38,modified: 01.12.2022 23:46:38 Command line: "C:\Program Files (x86)\Common Files\Steam\steamservice.exe" /RunAsService
c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	19432	Steam Client WebHelper	Copyright (C) 2014 Valve Corporation	5E3A767DD6FE913F90FF95D5CC033E0C	6204,85 kb, rsAh,created: 10.12.2022 16:44:40,modified: 01.12.2022 23:46:42 Command line:
c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	15868	Steam Client WebHelper	Copyright (C) 2014 Valve Corporation	5E3A767DD6FE913F90FF95D5CC033E0C	6204,85 kb, rsAh,created: 10.12.2022 16:44:40,modified: 01.12.2022 23:46:42 Command line:
c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	16688	Steam Client WebHelper	Copyright (C) 2014 Valve Corporation	5E3A767DD6FE913F90FF95D5CC033E0C	6204,85 kb, rsAh,created: 10.12.2022 16:44:40,modified: 01.12.2022 23:46:42 Command line:
c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	16892	Steam Client WebHelper	Copyright (C) 2014 Valve Corporation	5E3A767DD6FE913F90FF95D5CC033E0C	6204,85 kb, rsAh,created: 10.12.2022 16:44:40,modified: 01.12.2022 23:46:42 Command line:
c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	17048	Steam Client WebHelper	Copyright (C) 2014 Valve Corporation	5E3A767DD6FE913F90FF95D5CC033E0C	6204,85 kb, rsAh,created: 10.12.2022 16:44:40,modified: 01.12.2022 23:46:42 Command line:
c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	16404	Steam Client WebHelper	Copyright (C) 2014 Valve Corporation	5E3A767DD6FE913F90FF95D5CC033E0C	6204,85 kb, rsAh,created: 10.12.2022 16:44:40,modified: 01.12.2022 23:46:42 Command line:
c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	19416	Steam Client WebHelper	Copyright (C) 2014 Valve Corporation	5E3A767DD6FE913F90FF95D5CC033E0C	6204,85 kb, rsAh,created: 10.12.2022 16:44:40,modified: 01.12.2022 23:46:42 Command line:
c:\program files\windowsapps\microsoftwindows.client.webexperience_421.20070.765.0_x64__cw5n1h2txyewy\dashboard\widgets.exe Script: Quarantine, Delete, Delete via BC, Terminate	9256		© Microsoft Corporation. All rights reserved.	17694634783A1A3C904595150808FB3E	1691,75 kb, rsAh,created: 11.12.2022 20:13:12,modified: 11.12.2022 20:13:21 Command line:
c:\windows\syswow64\wbem\wmiprvse.exe Script: Quarantine, Delete, Delete via BC, Terminate	19096	WMI Provider Host	© Microsoft Corporation. All rights reserved.	FC55B651CE2C68109F29B2350598AC44	406,00 kb, rsAh,created: 07.05.2022 06:19:56,modified: 07.05.2022 06:19:56 Command line: C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe -secured -Embedding
Detected:231, recognized as trusted 142

Module name	Handle	Description	Copyright	Information	Used by processes
C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qgifd.dll Script: Quarantine, Delete, Delete via BC	1602813952	C++ Application Development Framework	Copyright (C) 2019 The Qt Company Ltd.	MD5=D96A5CEA417E344FE00982A7853A6352 76,50 kb, rsAh, created: 11.12.2022 20:15:11, modified: 13.10.2021 14:47:42	14208
C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qicnsd.dll Script: Quarantine, Delete, Delete via BC	1602682880	C++ Application Development Framework	Copyright (C) 2019 The Qt Company Ltd.	MD5=6272E954BD28FB38C17985385D157B5A 100,00 kb, rsAh, created: 11.12.2022 20:15:11, modified: 13.10.2021 14:47:42	14208
C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qicod.dll Script: Quarantine, Delete, Delete via BC	1602551808	C++ Application Development Framework	Copyright (C) 2019 The Qt Company Ltd.	MD5=795AE2CA02ABDBAFC14F9943410D9577 77,50 kb, rsAh, created: 11.12.2022 20:15:11, modified: 13.10.2021 14:47:42	14208
C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qjpegd.dll Script: Quarantine, Delete, Delete via BC	1601830912	C++ Application Development Framework	Copyright (C) 2019 The Qt Company Ltd.	MD5=87B4C668DB6C8673A9F4377612BBD96B 652,50 kb, rsAh, created: 11.12.2022 20:15:11, modified: 13.10.2021 14:47:42	14208
C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qsvgd.dll Script: Quarantine, Delete, Delete via BC	1601699840	C++ Application Development Framework	Copyright (C) 2019 The Qt Company Ltd.	MD5=F72E32892B5297D591DFB388EF1D9F6B 61,50 kb, rsAh, created: 11.12.2022 20:15:11, modified: 13.10.2021 14:47:42	14208
C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qtgad.dll Script: Quarantine, Delete, Delete via BC	1600913408	C++ Application Development Framework	Copyright (C) 2019 The Qt Company Ltd.	MD5=F1DDBB7A1FF511F507AE0A5BD9BA33C7 61,00 kb, rsAh, created: 11.12.2022 20:15:11, modified: 13.10.2021 14:47:42	14208
C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qtiffd.dll Script: Quarantine, Delete, Delete via BC	1600192512	C++ Application Development Framework	Copyright (C) 2019 The Qt Company Ltd.	MD5=E8A11F6A8ED2DC7466A01024CB526EE8 641,00 kb, rsAh, created: 11.12.2022 20:15:11, modified: 13.10.2021 14:47:42	14208
C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qwbmpd.dll Script: Quarantine, Delete, Delete via BC	1600061440	C++ Application Development Framework	Copyright (C) 2019 The Qt Company Ltd.	MD5=7E1F72E394017264CC6C975215713F31 59,00 kb, rsAh, created: 11.12.2022 20:15:11, modified: 13.10.2021 14:47:42	14208
C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qwebpd.dll Script: Quarantine, Delete, Delete via BC	1599078400	C++ Application Development Framework	Copyright (C) 2019 The Qt Company Ltd.	MD5=700CA714A58469A3B1397B88270FBBD2 914,50 kb, rsAh, created: 11.12.2022 20:15:11, modified: 13.10.2021 14:47:42	14208
C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\platforms\qwindowsd.dll Script: Quarantine, Delete, Delete via BC	1603272704	C++ Application Development Framework	Copyright (C) 2019 The Qt Company Ltd.	MD5=D57EB2559929563E4E91089233C6D988 3345,50 kb, rsAh, created: 11.12.2022 20:15:11, modified: 13.10.2021 14:47:44	14208
C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Cored.dll Script: Quarantine, Delete, Delete via BC	1619066880	C++ Application Development Framework	Copyright (C) 2019 The Qt Company Ltd.	MD5=659AB65833339429CDC8B27839871E0E 10744,50 kb, rsAh, created: 11.12.2022 20:15:11, modified: 13.10.2021 14:47:40	14208
C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Guid.dll Script: Quarantine, Delete, Delete via BC	1630273536	C++ Application Development Framework	Copyright (C) 2019 The Qt Company Ltd.	MD5=4B723A292C51873E1993F8E0F2932469 11277,00 kb, rsAh, created: 11.12.2022 20:15:11, modified: 13.10.2021 14:47:40	14208
C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Svgd.dll Script: Quarantine, Delete, Delete via BC	1601044480	C++ Application Development Framework	Copyright (C) 2019 The Qt Company Ltd.	MD5=82CCABE61685913CB7F8E89F4ED7CE81 555,50 kb, rsAh, created: 11.12.2022 20:15:11, modified: 13.10.2021 14:47:42	14208
C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Widgetsd.dll Script: Quarantine, Delete, Delete via BC	1609367552	C++ Application Development Framework	Copyright (C) 2019 The Qt Company Ltd.	MD5=62FCD5900996BB7ABCFD054187F2128A 8887,00 kb, rsAh, created: 11.12.2022 20:15:11, modified: 13.10.2021 14:47:42	14208
C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Xmld.dll Script: Quarantine, Delete, Delete via BC	1618673664	C++ Application Development Framework	Copyright (C) 2019 The Qt Company Ltd.	MD5=CEE4A1F4ADBB19882CE5C186A91ED7F1 305,50 kb, rsAh, created: 11.12.2022 20:15:11, modified: 13.10.2021 14:47:42	14208
C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\styles\qwindowsvistastyled.dll Script: Quarantine, Delete, Delete via BC	1602945024	C++ Application Development Framework	Copyright (C) 2019 The Qt Company Ltd.	MD5=7A44238A45BA64624E0D2091723ED8DD 297,00 kb, rsAh, created: 11.12.2022 20:15:11, modified: 13.10.2021 14:47:44	14208
C:\Program Files (x86)\ASUS\AI Suite III\DIP4\FanInfofromProtocol.dll Script: Quarantine, Delete, Delete via BC	1642594304			MD5=9F12B51E95F698CF8223B09AC15AA4FA 1040,50 kb, rsAh, created: 11.12.2022 20:15:32, modified: 13.10.2021 14:56:28	7212
C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\ACLOGGER.dll Script: Quarantine, Delete, Delete via BC	1752694784	AcLogger	Copyright (C) 2021	MD5=AD8B5D3D605A5D1C8187A71D4ED1B9B8 61,85 kb, rsAh, created: 10.12.2022 16:33:55, modified: 17.10.2022 10:31:52	7224
C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\ArmouryAIOSDK.dll Script: Quarantine, Delete, Delete via BC	1650196480	TODO: <File description>	Copyright (C) 2018	MD5=360210555F16AA09F324CA90F8770768 1263,86 kb, rsAh, created: 10.12.2022 16:37:12, modified: 24.08.2022 16:08:04	11948, 11392
C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySDK.dll Script: Quarantine, Delete, Delete via BC	1651507200	ArmourySDK.dll	Copyright (C) 2018	MD5=ED8B8E02469D943250415F963FE5BAD1 469,85 kb, rsAh, created: 10.12.2022 16:33:55, modified: 17.10.2022 10:26:20	11948
C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\ArmouryMBLedSDK.dll Script: Quarantine, Delete, Delete via BC	1643708416			MD5=E972FBFE898CEB38C504140D12060FE7 2821,35 kb, rsAh, created: 10.12.2022 16:37:18, modified: 29.09.2022 17:11:58	9568, 11948
C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\AcSwFuncSupportTools.dll Script: Quarantine, Delete, Delete via BC	1642004480	TODO: <File description>	Copyright (C) 2022	MD5=7CCCB14FA97DF9B9C25186AB4DB51035 281,35 kb, rsAh, created: 10.12.2022 16:33:55, modified: 17.10.2022 10:31:26	8836
C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ac_node_addon\prebuilds\win32-ia32\node.napi.node Script: Quarantine, Delete, Delete via BC	1771569152			MD5=3DCDF9D429639DA41927B9881201CECF 510,00 kb, rsAh, created: 10.12.2022 16:33:26, modified: 01.09.2022 09:47:56	9568, 11948, 7472, 11392
C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ffi-napi\prebuilds\win32-ia32\node.napi.node Script: Quarantine, Delete, Delete via BC	1652162560			MD5=8C1F13C534F03B99216D3661D9D76177 508,00 kb, rsAh, created: 10.12.2022 16:33:26, modified: 01.09.2022 09:47:56	9568, 11948, 11392
C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\node-system-fonts\build\Release\system-fonts.node Script: Quarantine, Delete, Delete via BC	1711996928			MD5=7803E1BA302BD136521B5C7431FE7345 472,00 kb, rsAh, created: 10.12.2022 16:33:26, modified: 01.09.2022 09:47:56	9568, 11948, 7472, 11392
C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ref-napi\prebuilds\win32-ia32\node.napi.node Script: Quarantine, Delete, Delete via BC	1652752384			MD5=F6DBED2C49113D2E987B342442B5AADD 498,50 kb, rsAh, created: 10.12.2022 16:33:26, modified: 01.09.2022 09:47:56	9568, 11948, 11392
C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\sharp\prebuilds\win32-ia32\libglib-2.0-0.dll Script: Quarantine, Delete, Delete via BC	1691156480	GLib	Copyright 1995-2011 Peter Mattis, Spencer Kimball, Josh MacDonald and others.	MD5=0D8A0F42BF590B818CB9CA2A6D3318CC 1446,86 kb, rsAh, created: 10.12.2022 16:33:26, modified: 27.09.2022 14:56:26	9568, 11948, 7472, 11392
C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\sharp\prebuilds\win32-ia32\libgobject-2.0-0.dll Script: Quarantine, Delete, Delete via BC	1692663808	GObject	Copyright 1998-2011 Tim Janik, Red Hat, Inc. and others	MD5=E2B76F85F925076A0C92DBA22D977F33 255,86 kb, rsAh, created: 10.12.2022 16:33:26, modified: 27.09.2022 14:56:26	9568, 11948, 7472, 11392
C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\sharp\prebuilds\win32-ia32\libvips-42.dll Script: Quarantine, Delete, Delete via BC	1668218880			MD5=A36ABC4B9D65041FD9F5715F5F8430E0 19819,36 kb, rsAh, created: 10.12.2022 16:33:26, modified: 27.09.2022 14:56:26	9568, 11948, 7472, 11392
C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\sharp\prebuilds\win32-ia32\libvips-cpp.dll Script: Quarantine, Delete, Delete via BC	1692991488			MD5=23EB7303CEF753B2F04C1B0D5B411656 318,36 kb, rsAh, created: 10.12.2022 16:33:26, modified: 27.09.2022 14:56:26	9568, 11948, 7472, 11392
C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\sharp\prebuilds\win32-ia32\node.napi.node Script: Quarantine, Delete, Delete via BC	1693384704			MD5=7A3651A99C9B034B046717D3525A45B2 312,00 kb, rsAh, created: 10.12.2022 16:33:26, modified: 27.09.2022 14:56:26	9568, 11948, 7472, 11392
C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\usb-detection\prebuilds\win32-ia32\node.napi.node Script: Quarantine, Delete, Delete via BC	1649147904			MD5=486F13C12C51E6E0B210B7279059929B 768,00 kb, rsAh, created: 10.12.2022 16:33:26, modified: 01.09.2022 09:47:56	7472
C:\Program Files (x86)\ASUS\AXSP\4.02.15\AsIO.dll Script: Quarantine, Delete, Delete via BC	1955397632		Copyright (C) 2020	MD5=C5FC4348FC5ABB689E16A415E6616D9F 522,02 kb, rsAh, created: 10.12.2022 15:02:55, modified: 06.09.2022 15:01:08	3164
C:\Program Files (x86)\ASUS\AXSP\4.02.15\ATKEX.dll Script: Quarantine, Delete, Delete via BC	1958871040			MD5=4DEFB35395E469861E1DCA69A3B7E725 85,52 kb, rsAh, created: 10.12.2022 15:02:55, modified: 06.09.2022 15:01:08	3164
C:\Program Files (x86)\ASUS\AXSP\4.02.15\PEbiosinterface32.dll Script: Quarantine, Delete, Delete via BC	268435456			MD5=5F995FA609DC71ECAAD01503E98920E6 50,72 kb, rsAh, created: 10.12.2022 15:02:56, modified: 11.12.2022 20:23:15	3164
C:\Program Files (x86)\ASUS\GameSDK Service\cpprest141_2_10.dll Script: Quarantine, Delete, Delete via BC	1951662080			MD5=39990F5BF0E80B3CB750165B87EACDD3 2552,73 kb, rsAh, created: 31.05.2022 13:19:38, modified: 31.05.2022 13:19:38	4832
C:\Program Files (x86)\Battle.net\Battle.net.13894\Battle.net Helper.dll Script: Quarantine, Delete, Delete via BC	1363673088	Battle.net Browser Helper	© 2012-2022 Blizzard Entertainment Inc.	MD5=5B83D1FFED1A948C19D62ED669CEB453 4166,12 kb, rsAh, created: 10.12.2022 17:13:17, modified: 10.12.2022 17:13:17	16740, 16768
C:\Program Files (x86)\Battle.net\Battle.net.13894\battle.net.dll Script: Quarantine, Delete, Delete via BC	1570045952	Battle.net	© 2012-2022 Blizzard Entertainment Inc.	MD5=80C69CBCD5D940F24BD1A2FC0342CD7C 24787,62 kb, rsAh, created: 10.12.2022 17:13:17, modified: 10.12.2022 17:13:20	14560
C:\Program Files (x86)\Common Files\Steam\SteamService.dll Script: Quarantine, Delete, Delete via BC	1358233600	Steam Client Service Library	Copyright (C) Valve Corporation	MD5=29201977DA13E47538D2F8FC94A6B083 3267,35 kb, rsAh, created: 10.12.2022 16:44:51, modified: 01.12.2022 23:46:38	16784
C:\Program Files (x86)\LightingService\log4cxx.dll Script: Quarantine, Delete, Delete via BC	1941110784	Apache log4cxx	Licensed to the Apache Software Foundation (ASF) under one or morecontributor license agreements. See the NOTICE file distributed withthis work for additional information regarding copyright ownership.The ASF licenses this file to You under the Apache License, Version 2.0(the "License"); you may not use this file except in compliance withthe License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0Unless required by applicable law or agreed to in writing, softwaredistributed under the License is distributed on an "AS IS" BASIS,WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.See the License for the specific language governing permissions andlimitations under the License.	MD5=894183AA5B2335CA6AC07709BD158728 2801,52 kb, rsAh, created: 29.04.2022 16:50:18, modified: 29.04.2022 16:50:18	4840
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll Script: Quarantine, Delete, Delete via BC	1702821888			MD5=7B015743537D4A25DE32C8B28F09EE7F 1002,04 kb, rsAh, created: 10.12.2022 16:48:05, modified: 13.10.2022 16:05:50	11072
C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node Script: Quarantine, Delete, Delete via BC	1707147264	Downloader module for node.js	(C) 2020 NVIDIA Corporation. All rights reserved.	MD5=DD2EE5737FC44D2A2298749B6630F63C 3684,54 kb, rsAh, created: 10.12.2022 16:48:06, modified: 13.10.2022 19:05:36	11072
C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node Script: Quarantine, Delete, Delete via BC	1711210496	DriverInstall module for node.js	(C) 2020 NVIDIA Corporation. All rights reserved.	MD5=FD337F667D660BAC5B543D17D929999F 582,05 kb, rsAh, created: 10.12.2022 16:48:06, modified: 13.10.2022 19:05:27	11072
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvABHubAPI.node Script: Quarantine, Delete, Delete via BC	1705836544	AbHubAPI module for node.js	(C) 2020 NVIDIA Corporation. All rights reserved.	MD5=A78A88664B23F92DB072788EEBE0CE0E 371,54 kb, rsAh, created: 10.12.2022 16:48:06, modified: 13.10.2022 19:05:27	11072
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node Script: Quarantine, Delete, Delete via BC	1712521216	NvAccountAPI module for node.js	(C) 2020 NVIDIA Corporation. All rights reserved.	MD5=95AC0B09133C30DB9260AFB25DCA2014 531,54 kb, rsAh, created: 10.12.2022 16:48:06, modified: 13.10.2022 19:05:28	11072
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvBackendAPINode.node Script: Quarantine, Delete, Delete via BC	1713111040	NVIDIA Backend API for node.js	(C) 2020 NVIDIA Corporation. All rights reserved.	MD5=6B6D64B0BBE3232EA150B034288C30F5 539,04 kb, rsAh, created: 10.12.2022 16:48:06, modified: 13.10.2022 19:05:28	11072
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node Script: Quarantine, Delete, Delete via BC	1665007616	NvCameraAPI module for node.js	(C) 2020 NVIDIA Corporation. All rights reserved.	MD5=A5B99DF6023AC5209C3938A29475B944 1197,05 kb, rsAh, created: 10.12.2022 16:48:06, modified: 13.10.2022 19:05:28	11072
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node Script: Quarantine, Delete, Delete via BC	1666777088	NvGalleryAPI module for node.js	(C) 2020 NVIDIA Corporation. All rights reserved.	MD5=2714A70EC2652097F928F9BA3062D7F8 571,55 kb, rsAh, created: 10.12.2022 16:48:06, modified: 13.10.2022 19:05:32	11072
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameStreamAPINode.node Script: Quarantine, Delete, Delete via BC	1705312256	Nvidia GFE node for Gamestream	(C) 2020 NVIDIA Corporation. All rights reserved.	MD5=600A9EA2D2C9823A4874F7717FBBB5AA 487,05 kb, rsAh, created: 10.12.2022 16:48:06, modified: 13.10.2022 19:05:32	11072
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node Script: Quarantine, Delete, Delete via BC	1646788608	NvSDKAPI module for node.js	(C) 2020 NVIDIA Corporation. All rights reserved.	MD5=C109A597E0C86600A5672208FBBB920B 2091,04 kb, rsAh, created: 10.12.2022 16:48:06, modified: 13.10.2022 19:05:35	11072
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvShadowPlayAPINode.node Script: Quarantine, Delete, Delete via BC	1659043840	NvShadowPlayAPI module for node.js	(C) 2020 NVIDIA Corporation. All rights reserved.	MD5=BE42C024DC86B552B393CB34D5737476 694,05 kb, rsAh, created: 10.12.2022 16:48:06, modified: 13.10.2022 19:05:35	11072
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvUtil.node Script: Quarantine, Delete, Delete via BC	1787232256	NVIDIA Utilities for node.js	(C) 2020 NVIDIA Corporation. All rights reserved.	MD5=2F8D09390F230144E1D3C457225D298D 454,05 kb, rsAh, created: 10.12.2022 16:48:06, modified: 13.10.2022 19:05:36	11072
C:\Program Files (x86)\NVIDIA Corporation\NvStreamSrv\NvGfeServiceBridge.dll Script: Quarantine, Delete, Delete via BC	1703870464	NVIDIA Streamer Server Component	(C) 2022 NVIDIA Corporation. All rights reserved.	MD5=638DC600050BCFC5CDAC29703A88FFF2 1352,54 kb, rsAh, created: 10.12.2022 16:48:05, modified: 04.08.2022 07:53:47	11072
C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryAPI32.dll Script: Quarantine, Delete, Delete via BC	1666252800	NVIDIA Telemetry API	(C) 2022 NVIDIA Corporation. All rights reserved.	MD5=ABACD97967D0B8AA7C2D45B4DC799176 473,62 kb, rsAh, created: 10.12.2022 16:48:05, modified: 13.10.2022 19:05:23	11072
C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryBridge32.dll Script: Quarantine, Delete, Delete via BC	1664614400	NVIDIA Telemetry Bridge	(C) 2022 NVIDIA Corporation. All rights reserved.	MD5=57F8CC4CDD90B6821ECDEC622DD3156A 333,62 kb, rsAh, created: 10.12.2022 16:48:05, modified: 13.10.2022 19:05:23	11072
C:\Program Files (x86)\NVIDIA Corporation\ShadowPlay\IpcCommon.dll Script: Quarantine, Delete, Delete via BC	1653342208	NVIDIA IpcCommon	(C) NVIDIA Corporation. All rights reserved.	MD5=2C29ED7381BD63A72D45B35350E9DF65 751,05 kb, rsAh, created: 10.12.2022 16:48:08, modified: 17.10.2022 07:25:20	11072
C:\Program Files (x86)\NVIDIA Corporation\ShadowPlay\nvspapi.dll Script: Quarantine, Delete, Delete via BC	1654980608	NVIDIA ShadowPlay API	(C) NVIDIA Corporation. All rights reserved.	MD5=94A686BEC105CEBA7D9B7B100923E69F 2007,04 kb, rsAh, created: 10.12.2022 16:48:08, modified: 17.10.2022 07:25:22	11072
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackendAPI32.dll Script: Quarantine, Delete, Delete via BC	1706229760	NVIDIA Backend API	(C) 2020 NVIDIA Corporation. All rights reserved.	MD5=C1459866A7619180D4369F755CF001E0 843,55 kb, rsAh, created: 10.12.2022 16:48:05, modified: 13.10.2022 19:05:19	11072
C:\Program Files (x86)\Steam\bin\chromehtml.DLL Script: Quarantine, Delete, Delete via BC	1368129536			MD5=E0CAF5750C904780A70BDE25CEAE0BCC 1270,85 kb, rsAh, created: 10.12.2022 16:44:41, modified: 01.12.2022 23:46:38	16252
C:\Program Files (x86)\Steam\bin\filesystem_stdio.DLL Script: Quarantine, Delete, Delete via BC	1370423296	FileSystem_Stdio.dll	Copyright (C) 2005 Valve Corporation	MD5=7AC8E293BDA4ED40DB2F4AF9730BF48A 192,35 kb, rsAh, created: 10.12.2022 16:44:41, modified: 01.12.2022 23:46:38	16252
c:\program files (x86)\steam\bin\friendsui.DLL Script: Quarantine, Delete, Delete via BC	179175424	Steam Friends UI	Copyright (C) 2005 Valve Corporation	MD5=50ED1F9874ADDFD508F8592C001497A9 5068,35 kb, rsAh, created: 10.12.2022 16:44:41, modified: 01.12.2022 23:46:38	16252
c:\program files (x86)\steam\bin\serverbrowser.DLL Script: Quarantine, Delete, Delete via BC	184418304	Steam Server Browser Library	Copyright (C) 2008 Valve Corporation	MD5=61B815101B45CE3B16CDB21F72ADCE7E 2066,35 kb, rsAh, created: 10.12.2022 16:44:41, modified: 01.12.2022 23:46:38	16252
C:\Program Files (x86)\Steam\bin\vgui2_s.DLL Script: Quarantine, Delete, Delete via BC	1369505792	vgui2_s.dll	Copyright (C) 2007 Valve Corporation	MD5=3938B6125091AA5B76B48CC85B97ED7E 819,85 kb, rsAh, created: 10.12.2022 16:44:41, modified: 01.12.2022 23:46:40	16252
C:\Program Files (x86)\Steam\crashhandler.dll Script: Quarantine, Delete, Delete via BC	1595932672	Steam Crash Handler Library	Copyright (C) 2010	MD5=930E9BB656F2559E7BA051856C7FA6DF 368,85 kb, rsAh, created: 10.12.2022 16:44:41, modified: 01.12.2022 23:46:40	16252
C:\Program Files (x86)\Steam\libavcodec-58.dll Script: Quarantine, Delete, Delete via BC	1380646912			MD5=37ED5037B4CEF56BB5697DD575F3E62E 4314,39 kb, rsAh, created: 10.12.2022 16:44:36, modified: 18.07.2022 17:52:18	16252
C:\Program Files (x86)\Steam\libavformat-58.dll Script: Quarantine, Delete, Delete via BC	1379336192			MD5=956B17A1E7508007823DE8970CBCAACF 1215,89 kb, rsAh, created: 10.12.2022 16:44:36, modified: 18.07.2022 17:52:18	16252
C:\Program Files (x86)\Steam\libavresample-4.dll Script: Quarantine, Delete, Delete via BC	1378680832			MD5=1ADC683960FE451F144FC016AB2868D4 578,39 kb, rsAh, created: 10.12.2022 16:44:36, modified: 18.07.2022 17:52:18	16252
C:\Program Files (x86)\Steam\libavutil-56.dll Script: Quarantine, Delete, Delete via BC	1374748672			MD5=8073FCC89965725B55D8326F509CCC4A 1263,89 kb, rsAh, created: 10.12.2022 16:44:36, modified: 18.07.2022 17:52:18	16252
C:\Program Files (x86)\Steam\libswscale-5.dll Script: Quarantine, Delete, Delete via BC	1373634560			MD5=5D713A62B0940905DD2CA1785FD86FA4 1020,39 kb, rsAh, created: 10.12.2022 16:44:36, modified: 18.07.2022 17:52:18	16252
C:\Program Files (x86)\Steam\SDL2.dll Script: Quarantine, Delete, Delete via BC	1396572160	SDL	Copyright (C) 2022 Sam Lantinga	MD5=7DEBBAEE9B6D3579DD2AC4C11A8D7DC6 1241,85 kb, rsAh, created: 10.12.2022 16:44:41, modified: 01.12.2022 00:56:00	16252
C:\Program Files (x86)\Steam\steamclient.dll Script: Quarantine, Delete, Delete via BC	2014707712	Steamclient.dll	Copyright (C) 2005 Valve Corporation	MD5=C0FA84B1244BE2BBB26964647B953A4E 18458,85 kb, rsAh, created: 10.12.2022 16:44:41, modified: 01.12.2022 23:46:40	16252
C:\Program Files (x86)\Steam\steamui.dll Script: Quarantine, Delete, Delete via BC	1398538240	SteamUI Dynamic Link Library	Copyright (C) 2007	MD5=92FF55938B3C05CEB2CF57BBA17989DF 13238,35 kb, rsAh, created: 10.12.2022 16:44:41, modified: 01.12.2022 23:46:38	16252
C:\Program Files (x86)\Steam\tier0_s.dll Script: Quarantine, Delete, Delete via BC	1397882880	tier0_s Dynamic Link Library	Copyright (C) 2007	MD5=7DF5032A27455E66458577A7AB63EEEB 336,35 kb, rsAh, created: 10.12.2022 16:44:41, modified: 01.12.2022 23:46:42	16252
C:\Program Files (x86)\Steam\video.dll Script: Quarantine, Delete, Delete via BC	1387266048			MD5=10C51D97A1CB42D544725CB1D5455204 3621,35 kb, rsAh, created: 10.12.2022 16:44:41, modified: 01.12.2022 23:46:42	16252
C:\Program Files (x86)\Steam\vstdlib_s.dll Script: Quarantine, Delete, Delete via BC	1386676224	vstdlib_ s.dll	Copyright (C) 2005 Valve Corporation	MD5=18F81CE6CC3510ABA3600AC9036B364A 529,85 kb, rsAh, created: 10.12.2022 16:44:41, modified: 01.12.2022 23:46:42	16252
C:\Program Files\ASUS\Aac_AIOFan\AacAIOFanHal_x86.dll Script: Quarantine, Delete, Delete via BC	1935278080	TODO: <File description>	Copyright (C) 2019	MD5=1ED7A027354718C816A7764389DB8350 891,86 kb, rsAh, created: 24.08.2022 15:55:08, modified: 24.08.2022 15:55:08	11392, 4840
C:\Program Files\ASUS\AuraSDK\AuraSdk_x86.dll Script: Quarantine, Delete, Delete via BC	1945894912	AuraSDK	Copyright (C) ASUSTek Computer Inc. 2015-2017	MD5=2DCF3D443C2F244643E41BE1DAE2951A 631,41 kb, rsAh, created: 19.09.2022 17:29:08, modified: 19.09.2022 17:29:08	4840
C:\Program Files\ENE\Aac_ENE RGB HAL\x86\AacHal_x86.dll Script: Quarantine, Delete, Delete via BC	1945632768	RGB HAL	Copyright (C) 2020	MD5=0FB0DB9761C6634ACF55E7CFE9D840D6 228,15 kb, rsAh, created: 03.08.2022 10:00:40, modified: 03.08.2022 10:00:40	4840
C:\Program Files\Norton Security\Engine32\22.20.5.40\symamsi.dll Script: Quarantine, Delete, Delete via BC	1955987456	Symantec AMSI provider	Copyright (c) 2019 Symantec Corporation	MD5=65F004E38E4C0994908BAEF8B58ECAB9 545,48 kb, RsAh, created: 11.12.2022 20:17:10, modified: 01.08.2020 17:13:51	7224, 16440, 9568, 4736, 3164, 15284, 14560, 16252, 19096
C:\Program Files\Norton Security\NortonData\22.20.5.40\Definitions\BASHDefs\20200717.004\UMEngx86.dll Script: Quarantine, Delete, Delete via BC	2039742464	SONAR Engine	Copyright (C) 2009 - 2019 Symantec Corporation. All rights reserved.	MD5=7D0A1EBFE5D1D5DD5C5FF218A67F9E8A 408,21 kb, rsAh, created: 11.12.2022 20:17:07, modified: 01.08.2020 17:17:39	15284
C:\Program Files\Patriot\Aac_Patriot Viper DRAM RGB\AacHal_x86.dll Script: Quarantine, Delete, Delete via BC	1948188672	VIPER RGB DRAM HAL	Copyright (C) 2020	MD5=838A4427C6106BBC5CAED49AB2A6D488 289,93 kb, rsAh, created: 13.09.2022 15:06:56, modified: 13.09.2022 15:06:56	4840
C:\Program Files\Patriot\Aac_Patriot Viper DRAM RGB\MsIo32_Patriot.dll Script: Quarantine, Delete, Delete via BC	40501248	MsIo for Patriot	Copyright © 1998-2017, MS	MD5=ECCB3ADE98AD289E2177731014C424F9 78,93 kb, rsAh, created: 13.09.2022 14:56:58, modified: 13.09.2022 14:56:58	4840
C:\Program Files\Patriot\Aac_Patriot Viper M2 SSD RGB\AacHal_x86.dll Script: Quarantine, Delete, Delete via BC	1945305088	VIPER RGB M.2 SSD HAL	Copyright (C) 2020	MD5=DB679419EA0AE39A2041BE3BB9ACC75E 295,04 kb, rsAh, created: 06.06.2022 15:50:48, modified: 06.06.2022 15:50:48	4840
C:\Program Files\Patriot\Aac_Patriot Viper M2 SSD RGB\VSCmiddlex86.dll Script: Quarantine, Delete, Delete via BC	1947271168			MD5=CFA2DA5423978C37861191BB4BED255A 110,98 kb, rsAh, created: 17.03.2022 12:03:26, modified: 17.03.2022 12:03:26	4840
C:\Program Files\PD\Aac_Universal Holtek RGB DRAM\AacHal_x86.dll Script: Quarantine, Delete, Delete via BC	1938358272	Universal Holtek RGB DRAM HAL	Copyright (C) 2020	MD5=610E9802ED339684AE38E6B7BC2F1487 289,93 kb, rsAh, created: 14.09.2022 11:37:14, modified: 14.09.2022 11:37:14	4840
C:\Program Files\PD\Aac_Universal Holtek RGB DRAM\MsIo32_UH.dll Script: Quarantine, Delete, Delete via BC	42336256	MsIo for Universal Holtek	Copyright © 1998-2018, MS	MD5=F88E122D7AF4F787FADC929AE645417A 80,93 kb, rsAh, created: 13.09.2022 17:20:18, modified: 13.09.2022 17:20:18	4840
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\54c227bf307d6189c1e101923c57de80\PresentationFramework.ni.dll Script: Quarantine, Delete, Delete via BC	1807417344	PresentationFramework.dll	© Microsoft Corporation. All rights reserved.	MD5=1FD2B614D40B41CDFF75B249C5A65C26 20610,00 kb, rsAh, created: 11.12.2022 20:18:03, modified: 11.12.2022 20:18:03	7224
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\9226d02f1fa1a6b94f19ab4a5253496b\PresentationCore.ni.dll Script: Quarantine, Delete, Delete via BC	1831665664	PresentationCore.dll	© Microsoft Corporation. All rights reserved.	MD5=F5EE376682F7C080F5C78DCDADD7008D 12615,00 kb, rsAh, created: 11.12.2022 20:17:58, modified: 11.12.2022 20:17:58	7224
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\f35af71b9a725f2d893e0cb855f65856\System.Configuration.ni.dll Script: Quarantine, Delete, Delete via BC	1785921536	System.Configuration.dll	© Microsoft Corporation. All rights reserved.	MD5=287502BD02ADB82EB0A82364EE8B2279 1035,00 kb, rsAh, created: 11.12.2022 20:17:53, modified: 11.12.2022 20:17:53	7224, 8836, 3356
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\748e726831f362bceb1eed4aa56b7724\System.Core.ni.dll Script: Quarantine, Delete, Delete via BC	1848967168	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=57A54C3A602CAD0B114FBC1A0ED25E98 8277,00 kb, rsAh, created: 11.12.2022 20:17:52, modified: 11.12.2022 20:17:52	7224, 8836, 3356
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\504082b8f12bade8c80f0ed80c3c7aba\System.Drawing.ni.dll Script: Quarantine, Delete, Delete via BC	1768685568	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=69627C960EC88CEA27D651E575876D0C 1657,50 kb, rsAh, created: 11.12.2022 20:17:50, modified: 11.12.2022 20:17:50	7224, 8836, 3356
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\36f35c159590e22559bfcb673c2c40a0\System.Management.ni.dll Script: Quarantine, Delete, Delete via BC	1661599744	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=21A08B9DA8EDC5344E970ED09978C2B2 1205,50 kb, rsAh, created: 11.12.2022 20:17:52, modified: 11.12.2022 20:17:52	7224
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3c28369a9fce2fbae2d50f971bc46aff\System.Windows.Forms.ni.dll Script: Quarantine, Delete, Delete via BC	1753350144	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=D1C8DBEF07F49AD2FAF15CB962A8CED4 14957,50 kb, rsAh, created: 11.12.2022 20:17:53, modified: 11.12.2022 20:17:54	7224, 8836, 3356
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\f4a37e3b96fc54174bf7e29bf7c8564b\System.Xaml.ni.dll Script: Quarantine, Delete, Delete via BC	1805254656	System.Xaml.dll	© Microsoft Corporation. All rights reserved.	MD5=4B16C967B1F6D292086FE14362220065 2050,50 kb, rsAh, created: 11.12.2022 20:17:50, modified: 11.12.2022 20:17:50	7224
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5b6909511ac835002863faa7fb286842\System.Xml.ni.dll Script: Quarantine, Delete, Delete via BC	1777991680	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=0DA11CA3BB3A4DE5499354B069779287 7586,00 kb, rsAh, created: 11.12.2022 20:17:52, modified: 11.12.2022 20:17:52	7224, 8836, 3356
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\8eab095ce7d0b47146979fc29f6b38ff\System.ni.dll Script: Quarantine, Delete, Delete via BC	1857486848	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=9B9F92B275B72AD8D1555044CA494B88 10337,00 kb, rsAh, created: 11.12.2022 20:17:49, modified: 11.12.2022 20:17:49	7224, 8836, 3356
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\159c138a10427c6a1ef900b628a53ef3\WindowsBase.ni.dll Script: Quarantine, Delete, Delete via BC	1844641792	WindowsBase.dll	© Microsoft Corporation. All rights reserved.	MD5=78D0260C3666AD3081D3661715DFDD0F 4192,50 kb, rsAh, created: 11.12.2022 20:17:53, modified: 11.12.2022 20:17:53	7224
C:\WINDOWS\system32\AsIO3.dll Script: Quarantine, Delete, Delete via BC	1944387584		Copyright (C) 2020	MD5=58FDD9C0444734D6EB06B233F7DF4F0A 523,95 kb, rsAh, created: 10.12.2022 15:02:24, modified: 14.06.2022 13:37:54	6516, 11236, 9568, 4736, 7456
Modules found:406, recognized as trusted 308

Kernel Space Modules Viewer

Module	Redirector	Base address	Size in memory	Description	Manufacturer
C:\WINDOWS\system32\drivers\MsIo64.sys 18,06 kb, rsAh, created: 10.12.2022 16:36:20, modified: 09.06.2022 00:54:48 Script: Quarantine, Delete, Delete via BC	x64	42270000	00007000 (28672)	MICSYS IO driver	Copyright (c) 2021 MICSYS
C:\WINDOWS\system32\drivers\CtiAIo64.sys 31,56 kb, rsAh, created: 10.12.2022 16:36:26, modified: 10.12.2022 16:36:25 Script: Quarantine, Delete, Delete via BC	x64	42A70000	0000A000 (40960)	CTIA IO driver	Copyright (c) 2021 CTI
C:\Program Files\Norton Security\NortonData\22.20.5.40\Definitions\BASHDefs\20200717.004\BHDrvx64.sys 1906,23 kb, rsAh, created: 11.12.2022 20:17:07, modified: 01.08.2020 17:17:39 Script: Quarantine, Delete, Delete via BC	x64	43A70000	001DF000 (1961984)	BASH Driver	Copyright (C) 2004 - 2019 Symantec Corporation. All rights reserved.
C:\WINDOWS\system32\drivers\AsIO3.sys 48,10 kb, rsAh, created: 10.12.2022 15:02:24, modified: 15.08.2022 23:40:22 Script: Quarantine, Delete, Delete via BC	x64	43C70000	0000C000 (49152)
C:\WINDOWS\System32\Drivers\dump_dumpstorport.sys error getting file info Script: Quarantine, Delete, Delete via BC	x64	5E810000	00011000 (69632)
C:\WINDOWS\System32\drivers\dump_stornvme.sys error getting file info Script: Quarantine, Delete, Delete via BC	x64	5E870000	0003B000 (241664)
C:\WINDOWS\System32\Drivers\dump_dumpfve.sys error getting file info Script: Quarantine, Delete, Delete via BC	x64	5E8D0000	0001E000 (122880)
C:\Program Files\AMD\RyzenMaster\bin\AMDRyzenMasterDriver.sys 47,20 kb, rsAh, created: 26.09.2022 06:36:04, modified: 26.09.2022 06:36:04 Script: Quarantine, Delete, Delete via BC	x64	5F100000	0000D000 (53248)	AMD Ryzen Master Service Driver	Copyright © 2022 AMD, Inc.
Items found - 216, recognized as trusted - 208

Services

Service	Description	Status	File name	Redirector	Description	Manufacturer	Group	Dependencies
ArmouryCrateService Service: Stop, Delete, Disable, Delete via BC	ARMOURY CRATE Service	Running	C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe 385,61 kb, rsAh, created: 27.09.2022 08:06:40, modified: 27.09.2022 08:06:40 Script: Quarantine, Delete, Delete via BC	x64	ARMOURY CRATE Service	©ASUSTeK Computer Inc.All rights reserved.
asComSvc Service: Stop, Delete, Disable, Delete via BC	ASUS Com Service	Running	C:\Program Files (x86)\ASUS\AXSP\4.02.15\atkexComSvc.exe 457,52 kb, rsAh, created: 10.12.2022 15:02:55, modified: 06.09.2022 15:01:08 Script: Quarantine, Delete, Delete via BC	x64	ASUS Com Service	ASUSTeK Computer Inc. All rights reserved.	UIGroup	RPCSS
asus Service: Stop, Delete, Disable, Delete via BC	ASUS Update-Dienst (asus)	Not started	C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe 149,52 kb, rsAh, created: 10.12.2022 15:02:43, modified: 10.12.2022 15:02:42 Script: Quarantine, Delete, Delete via BC	x64	ASUS Update	Copyright 2019 ASUSTeK Computer Inc.		RPCSS
AsusCertService Service: Stop, Delete, Disable, Delete via BC	AsusCertService	Running	C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe 545,02 kb, rsAh, created: 10.12.2022 15:02:24, modified: 19.05.2022 09:49:12 Script: Quarantine, Delete, Delete via BC	x64	AsusCertService.exe	(c) ASUSTek COMPUTER INC. All rights reserved.	Event Log	RPCSS
asusm Service: Stop, Delete, Disable, Delete via BC	ASUS Update-Dienst (asusm)	Not started	C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe 149,52 kb, rsAh, created: 10.12.2022 15:02:43, modified: 10.12.2022 15:02:42 Script: Quarantine, Delete, Delete via BC	x64	ASUS Update	Copyright 2019 ASUSTeK Computer Inc.		RPCSS
AsusUpdateCheck Service: Stop, Delete, Disable, Delete via BC	AsusUpdateCheck	Running	C:\WINDOWS\System32\AsusUpdateCheck.exe 825,45 kb, rsAh, created: 10.12.2022 14:49:28, modified: 11.12.2022 20:23:11 Script: Quarantine, Delete, Delete via BC	x64	AsusUpdateCheck_with_NoDriver	Copyright (C) 2019
Disc Soft Lite Bus Service Service: Stop, Delete, Disable, Delete via BC	Disc Soft Lite Bus Service	Running	C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe 4912,45 kb, rsAh, created: 11.12.2022 20:17:42, modified: 11.12.2022 20:17:43 Script: Quarantine, Delete, Delete via BC	x64	Disc Soft Bus Service Lite	© 2000-2020 Disc Soft Ltd.		RPCSS
FvSvc Service: Stop, Delete, Disable, Delete via BC	NVIDIA FrameView SDK service	Not started	C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe 392,54 kb, rsAh, created: 10.12.2022 16:48:08, modified: 07.09.2022 15:56:16 Script: Quarantine, Delete, Delete via BC	x64		Copyright (C) 2018-2022, NVIDIA CORPORATION. All rights reserved
GameSDK Service Service: Stop, Delete, Disable, Delete via BC	GameSDK Service	Running	C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe 388,23 kb, rsAh, created: 31.05.2022 13:19:42, modified: 31.05.2022 13:19:42 Script: Quarantine, Delete, Delete via BC	x64	GameSDK	Copyright (C) ASUS Tek Computer Inc 2021
GoogleChromeElevationService Service: Stop, Delete, Disable, Delete via BC	Google Chrome Elevation Service (GoogleChromeElevationService)	Not started	C:\Program Files (x86)\Google\Chrome\Application\108.0.5359.99\elevation_service.exe 1681,77 kb, rsAh, created: 10.12.2022 16:27:45, modified: 07.12.2022 02:36:53 Script: Quarantine, Delete, Delete via BC	x64	Google Chrome	Copyright 2022 Google LLC. All rights reserved.		RPCSS
LightingService Service: Stop, Delete, Disable, Delete via BC	LightingService	Running	C:\Program Files (x86)\LightingService\LightingService.exe 3796,85 kb, rsAh, created: 26.09.2022 18:46:32, modified: 26.09.2022 18:46:32 Script: Quarantine, Delete, Delete via BC	x64	LightingService	Copyright (C) ASUSTek Computer Inc. 2015-2017		RPCSS
MicrosoftEdgeElevationService Service: Stop, Delete, Disable, Delete via BC	Microsoft Edge Elevation Service (MicrosoftEdgeElevationService)	Not started	C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.46\elevation_service.exe 1698,41 kb, rsAh, created: 10.12.2022 14:55:57, modified: 08.12.2022 13:18:38 Script: Quarantine, Delete, Delete via BC	x64	Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.		RPCSS
NortonSecurity Service: Stop, Delete, Disable, Delete via BC	Norton Security	Running	C:\Program Files\Norton Security\Engine\22.20.5.40\NortonSecurity.exe 336,68 kb, RsAh, created: 11.12.2022 20:17:08, modified: 01.08.2020 17:34:44 Script: Quarantine, Delete, Delete via BC	x64	Norton Security	Copyright (c) 2020 Symantec Corporation. All rights reserved.		RpcSs
nsWscSvc Service: Stop, Delete, Disable, Delete via BC	Norton WSC Service	Running	C:\Program Files\Norton Security\Engine\22.20.5.40\nsWscSvc.exe 1031,34 kb, RsAh, created: 11.12.2022 20:17:09, modified: 01.08.2020 17:27:28 Script: Quarantine, Delete, Delete via BC	x64	Norton Security WSC Service	Copyright (c) 2020 NortonLifeLock Inc. All rights reserved.		RpcSs
ROG Live Service Service: Stop, Delete, Disable, Delete via BC	ROG Live Service	Running	C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe 6581,11 kb, rsAh, created: 21.09.2022 16:53:30, modified: 21.09.2022 16:53:30 Script: Quarantine, Delete, Delete via BC	x64	ROG Live Service	Copyright (C) 2019
Steam Client Service Service: Stop, Delete, Disable, Delete via BC	Steam Client Service	Running	C:\Program Files (x86)\Common Files\Steam\steamservice.exe 2601,35 kb, rsAh, created: 10.12.2022 16:42:38, modified: 01.12.2022 23:46:38 Script: Quarantine, Delete, Delete via BC	x64	Steam Client Service	Copyright (C) Valve Corporation
Items found - 285, recognized as trusted - 269

Drivers

Service	Description	Status	File name	Redirector	Description	Manufacturer	Group	Dependencies
AMDRyzenMasterDriverV20 Driver: Unload, Delete, Disable, Delete via BC	AMDRyzenMasterDriverV20	Running	C:\Program Files\AMD\RyzenMaster\bin\AMDRyzenMasterDriver.sys 47,20 kb, rsAh, created: 26.09.2022 06:36:04, modified: 26.09.2022 06:36:04 Script: Quarantine, Delete, Delete via BC	x64	AMD Ryzen Master Service Driver	Copyright © 2022 AMD, Inc.
Asusgio3 Driver: Unload, Delete, Disable, Delete via BC	Asusgio3	Running	C:\WINDOWS\system32\drivers\AsIO3.sys 48,10 kb, rsAh, created: 10.12.2022 15:02:24, modified: 15.08.2022 23:40:22 Script: Quarantine, Delete, Delete via BC	x64
BHDrvx64 Driver: Unload, Delete, Disable, Delete via BC	BHDrvx64	Running	C:\Program Files\Norton Security\NortonData\22.20.5.40\Definitions\BASHDefs\20200717.004\BHDrvx64.sys 1906,23 kb, rsAh, created: 11.12.2022 20:17:07, modified: 01.08.2020 17:17:39 Script: Quarantine, Delete, Delete via BC	x64	BASH Driver	Copyright (C) 2004 - 2019 Symantec Corporation. All rights reserved.		FltMgr
cpuz154 Driver: Unload, Delete, Disable, Delete via BC	cpuz154	Not started	C:\WINDOWS\temp\cpuz154\cpuz154_x64.sys 40,02 kb, rsAh, created: 11.12.2022 20:04:01, modified: 11.12.2022 20:04:01 Script: Quarantine, Delete, Delete via BC	x64	CPUID Driver	Copyright(C) 2022 CPUID
CTIAIO Driver: Unload, Delete, Disable, Delete via BC	CTIAIO	Running	C:\WINDOWS\system32\drivers\CtiAIo64.sys 31,56 kb, rsAh, created: 10.12.2022 16:36:26, modified: 10.12.2022 16:36:25 Script: Quarantine, Delete, Delete via BC	x64	CTIA IO driver	Copyright (c) 2021 CTI
MSIO Driver: Unload, Delete, Disable, Delete via BC	MSIO	Running	C:\WINDOWS\system32\drivers\MsIo64.sys 18,06 kb, rsAh, created: 10.12.2022 16:36:20, modified: 09.06.2022 00:54:48 Script: Quarantine, Delete, Delete via BC	x64	MICSYS IO driver	Copyright (c) 2021 MICSYS
WinSetupMon Driver: Unload, Delete, Disable, Delete via BC	WinSetupMon	Not started	C:\WINDOWS\system32\DRIVERS\WinSetupMon.sys error getting file info Script: Quarantine, Delete, Delete via BC	x64			FSFilter System	FltMgr
Items found - 415, recognized as trusted - 408

Autoruns

File name	Redirector	Startup method	Description
C:\Windows\System32\icardres.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\CardSpace 4.0.0.0, EventMessageFile
C:\Windows\System32\icardres.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\CardSpace 4.0.0.0, CategoryMessageFile
C:\Program Files (x86)\Google\Chrome\Application\108.0.5359.99\eventlog_provider.dll 16,77 kb, rsAh, created: 10.12.2022 16:27:45, modified: 07.12.2022 02:36:54 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Chrome, EventMessageFile
C:\Program Files (x86)\Google\Chrome\Application\108.0.5359.99\eventlog_provider.dll 16,77 kb, rsAh, created: 10.12.2022 16:27:45, modified: 07.12.2022 02:36:54 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Chrome, CategoryMessageFile
C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.46\eventlog_provider.dll 16,41 kb, rsAh, created: 10.12.2022 14:55:57, modified: 08.12.2022 13:19:07 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Edge, EventMessageFile
C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.46\eventlog_provider.dll 16,41 kb, rsAh, created: 10.12.2022 14:55:57, modified: 08.12.2022 13:19:07 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Edge, CategoryMessageFile
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.37\msedgeupdate.dll 2087,92 kb, rsAh, created: 10.12.2022 14:55:14, modified: 10.12.2022 14:55:14 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\edgeupdate, EventMessageFile
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.37\msedgeupdate.dll 2087,92 kb, rsAh, created: 10.12.2022 14:55:14, modified: 10.12.2022 14:55:14 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\edgeupdatem, EventMessageFile
C:\Program Files\Common Files\Microsoft Shared\Ink\IPSEventLogMsg.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Handwriting Recognition, EventMessageFile
C:\Program Files\Common Files\Microsoft Shared\Ink\IPSEventLogMsg.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Handwriting Recognition, CategoryMessageFile
C:\WINDOWS\system32\perfctrs.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-PerfCtrs, EventMessageFile
C:\Program Files\Norton Security\MUI\22.20.5.40\07\01\rcSvcHst.dll 18,56 kb, RsAh, created: 11.12.2022 20:17:08, modified: 01.08.2020 17:14:31 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\NortonSecurity, EventMessageFile
C:\Program Files (x86)\Steam\bin\steamservice.exe 2601,35 kb, rsAh, created: 22.03.2022 03:23:12, modified: 01.12.2022 23:46:38 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Steam Client Service, EventMessageFile
C:\WINDOWS\System32\Drivers\UMDF\UsbccidDriver.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-USB-CCID, EventMessageFile
C:\WINDOWS\UUS\x86\wuaueng.dll error getting file info Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WindowsUpdateClient, EventMessageFile
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 3060,27 kb, rsAh, created: 10.12.2022 16:16:10, modified: 07.12.2022 02:36:41 Script: Quarantine, Delete, Delete via BC	x64	Shortcut in Startup folder	C:\Users\fbird\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\fbird\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk,
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 3786,41 kb, rsAh, created: 05.08.2021 23:41:46, modified: 08.12.2022 13:19:52 Script: Quarantine, Delete, Delete via BC	x64	Shortcut in Startup folder	C:\Users\fbird\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\fbird\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk,
C:\Users\fbird\AppData\Local\Microsoft\OneDrive\OneDrive.exe 2564,92 kb, rsAh, created: 10.12.2022 14:58:17, modified: 11.12.2022 15:58:08 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, OneDrive Delete
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 3786,41 kb, rsAh, created: 05.08.2021 23:41:46, modified: 08.12.2022 13:19:52 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, MicrosoftEdgeAutoLaunch_FC0DC93C963F5CFBBF30C9B37F57ECC9 Delete
C:\Program Files (x86)\Steam\steam.exe 4145,85 kb, rsAh, created: 22.03.2022 03:23:12, modified: 01.12.2022 23:46:38 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Steam Delete
C:\Program Files (x86)\Battle.net\Battle.net.exe 1064,62 kb, rsAh, created: 10.12.2022 17:13:16, modified: 10.12.2022 17:13:16 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Battle.net Delete
C:\Program Files\DAEMON Tools Lite\DTAgent.exe 399,45 kb, rsAh, created: 11.12.2022 20:17:42, modified: 11.12.2022 20:17:43 Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, DAEMON Tools Lite Automount Delete
C:\WINDOWS\system32\bootim.exe error getting file info Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\, BootShell
C:\WINDOWS\System32\win32k.sys error getting file info Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Kmode
C:\Windows\System32\OneDriveSetup.exe error getting file info Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_USERS, S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run, OneDriveSetup Delete
C:\Windows\System32\OneDriveSetup.exe error getting file info Script: Quarantine, Delete, Delete via BC	x32	Registry key	HKEY_USERS, S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run, OneDriveSetup Delete
C:\Program Files\ASUS\Virtual Pet\Virtual Pet.exe 37497,11 kb, rsAh, created: 10.12.2022 16:40:25, modified: 11.12.2022 16:19:41 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, Virtual Pet Delete
C:\Users\fbird\AppData\Local\Microsoft\OneDrive\OneDrive.exe 2564,92 kb, rsAh, created: 10.12.2022 14:58:17, modified: 11.12.2022 15:58:08 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, OneDrive Delete
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 3786,41 kb, rsAh, created: 05.08.2021 23:41:46, modified: 08.12.2022 13:19:52 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, MicrosoftEdgeAutoLaunch_FC0DC93C963F5CFBBF30C9B37F57ECC9 Delete
C:\Program Files (x86)\Steam\steam.exe 4145,85 kb, rsAh, created: 22.03.2022 03:23:12, modified: 01.12.2022 23:46:38 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Steam Delete
C:\Program Files (x86)\Battle.net\Battle.net.exe 1064,62 kb, rsAh, created: 10.12.2022 17:13:16, modified: 10.12.2022 17:13:16 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Battle.net Delete
C:\Program Files\DAEMON Tools Lite\DTAgent.exe 399,45 kb, rsAh, created: 11.12.2022 20:17:42, modified: 11.12.2022 20:17:43 Script: Quarantine, Delete, Delete via BC	x64	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, DAEMON Tools Lite Automount Delete
Items found - 1127, recognized as trusted - 1095

Internet Explorer extension modules (BHOs, Toolbars ...)

File name	Redirector	Type	Description	Manufacturer	CLSID
C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.46\BHO\ie_to_edge_bho.dll 446,41 kb, rsAh, created: 10.12.2022 14:55:57, modified: 08.12.2022 13:19:21 Script: Quarantine, Delete, Delete via BC	x32	BHO	IEToEdge BHO	Copyright Microsoft Corporation. All rights reserved.	{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} Delete
C:\Program Files\Norton Security\Engine32\22.20.5.40\coIEPlg.dll 1110,95 kb, RsAh, created: 11.12.2022 20:17:09, modified: 01.08.2020 17:16:52 Script: Quarantine, Delete, Delete via BC	x32	BHO	coIEPlugIn	Copyright (c) 2020 NortonLifeLock Inc. All rights reserved.	{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} Delete
C:\Program Files\Norton Security\Engine32\22.20.5.40\coIEPlg.dll 1110,95 kb, RsAh, created: 11.12.2022 20:17:09, modified: 01.08.2020 17:16:52 Script: Quarantine, Delete, Delete via BC	x32	Toolbar	coIEPlugIn	Copyright (c) 2020 NortonLifeLock Inc. All rights reserved.	{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Delete
C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.46\BHO\ie_to_edge_bho_64.dll 581,41 kb, rsAh, created: 10.12.2022 14:55:57, modified: 08.12.2022 13:18:53 Script: Quarantine, Delete, Delete via BC	x64	BHO	IEToEdge BHO	Copyright Microsoft Corporation. All rights reserved.	{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} Delete
C:\Program Files\Norton Security\Engine\22.20.5.40\coIEPlg.dll 1475,95 kb, RsAh, created: 11.12.2022 20:17:08, modified: 01.08.2020 17:16:52 Script: Quarantine, Delete, Delete via BC	x64	BHO	coIEPlugIn	Copyright (c) 2020 NortonLifeLock Inc. All rights reserved.	{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} Delete
C:\Program Files\Norton Security\Engine\22.20.5.40\coIEPlg.dll 1475,95 kb, RsAh, created: 11.12.2022 20:17:08, modified: 01.08.2020 17:16:52 Script: Quarantine, Delete, Delete via BC	x64	Toolbar	coIEPlugIn	Copyright (c) 2020 NortonLifeLock Inc. All rights reserved.	{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Delete
Items found - 8, recognized as trusted - 2

Windows Explorer extension modules

File name	Redirector	Destination	Description	Manufacturer	CLSID
Items found - 76, recognized as trusted - 76

Printing system extensions (print monitors, providers)

File name	Redirector	Name	Type	Description	Manufacturer
Items found - 8, recognized as trusted - 8

Task Scheduler jobs

File name	Redirector	Job name	Description	Manufacturer	Path	Command line
C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe 656,31 kb, rsAh, created: 26.09.2022 06:39:48, modified: 26.09.2022 06:39:48 Script: Quarantine, Delete, Delete via BC	x64	AMDAutoUpdate Script: Delete scheduler task	AMD AutoUpdate	Copyright © 2022	C:\WINDOWS\system32\Tasks\	"C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe"
C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe 302,35 kb, rsAh, created: 10.12.2022 16:33:55, modified: 17.10.2022 10:27:08 Script: Quarantine, Delete, Delete via BC	x64	AcPowerNotification Script: Delete scheduler task	AcPowerNotification	Copyright © 2020	C:\WINDOWS\system32\Tasks\ASUS\	C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe
C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe 1816,35 kb, rsAh, created: 10.12.2022 16:33:55, modified: 17.10.2022 10:29:54 Script: Quarantine, Delete, Delete via BC	x64	ArmourySocketServer Script: Delete scheduler task	ArmourySocketServer	Copyright (C) 2019	C:\WINDOWS\system32\Tasks\ASUS\	C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe 149,52 kb, rsAh, created: 10.12.2022 15:02:43, modified: 10.12.2022 15:02:42 Script: Quarantine, Delete, Delete via BC	x64	ASUSUpdateTaskMachineCore1d90ca01399a7de Script: Delete scheduler task	ASUS Update	Copyright 2019 ASUSTeK Computer Inc.	C:\WINDOWS\system32\Tasks\ASUS\	C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /c
C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe 149,52 kb, rsAh, created: 10.12.2022 15:02:43, modified: 10.12.2022 15:02:42 Script: Quarantine, Delete, Delete via BC	x64	ASUSUpdateTaskMachineUA Script: Delete scheduler task	ASUS Update	Copyright 2019 ASUSTeK Computer Inc.	C:\WINDOWS\system32\Tasks\ASUS\	C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /ua /installsource scheduler
C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe 43836,43 kb, rsAh, created: 10.12.2022 16:33:25, modified: 04.11.2022 09:02:14 Script: Quarantine, Delete, Delete via BC	x64	Framework Service Script: Delete scheduler task	ASUS NodeJS Web Framework	Copyright Node.js contributors. MIT license.	C:\WINDOWS\system32\Tasks\ASUS\	C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe
C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe 1225,35 kb, rsAh, created: 10.12.2022 16:37:19, modified: 29.09.2022 17:09:40 Script: Quarantine, Delete, Delete via BC	x64	NoiseCancelingEngine Script: Delete scheduler task	NoiseCancelingEngine	Copyright (C) 2020	C:\WINDOWS\system32\Tasks\ASUS\	C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe
C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG error getting file info Script: Quarantine, Delete, Delete via BC	x64	P508PowerAgent_sdk Script: Delete scheduler task			C:\WINDOWS\system32\Tasks\ASUS\	C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe
CARRY\P508PowerAgent.exe error getting file info Script: Quarantine, Delete, Delete via BC	x64	P508PowerAgent_sdk Script: Delete scheduler task			C:\WINDOWS\system32\Tasks\ASUS\	C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe
C:\WINDOWS\System32\MbaeParserTask.exe error getting file info Script: Quarantine, Delete, Delete via BC	x64	MNO Metadata Parser Script: Delete scheduler task			C:\WINDOWS\system32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\	%SystemRoot%\System32\MbaeParserTask.exe
C:\Windows\System32\OOBE\SetupPlatform\SetupPlatform.exe 365,38 kb, rsAh, created: 03.11.2022 21:11:30, modified: 03.11.2022 21:11:30 Script: Quarantine, Delete, Delete via BC	x64	SnapshotCleanupTask Script: Delete scheduler task	SetupPlatform-Modul	© Microsoft Corporation. Alle Rechte vorbehalten.	C:\WINDOWS\system32\Tasks\Microsoft\Windows\Setup\	C:\Windows\System32\OOBE\SetupPlatform\SetupPlatform.exe -removesnapshot
C:\WINDOWS\system32\MusNotification.exe error getting file info Script: Quarantine, Delete, Delete via BC	x64	USO_UxBroker Script: Delete scheduler task			C:\WINDOWS\system32\Tasks\Microsoft\Windows\UpdateOrchestrator\	%systemroot%\system32\MusNotification.exe
C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.46\Installer\setup.exe 3288,91 kb, rsAh, created: 10.12.2022 14:55:58, modified: 10.12.2022 14:55:51 Script: Quarantine, Delete, Delete via BC	x64	MicrosoftEdgeShadowStackRollbackTask Script: Delete scheduler task	Microsoft Edge Installer	Copyright Microsoft Corporation. All rights reserved.	C:\WINDOWS\system32\Tasks\	C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.46\Installer\setup.exe --handle-crash="$(ProcessPath)"
C:\Program Files\Norton Security\Engine\22.20.5.40\SymErr.exe 114,45 kb, RsAh, created: 11.12.2022 20:17:10, modified: 01.08.2020 17:17:49 Script: Quarantine, Delete, Delete via BC	x64	Norton Security Autofix Script: Delete scheduler task	NortonLifeLock Error Reporting	Copyright © 2020 NortonLifeLock Inc. All rights reserved.	C:\WINDOWS\system32\Tasks\Norton Security\	C:\Program Files\Norton Security\Engine\22.20.5.40\SymErr.exe /ui
C:\Program Files\Norton Security\Engine\22.20.5.40\SymErr.exe 114,45 kb, RsAh, created: 11.12.2022 20:17:10, modified: 01.08.2020 17:17:49 Script: Quarantine, Delete, Delete via BC	x64	Norton Security Error Analyzer Script: Delete scheduler task	NortonLifeLock Error Reporting	Copyright © 2020 NortonLifeLock Inc. All rights reserved.	C:\WINDOWS\system32\Tasks\Norton Security\	C:\Program Files\Norton Security\Engine\22.20.5.40\SymErr.exe /analyze
C:\Program Files\Norton Security\Engine\22.20.5.40\SymErr.exe 114,45 kb, RsAh, created: 11.12.2022 20:17:10, modified: 01.08.2020 17:17:49 Script: Quarantine, Delete, Delete via BC	x64	Norton Security Error Processor Script: Delete scheduler task	NortonLifeLock Error Reporting	Copyright © 2020 NortonLifeLock Inc. All rights reserved.	C:\WINDOWS\system32\Tasks\Norton Security\	C:\Program Files\Norton Security\Engine\22.20.5.40\SymErr.exe /submit
C:\Program Files\Norton Security\Engine\22.20.5.40\WSCStub.exe 629,50 kb, RsAh, created: 11.12.2022 20:17:09, modified: 01.08.2020 17:27:28 Script: Quarantine, Delete, Delete via BC	x64	Norton WSC Integration Script: Delete scheduler task	WSCStub	Copyright (c) 2020 NortonLifeLock Inc. All rights reserved.	C:\WINDOWS\system32\Tasks\	"C:\Program Files\Norton Security\Engine\22.20.5.40\WSCStub.exe" /taskschd
C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log 5,58 kb, rsAh, created: 11.12.2022 16:00:30, modified: 11.12.2022 16:00:30 Script: Quarantine, Delete, Delete via BC	x64	NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} Script: Delete scheduler task			C:\WINDOWS\system32\Tasks\	C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log WorkingDirectory=C:\Program Files\NVIDIA Corporation\NvContainer
C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe 3264,04 kb, rsAh, created: 10.12.2022 16:48:07, modified: 17.10.2022 07:52:57 Script: Quarantine, Delete, Delete via BC	x64	NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} Script: Delete scheduler task	NVIDIA GeForce Experience	(C) 2017-2022 NVIDIA Corporation. All rights reserved.	C:\WINDOWS\system32\Tasks\	"C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe" WorkingDirectory=C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience
C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe 634,55 kb, rsAh, created: 10.12.2022 16:48:06, modified: 13.10.2022 19:05:36 Script: Quarantine, Delete, Delete via BC	x64	NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} Script: Delete scheduler task	NVIDIA nodejs launcher	(C) 2020 NVIDIA Corporation. All rights reserved.	C:\WINDOWS\system32\Tasks\	C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe --launcher=TaskScheduler WorkingDirectory=C:\Program Files (x86)\NVIDIA Corporation\NvNode
C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe 887,55 kb, rsAh, created: 10.12.2022 16:48:05, modified: 13.10.2022 19:05:20 Script: Quarantine, Delete, Delete via BC	x64	NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} Script: Delete scheduler task	NVIDIA driver profile updater	(C) 2020 NVIDIA Corporation. All rights reserved.	C:\WINDOWS\system32\Tasks\	C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe WorkingDirectory=C:\Program Files\NVIDIA Corporation\Update Core
C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe 887,55 kb, rsAh, created: 10.12.2022 16:48:05, modified: 13.10.2022 19:05:20 Script: Quarantine, Delete, Delete via BC	x64	NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} Script: Delete scheduler task	NVIDIA driver profile updater	(C) 2020 NVIDIA Corporation. All rights reserved.	C:\WINDOWS\system32\Tasks\	C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe WorkingDirectory=C:\Program Files\NVIDIA Corporation\Update Core
C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe 1617,05 kb, rsAh, created: 10.12.2022 16:48:05, modified: 13.10.2022 19:05:20 Script: Quarantine, Delete, Delete via BC	x64	NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} Script: Delete scheduler task	NVIDIA crash and telemetry reporter	(C) 2020 NVIDIA Corporation. All rights reserved.	C:\WINDOWS\system32\Tasks\	C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe WorkingDirectory=C:\Program Files\NVIDIA Corporation\NvBackend
C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe 1617,05 kb, rsAh, created: 10.12.2022 16:48:05, modified: 13.10.2022 19:05:20 Script: Quarantine, Delete, Delete via BC	x64	NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} Script: Delete scheduler task	NVIDIA crash and telemetry reporter	(C) 2020 NVIDIA Corporation. All rights reserved.	C:\WINDOWS\system32\Tasks\	C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe WorkingDirectory=C:\Program Files\NVIDIA Corporation\NvBackend
C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe 1617,05 kb, rsAh, created: 10.12.2022 16:48:05, modified: 13.10.2022 19:05:20 Script: Quarantine, Delete, Delete via BC	x64	NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} Script: Delete scheduler task	NVIDIA crash and telemetry reporter	(C) 2020 NVIDIA Corporation. All rights reserved.	C:\WINDOWS\system32\Tasks\	C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe WorkingDirectory=C:\Program Files\NVIDIA Corporation\NvBackend
C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe 1617,05 kb, rsAh, created: 10.12.2022 16:48:05, modified: 13.10.2022 19:05:20 Script: Quarantine, Delete, Delete via BC	x64	NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} Script: Delete scheduler task	NVIDIA crash and telemetry reporter	(C) 2020 NVIDIA Corporation. All rights reserved.	C:\WINDOWS\system32\Tasks\	C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe WorkingDirectory=C:\Program Files\NVIDIA Corporation\NvBackend
C:\Users\fbird\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe 4090,92 kb, rsAh, created: 10.12.2022 14:58:17, modified: 11.12.2022 15:58:08 Script: Quarantine, Delete, Delete via BC	x64	OneDrive Reporting Task-S-1-5-21-2409169652-731570565-4071852904-1001 Script: Delete scheduler task	Standalone Updater	© Microsoft Corporation. All rights reserved.	C:\WINDOWS\system32\Tasks\	%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting
C:\Users\fbird\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe 4090,92 kb, rsAh, created: 10.12.2022 14:58:17, modified: 11.12.2022 15:58:08 Script: Quarantine, Delete, Delete via BC	x64	OneDrive Standalone Update Task-S-1-5-21-2409169652-731570565-4071852904-1001 Script: Delete scheduler task	Standalone Updater	© Microsoft Corporation. All rights reserved.	C:\WINDOWS\system32\Tasks\	%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Items found - 148, recognized as trusted - 120

Namespace providers (NSP)

Manufacturer	Status	EXE file	Redirector	Description	Manufacturer	GUID
Items found - 14, recognized as trusted - 14

Transport protocol providers (TSP, LSP)

Protocol Name	EXE file	Redirector	Description	Manufacturer
Items found - 28, recognized as trusted - 28

TCP/UDP ports

Port	Status	Remote Host	Remote Port	Application	Redirector	Notes	Description	Manufacturer
TCP ports
445	LISTENING	0.0.0.0	0	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64	Microsoft NET
1042	LISTENING	0.0.0.0	0	c:\program files (x86)\asus\armourydevice\asus_framework.exe [7472] 43836,43 kb, rsAh, created: 10.12.2022 16:33:25, modified: 04.11.2022 09:02:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ASUS NodeJS Web Framework	Copyright Node.js contributors. MIT license.
1043	LISTENING	0.0.0.0	0	c:\program files (x86)\asus\armourydevice\asus_framework.exe [7472] 43836,43 kb, rsAh, created: 10.12.2022 16:33:25, modified: 04.11.2022 09:02:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ASUS NodeJS Web Framework	Copyright Node.js contributors. MIT license.
1236	LISTENING	0.0.0.0	0	c:\windows\system32\asusupdatecheck.exe [4696] 825,45 kb, rsAh, created: 10.12.2022 14:49:28, modified: 11.12.2022 20:23:11 Script: Quarantine, Delete, Delete via BC, Terminate	x64		AsusUpdateCheck_with_NoDriver	Copyright (C) 2019
2869	LISTENING	0.0.0.0	0	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64
7680	LISTENING	0.0.0.0	0	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
9012	LISTENING	0.0.0.0	0	c:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe [7300] 1816,35 kb, rsAh, created: 10.12.2022 16:33:55, modified: 17.10.2022 10:29:54 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ArmourySocketServer	Copyright (C) 2019
9013	LISTENING	0.0.0.0	0	c:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe [7300] 1816,35 kb, rsAh, created: 10.12.2022 16:33:55, modified: 17.10.2022 10:29:54 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ArmourySocketServer	Copyright (C) 2019
27036	LISTENING	0.0.0.0	0	c:\program files (x86)\steam\steam.exe [16252] 4145,85 kb, rsAh, created: 22.03.2022 03:23:12, modified: 01.12.2022 23:46:38 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Steam	Copyright (C) 2021 Valve Corporation
45769	LISTENING	0.0.0.0	0	c:\program files\daemon tools lite\discsoftbusservicelite.exe [17784] 4912,45 kb, rsAh, created: 11.12.2022 20:17:42, modified: 11.12.2022 20:17:43 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Disc Soft Bus Service Lite	© 2000-2020 Disc Soft Ltd.
49665	LISTENING	0.0.0.0	0	wininit.exe [896] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64
49669	LISTENING	0.0.0.0	0	services.exe [976] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64
50034	LISTENING	0.0.0.0	0	c:\program files\norton security\engine\22.20.5.40\nortonsecurity.exe [4908] 336,68 kb, RsAh, created: 11.12.2022 20:17:08, modified: 01.08.2020 17:34:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Norton Security	Copyright (c) 2020 Symantec Corporation. All rights reserved.
50035	LISTENING	0.0.0.0	0	c:\program files\norton security\engine\22.20.5.40\nortonsecurity.exe [4908] 336,68 kb, RsAh, created: 11.12.2022 20:17:08, modified: 01.08.2020 17:34:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Norton Security	Copyright (c) 2020 Symantec Corporation. All rights reserved.
139	LISTENING	0.0.0.0	0	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64	Microsoft NET
49677	TIME_WAIT	20.82.217.86	443	[0]	x64
49680	TIME_WAIT	20.54.232.160	443	[0]	x64
49688	TIME_WAIT	35.186.224.25	443	[0]	x64
49706	TIME_WAIT	52.18.152.151	443	[0]	x64
49714	TIME_WAIT	68.232.34.52	443	[0]	x64
49729	TIME_WAIT	40.126.31.70	443	[0]	x64
49732	TIME_WAIT	20.190.159.29	443	[0]	x64
49737	TIME_WAIT	204.79.197.239	443	[0]	x64
49738	TIME_WAIT	52.109.68.99	443	[0]	x64
49740	TIME_WAIT	142.250.180.227	443	[0]	x64
49741	TIME_WAIT	142.251.39.68	443	[0]	x64
49742	TIME_WAIT	20.82.210.154	443	[0]	x64
49743	TIME_WAIT	142.251.208.109	443	[0]	x64
49746	TIME_WAIT	10.0.0.214	8008	[0]	x64
49748	TIME_WAIT	10.0.0.214	8008	[0]	x64
49753	CLOSE_WAIT	37.244.28.21	1119	c:\programdata\battle.net\agent\agent.8067\agent.exe [16440] 5422,12 kb, rsAh, created: 10.12.2022 17:12:58, modified: 10.12.2022 17:12:59 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Battle.net Update Agent	© 2010-2022 Blizzard Entertainment Inc.
49772	ESTABLISHED	24.105.29.76	443	c:\program files (x86)\battle.net\battle.net.exe [14560] 1064,62 kb, rsAh, created: 10.12.2022 17:13:16, modified: 10.12.2022 17:13:16 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Battle·net	© 2012-2022 Blizzard Entertainment Inc.
49786	ESTABLISHED	20.199.120.85	443	c:\users\fbird\appdata\local\microsoft\onedrive\onedrive.exe [14924] 2564,92 kb, rsAh, created: 10.12.2022 14:58:17, modified: 11.12.2022 15:58:08 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft OneDrive	© Microsoft Corporation. All rights reserved.
49787	TIME_WAIT	13.105.28.32	443	[0]	x64
49792	ESTABLISHED	37.244.55.151	1119	c:\program files (x86)\battle.net\battle.net.exe [14560] 1064,62 kb, rsAh, created: 10.12.2022 17:13:16, modified: 10.12.2022 17:13:16 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Battle·net	© 2012-2022 Blizzard Entertainment Inc.
49796	TIME_WAIT	142.251.208.131	443	[0]	x64
49801	ESTABLISHED	10.0.0.214	8009	c:\program files (x86)\microsoft\edge\application\msedge.exe [14404] 3786,41 kb, rsAh, created: 05.08.2021 23:41:46, modified: 08.12.2022 13:19:52 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.
49806	ESTABLISHED	10.0.0.214	8009	c:\program files (x86)\google\chrome\application\chrome.exe [15420] 3060,27 kb, rsAh, created: 10.12.2022 16:16:10, modified: 07.12.2022 02:36:41 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2022 Google LLC. All rights reserved.
49811	TIME_WAIT	20.223.237.241	443	[0]	x64
49831	ESTABLISHED	24.105.29.76	443	c:\program files (x86)\battle.net\battle.net.exe [14560] 1064,62 kb, rsAh, created: 10.12.2022 17:13:16, modified: 10.12.2022 17:13:16 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Battle·net	© 2012-2022 Blizzard Entertainment Inc.
49833	ESTABLISHED	24.105.29.76	443	c:\program files (x86)\battle.net\battle.net.exe [14560] 1064,62 kb, rsAh, created: 10.12.2022 17:13:16, modified: 10.12.2022 17:13:16 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Battle·net	© 2012-2022 Blizzard Entertainment Inc.
49835	ESTABLISHED	24.105.29.76	443	c:\program files (x86)\battle.net\battle.net.exe [14560] 1064,62 kb, rsAh, created: 10.12.2022 17:13:16, modified: 10.12.2022 17:13:16 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Battle·net	© 2012-2022 Blizzard Entertainment Inc.
49836	ESTABLISHED	24.105.29.76	443	c:\program files (x86)\battle.net\battle.net.exe [14560] 1064,62 kb, rsAh, created: 10.12.2022 17:13:16, modified: 10.12.2022 17:13:16 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Battle·net	© 2012-2022 Blizzard Entertainment Inc.
49838	ESTABLISHED	24.105.29.76	443	c:\program files (x86)\battle.net\battle.net.exe [14560] 1064,62 kb, rsAh, created: 10.12.2022 17:13:16, modified: 10.12.2022 17:13:16 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Battle·net	© 2012-2022 Blizzard Entertainment Inc.
49839	ESTABLISHED	24.105.29.76	443	c:\program files (x86)\battle.net\battle.net.exe [14560] 1064,62 kb, rsAh, created: 10.12.2022 17:13:16, modified: 10.12.2022 17:13:16 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Battle·net	© 2012-2022 Blizzard Entertainment Inc.
49841	ESTABLISHED	24.105.29.76	443	c:\program files (x86)\battle.net\battle.net.exe [14560] 1064,62 kb, rsAh, created: 10.12.2022 17:13:16, modified: 10.12.2022 17:13:16 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Battle·net	© 2012-2022 Blizzard Entertainment Inc.
49842	CLOSE_WAIT	24.105.29.76	443	c:\program files (x86)\battle.net\battle.net.exe [14560] 1064,62 kb, rsAh, created: 10.12.2022 17:13:16, modified: 10.12.2022 17:13:16 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Battle·net	© 2012-2022 Blizzard Entertainment Inc.
49848	TIME_WAIT	20.42.65.85	443	[0]	x64
49849	TIME_WAIT	20.42.65.85	443	[0]	x64
49852	CLOSE_WAIT	37.244.28.187	443	c:\program files (x86)\battle.net\battle.net.exe [14560] 1064,62 kb, rsAh, created: 10.12.2022 17:13:16, modified: 10.12.2022 17:13:16 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Battle·net	© 2012-2022 Blizzard Entertainment Inc.
49858	TIME_WAIT	52.113.194.132	443	[0]	x64
49864	TIME_WAIT	52.113.194.132	443	[0]	x64
49865	TIME_WAIT	51.141.10.83	443	[0]	x64
49868	ESTABLISHED	13.69.48.193	443	c:\program files (x86)\microsoft\edgewebview\application\108.0.1462.46\msedgewebview2.exe [17584] 3336,41 kb, rsAh, created: 10.12.2022 14:55:58, modified: 08.12.2022 13:18:37 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.
49869	TIME_WAIT	40.68.77.210	443	[0]	x64
49875	TIME_WAIT	13.89.179.8	443	[0]	x64
49878	TIME_WAIT	20.150.43.132	443	[0]	x64
49884	TIME_WAIT	142.251.39.74	443	[0]	x64
49893	ESTABLISHED	155.133.226.78	27020	c:\program files (x86)\steam\steam.exe [16252] 4145,85 kb, rsAh, created: 22.03.2022 03:23:12, modified: 01.12.2022 23:46:38 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Steam	Copyright (C) 2021 Valve Corporation
49912	TIME_WAIT	142.251.39.48	443	[0]	x64
49917	TIME_WAIT	204.79.197.203	443	[0]	x64
49920	TIME_WAIT	13.107.21.200	443	[0]	x64
49924	TIME_WAIT	99.86.240.98	443	[0]	x64
49925	TIME_WAIT	20.82.210.154	443	[0]	x64
49928	TIME_WAIT	2.18.79.141	443	[0]	x64
49931	TIME_WAIT	2.18.79.144	443	[0]	x64
49936	TIME_WAIT	142.250.201.206	443	[0]	x64
49937	TIME_WAIT	149.154.167.99	443	[0]	x64
49938	TIME_WAIT	149.154.167.99	443	[0]	x64
49939	TIME_WAIT	13.69.109.131	443	[0]	x64
49940	TIME_WAIT	13.69.109.131	443	[0]	x64
49941	ESTABLISHED	149.154.167.99	443	c:\program files (x86)\google\chrome\application\chrome.exe [15420] 3060,27 kb, rsAh, created: 10.12.2022 16:16:10, modified: 07.12.2022 02:36:41 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2022 Google LLC. All rights reserved.
49945	TIME_WAIT	192.124.249.126	443	[0]	x64
49947	TIME_WAIT	142.251.208.170	443	[0]	x64
49948	TIME_WAIT	152.199.20.80	443	[0]	x64
49949	TIME_WAIT	152.199.20.80	443	[0]	x64
49952	TIME_WAIT	52.18.152.151	443	[0]	x64
49960	TIME_WAIT	161.35.212.100	443	[0]	x64
49967	TIME_WAIT	3.208.227.180	443	[0]	x64
49970	TIME_WAIT	204.79.197.239	443	[0]	x64
49971	TIME_WAIT	142.251.208.131	443	[0]	x64
49974	TIME_WAIT	10.0.0.138	52869	[0]	x64
49978	TIME_WAIT	10.0.0.138	52869	[0]	x64
49985	TIME_WAIT	10.0.0.138	52869	[0]	x64
49998	TIME_WAIT	10.0.0.138	52869	[0]	x64
50009	TIME_WAIT	13.107.21.239	443	[0]	x64
50011	ESTABLISHED	142.251.39.3	80	c:\program files\norton security\engine\22.20.5.40\nortonsecurity.exe [4908] 336,68 kb, RsAh, created: 11.12.2022 20:17:08, modified: 01.08.2020 17:34:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Norton Security	Copyright (c) 2020 Symantec Corporation. All rights reserved.
50012	ESTABLISHED	2.18.79.142	80	c:\program files\norton security\engine\22.20.5.40\nortonsecurity.exe [4908] 336,68 kb, RsAh, created: 11.12.2022 20:17:08, modified: 01.08.2020 17:34:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Norton Security	Copyright (c) 2020 Symantec Corporation. All rights reserved.
50015	ESTABLISHED	23.96.112.38	443	c:\program files\norton security\engine\22.20.5.40\nortonsecurity.exe [4908] 336,68 kb, RsAh, created: 11.12.2022 20:17:08, modified: 01.08.2020 17:34:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Norton Security	Copyright (c) 2020 Symantec Corporation. All rights reserved.
50016	ESTABLISHED	142.251.39.78	80	c:\program files\norton security\engine\22.20.5.40\nortonsecurity.exe [4908] 336,68 kb, RsAh, created: 11.12.2022 20:17:08, modified: 01.08.2020 17:34:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Norton Security	Copyright (c) 2020 Symantec Corporation. All rights reserved.
50017	TIME_WAIT	142.251.39.78	443	[0]	x64
50020	ESTABLISHED	2.18.36.120	80	c:\program files\norton security\engine\22.20.5.40\nortonsecurity.exe [4908] 336,68 kb, RsAh, created: 11.12.2022 20:17:08, modified: 01.08.2020 17:34:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Norton Security	Copyright (c) 2020 Symantec Corporation. All rights reserved.
50021	TIME_WAIT	104.16.248.249	443	[0]	x64
50022	TIME_WAIT	104.16.248.249	443	[0]	x64
50075	ESTABLISHED	13.90.213.204	80	c:\program files\speccy\speccy64.exe [20436] 7459,09 kb, rsAh, created: 14.06.2022 07:51:48, modified: 14.06.2022 07:51:48 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Speccy	Copyright Piriform 2005-2020
50086	ESTABLISHED	10.0.0.214	8008	c:\program files (x86)\microsoft\edge\application\msedge.exe [14404] 3786,41 kb, rsAh, created: 05.08.2021 23:41:46, modified: 08.12.2022 13:19:52 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.
50087	ESTABLISHED	10.0.0.214	8008	c:\program files (x86)\google\chrome\application\chrome.exe [15420] 3060,27 kb, rsAh, created: 10.12.2022 16:16:10, modified: 07.12.2022 02:36:41 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2022 Google LLC. All rights reserved.
50096	ESTABLISHED	142.251.208.170	443	c:\program files (x86)\google\chrome\application\chrome.exe [15420] 3060,27 kb, rsAh, created: 10.12.2022 16:16:10, modified: 07.12.2022 02:36:41 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2022 Google LLC. All rights reserved.
50099	TIME_WAIT	204.79.197.203	443	[0]	x64
50101	TIME_WAIT	204.79.197.203	443	[0]	x64
50102	TIME_WAIT	204.79.197.203	443	[0]	x64
50104	TIME_WAIT	13.107.21.200	443	[0]	x64
50105	TIME_WAIT	2.18.79.135	443	[0]	x64
50108	ESTABLISHED	204.79.197.239	443	c:\program files (x86)\microsoft\edge\application\msedge.exe [14404] 3786,41 kb, rsAh, created: 05.08.2021 23:41:46, modified: 08.12.2022 13:19:52 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.
50109	TIME_WAIT	20.190.159.29	443	[0]	x64
50119	ESTABLISHED	2.23.97.10	443	c:\program files (x86)\steam\steam.exe [16252] 4145,85 kb, rsAh, created: 22.03.2022 03:23:12, modified: 01.12.2022 23:46:38 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Steam	Copyright (C) 2021 Valve Corporation
50120	ESTABLISHED	13.89.179.8	443	c:\users\fbird\appdata\local\microsoft\onedrive\onedrive.exe [14924] 2564,92 kb, rsAh, created: 10.12.2022 14:58:17, modified: 11.12.2022 15:58:08 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft OneDrive	© Microsoft Corporation. All rights reserved.
50122	ESTABLISHED	40.68.77.210	443	c:\program files (x86)\microsoft\edgewebview\application\108.0.1462.46\msedgewebview2.exe [17584] 3336,41 kb, rsAh, created: 10.12.2022 14:55:58, modified: 08.12.2022 13:18:37 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.
50123	ESTABLISHED	13.69.48.193	443	c:\program files (x86)\microsoft\edgewebview\application\108.0.1462.46\msedgewebview2.exe [17584] 3336,41 kb, rsAh, created: 10.12.2022 14:55:58, modified: 08.12.2022 13:18:37 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge WebView2	Copyright Microsoft Corporation. All rights reserved.
50126	TIME_WAIT	52.137.110.235	443	[0]	x64
50128	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50129	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50130	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50131	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50132	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50133	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50134	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50135	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50136	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50137	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50138	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50139	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50140	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50141	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50142	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50143	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50144	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50145	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50146	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50147	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50148	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50149	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50150	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50151	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50152	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50153	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50154	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50155	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50156	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50157	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50158	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50159	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50160	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50161	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50162	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50163	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50164	ESTABLISHED	23.64.53.158	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50165	ESTABLISHED	51.104.167.186	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50166	ESTABLISHED	51.104.167.48	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50167	ESTABLISHED	20.191.46.109	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
50168	ESTABLISHED	20.191.46.211	443	C:\Users\fbird\AppData\Local\Temp\nslxj3au.ytr\GetSystemInfoDllCache\avz\avz.exe [1272] 8924,64 kb, rsAh, created: 11.12.2022 20:25:13, modified: 18.10.2022 08:38:44 Script: Quarantine, Delete, Delete via BC, Terminate	x64
1042	ESTABLISHED	127.0.0.1	49690	c:\program files (x86)\asus\armourydevice\asus_framework.exe [7472] 43836,43 kb, rsAh, created: 10.12.2022 16:33:25, modified: 04.11.2022 09:02:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ASUS NodeJS Web Framework	Copyright Node.js contributors. MIT license.
1042	ESTABLISHED	127.0.0.1	49698	c:\program files (x86)\asus\armourydevice\asus_framework.exe [7472] 43836,43 kb, rsAh, created: 10.12.2022 16:33:25, modified: 04.11.2022 09:02:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ASUS NodeJS Web Framework	Copyright Node.js contributors. MIT license.
1042	ESTABLISHED	127.0.0.1	49821	c:\program files (x86)\asus\armourydevice\asus_framework.exe [7472] 43836,43 kb, rsAh, created: 10.12.2022 16:33:25, modified: 04.11.2022 09:02:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ASUS NodeJS Web Framework	Copyright Node.js contributors. MIT license.
1120	LISTENING	0.0.0.0	0	c:\programdata\battle.net\agent\agent.8067\agent.exe [16440] 5422,12 kb, rsAh, created: 10.12.2022 17:12:58, modified: 10.12.2022 17:12:59 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Battle.net Update Agent	© 2010-2022 Blizzard Entertainment Inc.
1120	TIME_WAIT	127.0.0.1	49944	[0]	x64
1120	TIME_WAIT	127.0.0.1	49946	[0]	x64
1120	TIME_WAIT	127.0.0.1	49950	[0]	x64
1120	TIME_WAIT	127.0.0.1	49954	[0]	x64
1120	TIME_WAIT	127.0.0.1	49962	[0]	x64
1120	TIME_WAIT	127.0.0.1	49966	[0]	x64
1120	TIME_WAIT	127.0.0.1	49968	[0]	x64
1120	TIME_WAIT	127.0.0.1	49969	[0]	x64
1120	TIME_WAIT	127.0.0.1	49990	[0]	x64
1120	TIME_WAIT	127.0.0.1	49992	[0]	x64
1120	TIME_WAIT	127.0.0.1	49993	[0]	x64
1120	TIME_WAIT	127.0.0.1	49994	[0]	x64
1120	TIME_WAIT	127.0.0.1	50010	[0]	x64
1120	TIME_WAIT	127.0.0.1	50018	[0]	x64
1120	TIME_WAIT	127.0.0.1	50033	[0]	x64
1120	TIME_WAIT	127.0.0.1	50054	[0]	x64
1120	TIME_WAIT	127.0.0.1	50072	[0]	x64
1120	TIME_WAIT	127.0.0.1	50076	[0]	x64
1120	TIME_WAIT	127.0.0.1	50077	[0]	x64
1120	TIME_WAIT	127.0.0.1	50078	[0]	x64
1120	TIME_WAIT	127.0.0.1	50079	[0]	x64
1120	TIME_WAIT	127.0.0.1	50080	[0]	x64
1120	TIME_WAIT	127.0.0.1	50081	[0]	x64
1120	TIME_WAIT	127.0.0.1	50082	[0]	x64
1120	TIME_WAIT	127.0.0.1	50088	[0]	x64
1120	TIME_WAIT	127.0.0.1	50089	[0]	x64
1120	TIME_WAIT	127.0.0.1	50095	[0]	x64
1120	TIME_WAIT	127.0.0.1	50106	[0]	x64
1120	TIME_WAIT	127.0.0.1	50112	[0]	x64
1120	TIME_WAIT	127.0.0.1	50113	[0]	x64
1120	TIME_WAIT	127.0.0.1	50114	[0]	x64
1120	TIME_WAIT	127.0.0.1	50115	[0]	x64
1120	TIME_WAIT	127.0.0.1	50116	[0]	x64
1120	TIME_WAIT	127.0.0.1	50117	[0]	x64
1120	TIME_WAIT	127.0.0.1	50118	[0]	x64
1120	TIME_WAIT	127.0.0.1	50121	[0]	x64
1120	TIME_WAIT	127.0.0.1	50124	[0]	x64
1120	TIME_WAIT	127.0.0.1	50125	[0]	x64
1120	TIME_WAIT	127.0.0.1	50127	[0]	x64
1120	TIME_WAIT	127.0.0.1	50169	[0]	x64
1120	TIME_WAIT	127.0.0.1	50173	[0]	x64
1120	TIME_WAIT	127.0.0.1	50176	[0]	x64
1120	TIME_WAIT	127.0.0.1	50177	[0]	x64
1120	TIME_WAIT	127.0.0.1	50178	[0]	x64
1120	TIME_WAIT	127.0.0.1	50179	[0]	x64
1120	TIME_WAIT	127.0.0.1	50180	[0]	x64
9012	ESTABLISHED	127.0.0.1	49670	c:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe [7300] 1816,35 kb, rsAh, created: 10.12.2022 16:33:55, modified: 17.10.2022 10:29:54 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ArmourySocketServer	Copyright (C) 2019
9013	ESTABLISHED	127.0.0.1	49823	c:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe [7300] 1816,35 kb, rsAh, created: 10.12.2022 16:33:55, modified: 17.10.2022 10:29:54 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ArmourySocketServer	Copyright (C) 2019
13010	LISTENING	0.0.0.0	0	c:\program files\asus\armoury crate lite service\armourycrate.service.exe [4704] 385,61 kb, rsAh, created: 27.09.2022 08:06:40, modified: 27.09.2022 08:06:40 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ARMOURY CRATE Service	©ASUSTeK Computer Inc.All rights reserved.
13030	LISTENING	0.0.0.0	0	c:\program files (x86)\asus\rog live service\rogliveservice.exe [4808] 6581,11 kb, rsAh, created: 21.09.2022 16:53:30, modified: 21.09.2022 16:53:30 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ROG Live Service	Copyright (C) 2019
13031	LISTENING	0.0.0.0	0	c:\program files\asus\armoury crate lite service\armourycrate.usersessionhelper.exe [6864] 220,61 kb, rsAh, created: 27.09.2022 08:06:46, modified: 27.09.2022 08:06:46 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ARMOURY CRATE User Session Helper	©ASUSTeK Computer Inc.All rights reserved.
13032	LISTENING	0.0.0.0	0	c:\program files\asus\armoury crate lite service\armourycrate.usersessionhelper.exe [6864] 220,61 kb, rsAh, created: 27.09.2022 08:06:46, modified: 27.09.2022 08:06:46 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ARMOURY CRATE User Session Helper	©ASUSTeK Computer Inc.All rights reserved.
17532	LISTENING	0.0.0.0	0	c:\program files\asus\armoury crate lite service\armourycrate.service.exe [4704] 385,61 kb, rsAh, created: 27.09.2022 08:06:40, modified: 27.09.2022 08:06:40 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ARMOURY CRATE Service	©ASUSTeK Computer Inc.All rights reserved.
17532	ESTABLISHED	127.0.0.1	49722	c:\program files\asus\armoury crate lite service\armourycrate.service.exe [4704] 385,61 kb, rsAh, created: 27.09.2022 08:06:40, modified: 27.09.2022 08:06:40 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ARMOURY CRATE Service	©ASUSTeK Computer Inc.All rights reserved.
17945	LISTENING	0.0.0.0	0	c:\program files\asus\armoury crate lite service\armourycrate.usersessionhelper.exe [6864] 220,61 kb, rsAh, created: 27.09.2022 08:06:46, modified: 27.09.2022 08:06:46 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ARMOURY CRATE User Session Helper	©ASUSTeK Computer Inc.All rights reserved.
22112	LISTENING	0.0.0.0	0	c:\program files (x86)\asus\rog live service\rogliveservice.exe [4808] 6581,11 kb, rsAh, created: 21.09.2022 16:53:30, modified: 21.09.2022 16:53:30 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ROG Live Service	Copyright (C) 2019
22885	LISTENING	0.0.0.0	0	c:\program files (x86)\battle.net\battle.net.exe [14560] 1064,62 kb, rsAh, created: 10.12.2022 17:13:16, modified: 10.12.2022 17:13:16 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Battle·net	© 2012-2022 Blizzard Entertainment Inc.
27060	LISTENING	0.0.0.0	0	c:\program files (x86)\steam\steam.exe [16252] 4145,85 kb, rsAh, created: 22.03.2022 03:23:12, modified: 01.12.2022 23:46:38 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Steam	Copyright (C) 2021 Valve Corporation
27339	LISTENING	0.0.0.0	0	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64
49670	ESTABLISHED	127.0.0.1	9012	c:\program files\asus\armoury crate lite service\armourycrate.usersessionhelper.exe [6864] 220,61 kb, rsAh, created: 27.09.2022 08:06:46, modified: 27.09.2022 08:06:46 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ARMOURY CRATE User Session Helper	©ASUSTeK Computer Inc.All rights reserved.
49690	ESTABLISHED	127.0.0.1	1042	c:\program files (x86)\asus\armourydevice\dll\acpowernotification\acpowernotification.exe [7224] 302,35 kb, rsAh, created: 10.12.2022 16:33:55, modified: 17.10.2022 10:27:08 Script: Quarantine, Delete, Delete via BC, Terminate	x64		AcPowerNotification	Copyright © 2020
49693	LISTENING	0.0.0.0	0	c:\program files (x86)\nvidia corporation\nvnode\nvidia web helper.exe [11072] 28757,05 kb, rsAh, created: 10.12.2022 16:48:06, modified: 13.10.2022 19:05:27 Script: Quarantine, Delete, Delete via BC, Terminate	x64		NVIDIA Web Helper Service	Copyright Node.js contributors. MIT license.
49693	TIME_WAIT	127.0.0.1	49697	[0]	x64
49693	TIME_WAIT	127.0.0.1	49710	[0]	x64
49693	TIME_WAIT	127.0.0.1	49712	[0]	x64
49693	TIME_WAIT	127.0.0.1	49713	[0]	x64
49693	TIME_WAIT	127.0.0.1	49715	[0]	x64
49693	ESTABLISHED	127.0.0.1	49716	c:\program files (x86)\nvidia corporation\nvnode\nvidia web helper.exe [11072] 28757,05 kb, rsAh, created: 10.12.2022 16:48:06, modified: 13.10.2022 19:05:27 Script: Quarantine, Delete, Delete via BC, Terminate	x64		NVIDIA Web Helper Service	Copyright Node.js contributors. MIT license.
49693	TIME_WAIT	127.0.0.1	49717	[0]	x64
49698	ESTABLISHED	127.0.0.1	1042	c:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe [7300] 1816,35 kb, rsAh, created: 10.12.2022 16:33:55, modified: 17.10.2022 10:29:54 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ArmourySocketServer	Copyright (C) 2019
49716	ESTABLISHED	127.0.0.1	49693	c:\program files\nvidia corporation\nvidia geforce experience\nvidia share.exe [4084] 3264,04 kb, rsAh, created: 10.12.2022 16:48:07, modified: 17.10.2022 07:53:39 Script: Quarantine, Delete, Delete via BC, Terminate	x64		NVIDIA Share	(C) 2017-2022 NVIDIA Corporation. All rights reserved.
49722	ESTABLISHED	127.0.0.1	17532	c:\program files\asus\armoury crate lite service\armourycrate.usersessionhelper.exe [6864] 220,61 kb, rsAh, created: 27.09.2022 08:06:46, modified: 27.09.2022 08:06:46 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ARMOURY CRATE User Session Helper	©ASUSTeK Computer Inc.All rights reserved.
49773	ESTABLISHED	127.0.0.1	49774	c:\program files (x86)\battle.net\battle.net.exe [14560] 1064,62 kb, rsAh, created: 10.12.2022 17:13:16, modified: 10.12.2022 17:13:16 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Battle·net	© 2012-2022 Blizzard Entertainment Inc.
49774	ESTABLISHED	127.0.0.1	49773	c:\program files (x86)\battle.net\battle.net.exe [14560] 1064,62 kb, rsAh, created: 10.12.2022 17:13:16, modified: 10.12.2022 17:13:16 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Battle·net	© 2012-2022 Blizzard Entertainment Inc.
49821	ESTABLISHED	127.0.0.1	1042	c:\program files (x86)\asus\armourydevice\asus_framework.exe [17676] 43836,43 kb, rsAh, created: 10.12.2022 16:33:25, modified: 04.11.2022 09:02:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ASUS NodeJS Web Framework	Copyright Node.js contributors. MIT license.
49823	ESTABLISHED	127.0.0.1	9013	c:\program files (x86)\asus\armourydevice\asus_framework.exe [17676] 43836,43 kb, rsAh, created: 10.12.2022 16:33:25, modified: 04.11.2022 09:02:14 Script: Quarantine, Delete, Delete via BC, Terminate	x64		ASUS NodeJS Web Framework	Copyright Node.js contributors. MIT license.
UDP ports
5353	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [15292] 3060,27 kb, rsAh, created: 10.12.2022 16:16:10, modified: 07.12.2022 02:36:41 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2022 Google LLC. All rights reserved.
5353	LISTENING	--	--	c:\program files (x86)\google\chrome\application\chrome.exe [15292] 3060,27 kb, rsAh, created: 10.12.2022 16:16:10, modified: 07.12.2022 02:36:41 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Google Chrome	Copyright 2022 Google LLC. All rights reserved.
5353	LISTENING	--	--	c:\program files (x86)\microsoft\edge\application\msedge.exe [15220] 3786,41 kb, rsAh, created: 05.08.2021 23:41:46, modified: 08.12.2022 13:19:52 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.
5353	LISTENING	--	--	c:\program files (x86)\microsoft\edge\application\msedge.exe [15220] 3786,41 kb, rsAh, created: 05.08.2021 23:41:46, modified: 08.12.2022 13:19:52 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Microsoft Edge	Copyright Microsoft Corporation. All rights reserved.
27036	LISTENING	--	--	c:\program files (x86)\steam\steam.exe [16252] 4145,85 kb, rsAh, created: 22.03.2022 03:23:12, modified: 01.12.2022 23:46:38 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Steam	Copyright (C) 2021 Valve Corporation
45769	LISTENING	--	--	c:\program files\daemon tools lite\discsoftbusservicelite.exe [17784] 4912,45 kb, rsAh, created: 11.12.2022 20:17:42, modified: 11.12.2022 20:17:43 Script: Quarantine, Delete, Delete via BC, Terminate	x64		Disc Soft Bus Service Lite	© 2000-2020 Disc Soft Ltd.
137	LISTENING	--	--	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64	Microsoft NET
138	LISTENING	--	--	System [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate	x64	Microsoft NET
10010	LISTENING	--	--	c:\program files (x86)\nvidia corporation\nvnode\nvidia web helper.exe [11072] 28757,05 kb, rsAh, created: 10.12.2022 16:48:06, modified: 13.10.2022 19:05:27 Script: Quarantine, Delete, Delete via BC, Terminate	x64		NVIDIA Web Helper Service	Copyright Node.js contributors. MIT license.
Items found - 272, recognized as trusted - 32

Downloaded Program Files (DPF)

File name	Redirector	Description	Manufacturer	CLSID	Source URL
Items found - 0, recognized as trusted - 0

Control Panel Applets (CPL)

File name	Redirector	Description	Manufacturer
Items found - 34, recognized as trusted - 34

Active Setup

File name	Redirector	Description	Manufacturer	CLSID
C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.121\Installer\chrmstp.exe error getting file info Script: Quarantine, Delete, Delete via BC	x32			{8A69D345-D564-463c-AFF1-A69D9E530F96} Delete
C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.121\Installer\chrmstp.exe error getting file info Script: Quarantine, Delete, Delete via BC	x32			{8A69D345-D564-463c-AFF1-A69D9E530F96} Delete
C:\Program Files (x86)\Google\Chrome\Application\108.0.5359.99\Installer\chrmstp.exe 4113,27 kb, rsAh, created: 10.12.2022 16:27:45, modified: 10.12.2022 16:27:38 Script: Quarantine, Delete, Delete via BC	x64	Google Chrome Installer	Copyright 2022 Google LLC. All rights reserved.	{8A69D345-D564-463c-AFF1-A69D9E530F96} Delete
C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.46\Installer\setup.exe 3288,91 kb, rsAh, created: 10.12.2022 14:55:58, modified: 10.12.2022 14:55:51 Script: Quarantine, Delete, Delete via BC	x64	Microsoft Edge Installer	Copyright Microsoft Corporation. All rights reserved.	{9459C573-B17A-45AE-9F64-1857B5D58CEE} Delete
C:\Program Files (x86)\Google\Chrome\Application\108.0.5359.99\Installer\chrmstp.exe 4113,27 kb, rsAh, created: 10.12.2022 16:27:45, modified: 10.12.2022 16:27:38 Script: Quarantine, Delete, Delete via BC	x64	Google Chrome Installer	Copyright 2022 Google LLC. All rights reserved.	{8A69D345-D564-463c-AFF1-A69D9E530F96} Delete
C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.46\Installer\setup.exe 3288,91 kb, rsAh, created: 10.12.2022 14:55:58, modified: 10.12.2022 14:55:51 Script: Quarantine, Delete, Delete via BC	x64	Microsoft Edge Installer	Copyright Microsoft Corporation. All rights reserved.	{9459C573-B17A-45AE-9F64-1857B5D58CEE} Delete
Items found - 24, recognized as trusted - 18

HOSTS file

Hosts file record

Protocols and handlers

File name	Redirector	Type	Description	Manufacturer	CLSID
Items found - 38, recognized as trusted - 38

Shared resources

Network name	Path	Notes
IPC$		Remote-IPC
ADMIN$	C:\WINDOWS	Remoteverwaltung
D$	D:\	Standardfreigabe
C$	C:\	Standardfreigabe

Background Intelligent Transfer Service (BITS) Jobs

BITS Job ID	Job name	Status	Source URL or file name	Destination file name	Notification program
{7051596F-E1CC-44E9-A756-8EBB21D4DAA1}	Edge Component Updater	TRANSFERRED	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/c78f9967-7a8c-44b0-ad94-732b63c89638?P1=1671138538&P2=404&P3=2&P4=A%2f%2bb2O2VaoO%2b7dW7zoWNEO9oFYl4kTAykPWQ7yowEPrzhwIaMfbcebo%2b5x%2fHSTdzFtcKRxwtFTaMb%2fx1gmgwYg%3d%3d	C:\Users\fbird\AppData\Local\Temp\edge_BITS_1856_1398478670\c78f9967-7a8c-44b0-ad94-732b63c89638
{A71C020E-02F8-41D1-B267-A89C7C831A72}	Edge Component Updater	TRANSFERRED	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/b22f5f18-f7ea-4290-929d-b13c03908334?P1=1671137397&P2=404&P3=2&P4=GX0AD%2fhWtSsMNy52S80uuPPIW8NiD4gZCOd7wEFqqGJIL1weBxFsRsHAFIOS8raM0zyHrpAn5EsVCxwH%2fhInuA%3d%3d	C:\Users\fbird\AppData\Local\Temp\edge_BITS_18660_629835623\b22f5f18-f7ea-4290-929d-b13c03908334
{703AD412-826B-4714-A9E5-99D42A5FD192}	Edge Component Updater	TRANSFERRED	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/f08b21db-8a96-416f-86dc-4301cb9925a1?P1=1671140866&P2=404&P3=2&P4=iSNaSkvn3R%2fJ59Hxk4AouLT2bnLzrw4zVldTCtlMczsMgePSLjIsKaN4wIQiNqUEUkO5eJ6EFu9zA8p8YPrVWQ%3d%3d	C:\Users\fbird\AppData\Local\Temp\edge_BITS_8412_707652845\f08b21db-8a96-416f-86dc-4301cb9925a1

Suspicious objects

File

Redirector

Description

Type

Attention !!! Database was last updated 06.10.2022 it is necessary to update the database (via File - Database update)
AVZ Toolkit log; AVZ version is 5.63 private build [06.10.2022 18:46:05]
Scanning started at 11.12.2022 20:25:17
Database loaded: signatures - 9995, NN profile(s) - 2, malware removal microprograms - 23, signature database released 06.10.2022 16:00
Heuristic microprograms loaded: 417
PVS microprograms loaded: 10
Digital signatures of system files loaded: 638405
Heuristic analyzer mode: Maximum heuristics mode
Malware removal mode: disabled
Windows version is: 10.0.22621,  "Windows 10 Pro" (Windows 10 Pro) x64, install date 11.12.2022 19:54:34 ; AVZ is run with administrator rights (+)
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .rdata
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
2. Scanning RAM
 Number of processes found: 211
Extended process analysis: 2388 C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe
[ES]:Application has no visible windows
Extended process analysis: 3164 C:\Program Files (x86)\ASUS\AXSP\4.02.15\atkexComSvc.exe
[ES]:Application has no visible windows
Extended process analysis: 4832 C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
Extended process analysis: 7224 C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
Extended process analysis: 7456 C:\Program Files\ASUS\AacExtCard\extensionCardHal_x86.exe
[ES]:Application has no visible windows
Extended process analysis: 11236 C:\Program Files\ASUS\KINGSTON_Aac_DRAM\AacKingstonDramHal_x86.exe
[ES]:Application has no visible windows
Extended process analysis: 11620 C:\Program Files\ASUS\AacMB\Aac3572MbHal_x86.exe
[ES]:Application has no visible windows
Extended process analysis: 8836 C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe
[ES]:Application has no visible windows
Extended process analysis: 14168 C:\Program Files\ASUS\AacMB\Aac3572MbHal_x86.exe
[ES]:Application has no visible windows
 Number of modules loaded: 406
Scanning RAM - complete
3. Scanning disks
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
 Checking - disabled by user
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Remotedesktopdienste)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
>> Windows Explorer - show extensions of known file types
Checking - complete
9. Troubleshooting wizard
 >>  HDD autorun is allowed
 >>  Network drives autorun is allowed
 >>  Removable media autorun is allowed
Checking - complete
Files scanned: 617, extracted from archives: 0, malicious software found 0, suspicions - 0
Scanning finished at 11.12.2022 20:25:48
Time of scanning: 00:00:32
System Analysis in progress
Network diagnostics
 DNS and Ping test
  Host="yandex.ru", IP="77.88.55.88,5.255.255.70,77.88.55.60,5.255.255.77", Ping=OK (0,59,77.88.55.88)
  Host="google.ru", IP="142.251.39.3", Ping=OK (0,9,142.251.39.3)
  Host="google.com", IP="142.250.201.206", Ping=OK (0,9,142.250.201.206)
  Host="www.kaspersky.com", IP="185.85.15.46", Ping=OK (0,102,185.85.15.46)
  Host="www.kaspersky.ru", IP="77.74.178.40", Ping=OK (0,44,77.74.178.40)
  Host="dnl-03.geo.kaspersky.com", IP="195.27.253.5", Ping=OK (0,38,195.27.253.5)
  Host="dnl-11.geo.kaspersky.com", IP="81.19.104.79", Ping=OK (0,16,81.19.104.79)
  Host="activation-v2.kaspersky.com", IP="195.27.252.50", Ping=Error (11010,0,0.0.0.0)
  Host="odnoklassniki.ru", IP="5.61.23.11,217.20.147.1,217.20.155.13", Ping=OK (0,76,5.61.23.11)
  Host="vk.com", IP="87.240.132.67,93.186.225.194,87.240.129.133,87.240.132.78,87.240.132.72,...", Ping=OK (0,41,87.240.132.67)
  Host="vkontakte.ru", IP="87.240.132.67,87.240.132.78,87.240.129.133,93.186.225.194,87.240.137.164,...", Ping=OK (0,42,87.240.132.67)
  Host="twitter.com", IP="104.244.42.193", Ping=OK (0,17,104.244.42.193)
  Host="facebook.com", IP="31.13.84.36", Ping=OK (0,5,31.13.84.36)
  Host="ru-ru.facebook.com", IP="31.13.84.8", Ping=OK (0,29,31.13.84.8)
 Network IE settings
  IE setting AutoConfigURL=
  IE setting AutoConfigProxy=
  IE setting ProxyOverride=
  IE setting ProxyServer=
  IE setting Internet\ManualProxies=
 Network TCP/IP settings
  Interface: "WLAN"
   IPAddress = "10.0.0.235"
   DHCPIPAddress = "10.0.0.235"
   SubnetMask = "255.255.255.0"
   DHCPSubnetMask = "255.255.255.0"
   DefaultGateway = ""
   NameServer = ""
   Domain = ""
   DhcpServer = "10.0.0.138"
 Network Persistent Routes

System Analysis - complete
Script commands Add commands to script:

Additional operations:

File list