Start:: SystemRestore: On CreateRestorePoint: CloseProcesses: HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1 C:\Users\diego\AppData\Roaming\Mozilla\Firefox\Profiles\vae7yv4k.default-release\Extensions\browsec@browsec.com.xpi 2026-06-23 22:35 - 2026-06-23 22:35 - 000000000 ____D C:\Users\diego\AppData\Roaming\RenPy PowerShell: Remove-MpPreference -ExclusionPath "C:\Games" PowerShell: Remove-MpPreference -ExclusionPath "D:\Games" PowerShell: Remove-MpPreference -ExclusionPath "C:\Windows\SystemTemp\JackettUpdate-v0.24.504-639020239082305230" PowerShell: Remove-MpPreference -ExclusionPath "C:\Windows\SystemTemp\JackettUpdate-v0.24.790-639035944633084627" PowerShell: Remove-MpPreference -ExclusionPath "C:\Windows\SystemTemp" PowerShell: Remove-MpPreference -ExclusionPath "C:\ProgramData\Jackett" Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File) Task: {0BB36A32-0D9E-4297-AFD7-6BD7B5DB4C9B} - System32\Tasks\Microsoft\Windows\UNP\RunUpdateNotificationMgr => %windir%\System32\UNP\UpdateNotificationMgr.exe (No File) Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File) S2 NativePushService; "C:\Users\diego\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe" (No File) CustomCLSID: HKU\S-1-5-21-3942013402-3740469761-1670386497-1001_Classes\CLSID\{0e065295-40e5-fbff-a113-a775a5c84d70}\localserver32 -> "C:\Program Files (x86)\Steam\steamapps\common\DSX\Main\DSX.exe" -ToastActivated => No File CustomCLSID: HKU\S-1-5-21-3942013402-3740469761-1670386497-1001_Classes\CLSID\{13be76c7-b3a6-9374-07a3-7b0ab4fc62fb}\localserver32 -> "C:\Users\diego\Downloads\Text-Grab-Self-Contained-2024-03-03\Text-Grab-Self-Contained\Text-Grab.exe" -ToastActivated => No File CustomCLSID: HKU\S-1-5-21-3942013402-3740469761-1670386497-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> "C:\Users\diego\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe" -ToastActivated => No File CustomCLSID: HKU\S-1-5-21-3942013402-3740469761-1670386497-1001_Classes\CLSID\{c0f42af5-855f-f8f2-3cc9-c23f54cf00ec}\localserver32 -> "C:\Program Files\Nefarius Software Solutions\Nefarius VirtualPad Driver Runtime\NefariusVirtualPadDriverNotifications.exe" -ToastActivated => No File CustomCLSID: HKU\S-1-5-21-3942013402-3740469761-1670386497-1001_Classes\CLSID\{ecfe587a-46b2-f985-810a-6cedfc2da168}\localserver32 -> "C:\Users\diego\Downloads\DSX\Main\DSX.exe" -ToastActivated => No File ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> No File ContextMenuHandlers3: [HashCheck Shell Extension] -> {705977C7-86CB-4743-BFAF-6908BD19B7B0} => C:\Windows\system32\ShellExt\HashCheck.dll -> No File ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> No File ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> No File AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\NotAllowedUnattendedBugReports:5E1E912DBE [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\NotAllowedUnattendedBugReports:AC55BD64A0 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative App.lnk:C1E221B7EC [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navegación privada con Firefox.lnk:B9E392F4E7 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk:1DC1525F34 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RGBFusion.lnk:3BC5874B9C [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RGBFusion.lnk:F3508893EB [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk:7AD7FA8AB1 [3442] AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [6596] AlternateDataStreams: C:\Users\Public\Documents\install-log-admin.txt:20FCFC4171 [3442] FirewallRules: [UDP Query User{37739869-06AD-41A0-AFAB-F3802B959A0F}C:\program files (x86)\dodi-repacks\dragon ball fighterz\red\binaries\win64\red-win64-shipping.exe] => (Block) C:\program files (x86)\dodi-repacks\dragon ball fighterz\red\binaries\win64\red-win64-shipping.exe => No File FirewallRules: [TCP Query User{0CE914EF-A712-4F3D-89EA-D56B1443B5CD}C:\program files (x86)\dodi-repacks\dragon ball fighterz\red\binaries\win64\red-win64-shipping.exe] => (Block) C:\program files (x86)\dodi-repacks\dragon ball fighterz\red\binaries\win64\red-win64-shipping.exe => No File FirewallRules: [UDP Query User{97529252-3F48-4934-966A-AFFBE0FAFD26}D:\games\sonicracingcrossworlds\union\binaries\win64\sonicracingcrossworldssteam.exe] => (Block) D:\games\sonicracingcrossworlds\union\binaries\win64\sonicracingcrossworldssteam.exe => No File FirewallRules: [TCP Query User{EDF59BA6-154C-4168-8740-DFD0689672BC}D:\games\sonicracingcrossworlds\union\binaries\win64\sonicracingcrossworldssteam.exe] => (Block) D:\games\sonicracingcrossworlds\union\binaries\win64\sonicracingcrossworldssteam.exe => No File FirewallRules: [UDP Query User{CE47FC66-1AA3-4C87-A79D-DD6A9199AF72}C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.258.0_x64__2p2nqsd0c76g0\app\chatgpt.exe] => (Allow) C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.258.0_x64__2p2nqsd0c76g0\app\chatgpt.exe => No File FirewallRules: [TCP Query User{3CEB33D4-FB02-4F4D-A43A-D34667D6E8D9}C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.258.0_x64__2p2nqsd0c76g0\app\chatgpt.exe] => (Allow) C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.258.0_x64__2p2nqsd0c76g0\app\chatgpt.exe => No File FirewallRules: [UDP Query User{ADA98E11-AD53-4DF3-BB89-7044D0ACB661}C:\games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File FirewallRules: [TCP Query User{D724F169-7A51-4664-BDA0-B4BC48124A26}C:\games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File FirewallRules: [UDP Query User{38290A4A-3463-4318-8C12-801E511FC7AE}D:\games\keeper\keeper\binaries\win64\keeper-win64-shipping.exe] => (Block) D:\games\keeper\keeper\binaries\win64\keeper-win64-shipping.exe => No File FirewallRules: [TCP Query User{A2799249-D57D-4277-8DDE-504702AA727E}D:\games\keeper\keeper\binaries\win64\keeper-win64-shipping.exe] => (Block) D:\games\keeper\keeper\binaries\win64\keeper-win64-shipping.exe => No File FirewallRules: [UDP Query User{05D43AD7-CC2D-4150-AD3C-BBF8B91BB045}D:\games\mafia the old countryy\mafiatheoldcountry\binaries\win64\mafiatheoldcountry.exe] => (Block) D:\games\mafia the old countryy\mafiatheoldcountry\binaries\win64\mafiatheoldcountry.exe => No File FirewallRules: [TCP Query User{7448DDFC-3C1B-495D-804B-23AEAA6A592E}D:\games\mafia the old countryy\mafiatheoldcountry\binaries\win64\mafiatheoldcountry.exe] => (Block) D:\games\mafia the old countryy\mafiatheoldcountry\binaries\win64\mafiatheoldcountry.exe => No File FirewallRules: [UDP Query User{153389EA-D0DF-495D-A73E-859E663213BB}D:\games\mafia the old country\mafiatheoldcountry\binaries\win64\mafiatheoldcountry.exe] => (Block) D:\games\mafia the old country\mafiatheoldcountry\binaries\win64\mafiatheoldcountry.exe => No File FirewallRules: [TCP Query User{5EF99205-E0EF-462A-A98E-8BEE5EB907A5}D:\games\mafia the old country\mafiatheoldcountry\binaries\win64\mafiatheoldcountry.exe] => (Block) D:\games\mafia the old country\mafiatheoldcountry\binaries\win64\mafiatheoldcountry.exe => No File FirewallRules: [UDP Query User{6B7AC087-FB2C-4C29-857C-E40F0BA9FE9E}D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File FirewallRules: [TCP Query User{1B20CAAE-4D9A-4350-BB9B-DFB6AACB8953}D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File FirewallRules: [UDP Query User{2FBE7AE3-A9CD-4D20-B740-D06599001E4F}D:\alice\american mcgee's alice\data\alice.exe] => (Block) D:\alice\american mcgee's alice\data\alice.exe => No File FirewallRules: [TCP Query User{6EB881EB-9F1E-4C37-BDC5-B84FB265DA92}D:\alice\american mcgee's alice\data\alice.exe] => (Block) D:\alice\american mcgee's alice\data\alice.exe => No File FirewallRules: [UDP Query User{5A82ACEB-A068-4B7B-BEC4-F2A5E753F98B}C:\games\assassin's creed shadows\acshadows.exe] => (Allow) C:\games\assassin's creed shadows\acshadows.exe => No File FirewallRules: [TCP Query User{D5337A92-BD49-475D-8D79-C09201DE3D96}C:\games\assassin's creed shadows\acshadows.exe] => (Allow) C:\games\assassin's creed shadows\acshadows.exe => No File FirewallRules: [UDP Query User{F1611A47-0C0F-4289-A9A8-7B53C6BE6E1D}C:\games\grand theft auto v enhanced\gta5_enhanced.exe] => (Block) C:\games\grand theft auto v enhanced\gta5_enhanced.exe => No File FirewallRules: [TCP Query User{D1DCBE26-7257-437F-8958-1A6E2082C2F1}C:\games\grand theft auto v enhanced\gta5_enhanced.exe] => (Block) C:\games\grand theft auto v enhanced\gta5_enhanced.exe => No File FirewallRules: [{283F973E-3A3B-471A-B246-6DDBB2527317}] => (Allow) C:\Program Files\Ablaze Floorp\floorp.exe => No File FirewallRules: [UDP Query User{3D29D794-C04B-45DF-B30C-5763D94A6CB1}C:\users\diego\downloads\anydesk.exe] => (Allow) C:\users\diego\downloads\anydesk.exe => No File FirewallRules: [TCP Query User{129A386E-5078-47DD-950B-38F7FD229136}C:\users\diego\downloads\anydesk.exe] => (Allow) C:\users\diego\downloads\anydesk.exe => No File FirewallRules: [UDP Query User{E5763629-17C9-4E4E-B751-7A56C3EAAB6C}C:\users\diego\downloads\pummel party\pummel party\pummelparty.exe] => (Allow) C:\users\diego\downloads\pummel party\pummel party\pummelparty.exe => No File FirewallRules: [TCP Query User{22623F4F-749D-42E6-BDEA-C3335DA455E9}C:\users\diego\downloads\pummel party\pummel party\pummelparty.exe] => (Allow) C:\users\diego\downloads\pummel party\pummel party\pummelparty.exe => No File FirewallRules: [UDP Query User{5E28692E-0D07-44E1-9A06-63ED4273EC73}C:\games\lifeisstrangedoubleexposure\chronos\binaries\win64\chronos-win64-shipping.exe] => (Allow) C:\games\lifeisstrangedoubleexposure\chronos\binaries\win64\chronos-win64-shipping.exe => No File FirewallRules: [TCP Query User{A396A746-996F-4E13-8707-1B36B805B7EF}C:\games\lifeisstrangedoubleexposure\chronos\binaries\win64\chronos-win64-shipping.exe] => (Allow) C:\games\lifeisstrangedoubleexposure\chronos\binaries\win64\chronos-win64-shipping.exe => No File FirewallRules: [UDP Query User{21099F56-480E-4720-8B4E-DEFC60C5FF69}C:\users\diego\downloads\d.h.s.z.ue.v2007.006.003.004.003.b16752936-gdz\game\dragon ball sparking! zero\sparkingzero\binaries\win64\sparkingzero-win64-shipping.exe] => (Allow) C:\users\diego\downloads\d.h.s.z.ue.v2007.006.003.004.003.b16752936-gdz\game\dragon ball sparking! zero\sparkingzero\binaries\win64\sparkingzero-win64-shipping.exe => No File FirewallRules: [TCP Query User{4B0600A4-E829-431C-83C8-318D68D96FCA}C:\users\diego\downloads\d.h.s.z.ue.v2007.006.003.004.003.b16752936-gdz\game\dragon ball sparking! zero\sparkingzero\binaries\win64\sparkingzero-win64-shipping.exe] => (Allow) C:\users\diego\downloads\d.h.s.z.ue.v2007.006.003.004.003.b16752936-gdz\game\dragon ball sparking! zero\sparkingzero\binaries\win64\sparkingzero-win64-shipping.exe => No File FirewallRules: [UDP Query User{49E57690-CADF-4A2C-9FF9-72EBF07824C0}C:\users\diego\downloads\platform-tools-latest-windows\platform-tools\adb.exe] => (Allow) C:\users\diego\downloads\platform-tools-latest-windows\platform-tools\adb.exe => No File FirewallRules: [TCP Query User{857ECFC0-B9F4-4216-A497-44A77A050A8D}C:\users\diego\downloads\platform-tools-latest-windows\platform-tools\adb.exe] => (Allow) C:\users\diego\downloads\platform-tools-latest-windows\platform-tools\adb.exe => No File FirewallRules: [UDP Query User{1C4C61FD-6B52-4405-9BF2-D53FAB9A5FE8}C:\games\gta san andreas definitive edition\gameface\binaries\win64\sanandreas.exe] => (Block) C:\games\gta san andreas definitive edition\gameface\binaries\win64\sanandreas.exe => No File FirewallRules: [TCP Query User{29E06DDB-5CB8-4AFD-B67E-75B1E7E37054}C:\games\gta san andreas definitive edition\gameface\binaries\win64\sanandreas.exe] => (Block) C:\games\gta san andreas definitive edition\gameface\binaries\win64\sanandreas.exe => No File FirewallRules: [UDP Query User{AC09147D-6B05-4D59-A50D-3508F5A83CB1}C:\games\gta vice city definitive edition\gameface\binaries\win64\vicecity.exe] => (Block) C:\games\gta vice city definitive edition\gameface\binaries\win64\vicecity.exe => No File FirewallRules: [TCP Query User{A907AA4D-F7EE-40C3-90C4-0C48E2C4E9A4}C:\games\gta vice city definitive edition\gameface\binaries\win64\vicecity.exe] => (Block) C:\games\gta vice city definitive edition\gameface\binaries\win64\vicecity.exe => No File FirewallRules: [UDP Query User{554C3E49-28C8-46A8-81A7-B33D02744948}C:\games\gta iii definitive edition\gameface\binaries\win64\libertycity.exe] => (Block) C:\games\gta iii definitive edition\gameface\binaries\win64\libertycity.exe => No File FirewallRules: [TCP Query User{D45CE5BA-78BA-4950-92E7-4C31718AD0D2}C:\games\gta iii definitive edition\gameface\binaries\win64\libertycity.exe] => (Block) C:\games\gta iii definitive edition\gameface\binaries\win64\libertycity.exe => No File FirewallRules: [UDP Query User{494AC611-ADD5-4FB0-BA60-A6CB23E873F8}C:\xboxgames\call of duty\content\sp24\sp24-cod.exe] => (Allow) C:\xboxgames\call of duty\content\sp24\sp24-cod.exe => No File FirewallRules: [TCP Query User{8751167A-8E2A-46B4-9A26-C9467AB08009}C:\xboxgames\call of duty\content\sp24\sp24-cod.exe] => (Allow) C:\xboxgames\call of duty\content\sp24\sp24-cod.exe => No File FirewallRules: [UDP Query User{D8F3B155-3BB7-42A1-BD87-C144E6ED673C}C:\games\god of war ragnarok\gowr.exe] => (Allow) C:\games\god of war ragnarok\gowr.exe => No File FirewallRules: [TCP Query User{9AA65343-F88B-4973-85B7-CA73660A61E4}C:\games\god of war ragnarok\gowr.exe] => (Allow) C:\games\god of war ragnarok\gowr.exe => No File FirewallRules: [UDP Query User{17464671-B858-4385-B4CF-1CEF9B5585CD}C:\program files (x86)\steam\steamapps\common\dsx\main\dsx.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dsx\main\dsx.exe => No File FirewallRules: [TCP Query User{7C65264E-D5EA-43D0-8342-B221982BACE3}C:\program files (x86)\steam\steamapps\common\dsx\main\dsx.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dsx\main\dsx.exe => No File FirewallRules: [UDP Query User{75D982DC-B598-40C0-A7E9-E60FAC86AD25}C:\xboxgames\the gunk\content\dust\binaries\wingdk\dust-wingdk-shipping.exe] => (Allow) C:\xboxgames\the gunk\content\dust\binaries\wingdk\dust-wingdk-shipping.exe => No File FirewallRules: [TCP Query User{7DFDE4DC-D636-4438-9CE8-5B384BDD180C}C:\xboxgames\the gunk\content\dust\binaries\wingdk\dust-wingdk-shipping.exe] => (Allow) C:\xboxgames\the gunk\content\dust\binaries\wingdk\dust-wingdk-shipping.exe => No File FirewallRules: [UDP Query User{DBDA5D91-93C4-4F58-95F9-C47F0DC7EE4D}C:\xboxgames\call of duty\content\cod.exe] => (Allow) C:\xboxgames\call of duty\content\cod.exe => No File FirewallRules: [TCP Query User{BA4107C3-4A10-4D30-9589-6ADCBE56EF5F}C:\xboxgames\call of duty\content\cod.exe] => (Allow) C:\xboxgames\call of duty\content\cod.exe => No File FirewallRules: [UDP Query User{C08845CF-9614-41E0-BF6A-DC2B12FB5988}C:\xboxgames\quake\content\bastet_winstore.exe] => (Allow) C:\xboxgames\quake\content\bastet_winstore.exe => No File FirewallRules: [TCP Query User{ABAC5C16-E3FE-4828-A194-799E14F933BA}C:\xboxgames\quake\content\bastet_winstore.exe] => (Allow) C:\xboxgames\quake\content\bastet_winstore.exe => No File FirewallRules: [UDP Query User{86250C7C-560B-4D59-954B-F54E7D41BE51}C:\xboxgames\senua-s saga- hellblade 2\content\hellblade2\binaries\wingdk\hellblade2-wingdk-shipping.exe] => (Allow) C:\xboxgames\senua-s saga- hellblade 2\content\hellblade2\binaries\wingdk\hellblade2-wingdk-shipping.exe => No File FirewallRules: [TCP Query User{ECCD0E64-E851-4288-9A2F-832D5E9EE09F}C:\xboxgames\senua-s saga- hellblade 2\content\hellblade2\binaries\wingdk\hellblade2-wingdk-shipping.exe] => (Allow) C:\xboxgames\senua-s saga- hellblade 2\content\hellblade2\binaries\wingdk\hellblade2-wingdk-shipping.exe => No File FirewallRules: [UDP Query User{30B21E61-F204-4399-87CE-ABC2EE02CF3F}C:\xboxgames\gang beasts\content\gang beasts.exe] => (Allow) C:\xboxgames\gang beasts\content\gang beasts.exe => No File FirewallRules: [TCP Query User{8C1C3B7C-D2E7-45C4-86EC-3A67233C7728}C:\xboxgames\gang beasts\content\gang beasts.exe] => (Allow) C:\xboxgames\gang beasts\content\gang beasts.exe => No File FirewallRules: [UDP Query User{44075A7F-EFAE-4C32-91BD-F9A59A4A0EDC}C:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) C:\riot games\riot client\riotclientelectron\riot client.exe => No File FirewallRules: [TCP Query User{6D95CDB3-7574-4EEF-88C3-A678B0E83AC7}C:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) C:\riot games\riot client\riotclientelectron\riot client.exe => No File FirewallRules: [UDP Query User{F547B9BA-DE4B-41F7-8B7A-C70EA53B12AB}C:\users\diego\downloads\dsx\main\dsx.exe] => (Allow) C:\users\diego\downloads\dsx\main\dsx.exe => No File FirewallRules: [TCP Query User{D7CAE005-58E0-4687-8D68-EDC83C5A2F34}C:\users\diego\downloads\dsx\main\dsx.exe] => (Allow) C:\users\diego\downloads\dsx\main\dsx.exe => No File FirewallRules: [UDP Query User{FB3B9FF2-C86E-48B5-B10C-58098679ED63}C:\games\god of war\gow.exe] => (Block) C:\games\god of war\gow.exe => No File FirewallRules: [TCP Query User{545924F9-74DC-4E69-B97C-013F5BFB1D93}C:\games\god of war\gow.exe] => (Block) C:\games\god of war\gow.exe => No File FirewallRules: [UDP Query User{862BED6B-6E20-4AA9-9DF0-D6A411E28486}C:\games\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe] => (Allow) C:\games\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe => No File FirewallRules: [TCP Query User{AC121CB6-5584-4E12-8F25-53B521C4ACB5}C:\games\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe] => (Allow) C:\games\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe => No File FirewallRules: [UDP Query User{E7C00ACB-A44C-4DE1-B5B1-87DBEE09D74E}C:\xboxgames\palworld\content\pal\binaries\wingdk\palworld-wingdk-shipping.exe] => (Allow) C:\xboxgames\palworld\content\pal\binaries\wingdk\palworld-wingdk-shipping.exe => No File FirewallRules: [TCP Query User{CF2CDC19-575B-489E-B543-2453B7C45844}C:\xboxgames\palworld\content\pal\binaries\wingdk\palworld-wingdk-shipping.exe] => (Allow) C:\xboxgames\palworld\content\pal\binaries\wingdk\palworld-wingdk-shipping.exe => No File FirewallRules: [UDP Query User{0FAB96D0-B5E5-4C34-84EE-A92EE65E91A3}C:\users\diego\appdata\local\programs\opera gx\opera.exe] => (Block) C:\users\diego\appdata\local\programs\opera gx\opera.exe => No File FirewallRules: [TCP Query User{6DB1C05B-25C6-45B6-A0F0-E0602CCA7EA4}C:\users\diego\appdata\local\programs\opera gx\opera.exe] => (Block) C:\users\diego\appdata\local\programs\opera gx\opera.exe => No File FirewallRules: [UDP Query User{9EBFCDBB-27F8-4989-B52D-CDBD48128E54}C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File FirewallRules: [TCP Query User{9DB05DA8-A616-4E8A-9F69-604ADF53A769}C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File FirewallRules: [UDP Query User{049D45DD-D3BB-4FD4-8F4E-F4651C7F2B6E}C:\games\uncharted legacy of thieves collection-insaneramzes\tll-l.exe] => (Block) C:\games\uncharted legacy of thieves collection-insaneramzes\tll-l.exe => No File FirewallRules: [TCP Query User{B262E9A7-022A-4E8E-8F3B-BB7103A0ACDE}C:\games\uncharted legacy of thieves collection-insaneramzes\tll-l.exe] => (Block) C:\games\uncharted legacy of thieves collection-insaneramzes\tll-l.exe => No File FirewallRules: [UDP Query User{92A5E1EC-5B6A-45D4-A97A-06A5B14C9217}C:\xboxgames\jusant\content\asc\binaries\wingdk\asc-wingdk-shipping.exe] => (Allow) C:\xboxgames\jusant\content\asc\binaries\wingdk\asc-wingdk-shipping.exe => No File FirewallRules: [TCP Query User{AC127831-F894-4D87-9072-354E3FFEF080}C:\xboxgames\jusant\content\asc\binaries\wingdk\asc-wingdk-shipping.exe] => (Allow) C:\xboxgames\jusant\content\asc\binaries\wingdk\asc-wingdk-shipping.exe => No File FirewallRules: [UDP Query User{4E66D16E-E748-4CD2-8A89-AA91B0A272DE}C:\games\uncharted legacy of thieves collection-insaneramzes\u4.exe] => (Allow) C:\games\uncharted legacy of thieves collection-insaneramzes\u4.exe => No File FirewallRules: [TCP Query User{F4FF62EB-3CA5-4291-88F1-F05E3A5C65EA}C:\games\uncharted legacy of thieves collection-insaneramzes\u4.exe] => (Allow) C:\games\uncharted legacy of thieves collection-insaneramzes\u4.exe => No File FirewallRules: [UDP Query User{32B7E7DE-6CA3-4B78-8410-9564A7980786}C:\games\uncharted legacy of thieves collection-insaneramzes\tll.exe] => (Allow) C:\games\uncharted legacy of thieves collection-insaneramzes\tll.exe => No File FirewallRules: [TCP Query User{1C33BA73-1A6B-46DA-89AB-0D4C29740DBE}C:\games\uncharted legacy of thieves collection-insaneramzes\tll.exe] => (Allow) C:\games\uncharted legacy of thieves collection-insaneramzes\tll.exe => No File FirewallRules: [UDP Query User{82E7DA00-EE29-4012-BBBA-15688EB4EE1F}C:\xboxgames\gotham knights\content\mercury\binaries\wingdk\gothamknights.exe] => (Allow) C:\xboxgames\gotham knights\content\mercury\binaries\wingdk\gothamknights.exe => No File FirewallRules: [TCP Query User{6893C960-B33C-4870-A64D-ACE1151245F7}C:\xboxgames\gotham knights\content\mercury\binaries\wingdk\gothamknights.exe] => (Allow) C:\xboxgames\gotham knights\content\mercury\binaries\wingdk\gothamknights.exe => No File FirewallRules: [{CC06A603-38AD-4008-8B30-5CC8F887405D}] => (Allow) C:\Program Files\GIGABYTE\Control Center\GCC.exe => No File FirewallRules: [{F6581DF6-F3F4-4B65-A6B1-CA49B0019B63}] => (Allow) C:\Program Files\GIGABYTE\Control Center\GCC.exe => No File FirewallRules: [UDP Query User{1373E386-075E-45D3-AB6B-FEC1EF610F0A}C:\xboxgames\ghostwire- tokyo\content\snowfall\binaries\wingdk\gwt.exe] => (Allow) C:\xboxgames\ghostwire- tokyo\content\snowfall\binaries\wingdk\gwt.exe => No File FirewallRules: [TCP Query User{E9909C36-B9C8-49DE-8909-F350EB71DFA3}C:\xboxgames\ghostwire- tokyo\content\snowfall\binaries\wingdk\gwt.exe] => (Allow) C:\xboxgames\ghostwire- tokyo\content\snowfall\binaries\wingdk\gwt.exe => No File FirewallRules: [UDP Query User{AA822E9C-EF78-4AA4-A99C-ED9FEE6BDD3A}C:\xboxgames\high on life\content\oregon\binaries\wingdk\oregon-wingdk-shipping.exe] => (Allow) C:\xboxgames\high on life\content\oregon\binaries\wingdk\oregon-wingdk-shipping.exe => No File FirewallRules: [TCP Query User{E68704AB-8AD4-4C1B-ACAE-4CE066497764}C:\xboxgames\high on life\content\oregon\binaries\wingdk\oregon-wingdk-shipping.exe] => (Allow) C:\xboxgames\high on life\content\oregon\binaries\wingdk\oregon-wingdk-shipping.exe => No File FirewallRules: [UDP Query User{5226E9F8-B275-4317-B90E-06B6F305F8BD}C:\users\diego\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\diego\appdata\roaming\spotify\spotify.exe => No File FirewallRules: [TCP Query User{4FFD8EB9-224F-4B80-B892-46F8C1CC6D74}C:\users\diego\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\diego\appdata\roaming\spotify\spotify.exe => No File FirewallRules: [UDP Query User{B39C177C-78FC-43B2-86D9-B6EE4995651E}C:\gog games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\gog games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File FirewallRules: [TCP Query User{B3EFE1BC-90FA-4A2E-9F50-652528338621}C:\gog games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\gog games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File FirewallRules: [{F1CAD067-7E97-4996-8E77-38AB1BC7013C}] => (Allow) C:\Program Files\Tailscale\tailscaled.exe => No File FirewallRules: [{A75C54A5-66AF-4D6B-811C-0AE9A1144F37}] => (Block) C:\program files (x86)\gigabyte\@bios\flashbios.exe => No File FirewallRules: [{2AADAA3B-392C-43B5-B52B-69CDAEA7EFCD}] => (Block) C:\program files (x86)\gigabyte\@bios\flashbios.exe => No File FirewallRules: [UDP Query User{D7B39D89-CC0C-4C62-A9A9-64FB4E6B05B6}C:\program files (x86)\gigabyte\@bios\flashbios.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\flashbios.exe => No File FirewallRules: [TCP Query User{90736F61-C3B1-47AE-8390-6C5016C3E037}C:\program files (x86)\gigabyte\@bios\flashbios.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\flashbios.exe => No File FirewallRules: [{E76F98E6-3C61-4782-91BA-AAA55FD2B8D3}] => (Block) C:\program files\epic games\dyinglight\dyinglightgame.exe => No File FirewallRules: [{DD12D601-389E-4D2B-8933-CDD2C727F708}] => (Block) C:\program files\epic games\dyinglight\dyinglightgame.exe => No File FirewallRules: [UDP Query User{54C7DC62-5D6F-4CB2-A1D5-201BEE0D4111}C:\program files\epic games\dyinglight\dyinglightgame.exe] => (Allow) C:\program files\epic games\dyinglight\dyinglightgame.exe => No File FirewallRules: [TCP Query User{F7E19106-E7CF-4DD8-8D90-212B4BB65CEE}C:\program files\epic games\dyinglight\dyinglightgame.exe] => (Allow) C:\program files\epic games\dyinglight\dyinglightgame.exe => No File FirewallRules: [{1FF75366-EE73-4B58-9B07-E2E54270B385}] => (Block) C:\xboxgames\atomic heart\content\atomicheart\binaries\wingdk\atomicheart-wingdk-shipping.exe => No File FirewallRules: [{395139F6-1B8D-4846-8FDB-2B8D81930F47}] => (Block) C:\xboxgames\atomic heart\content\atomicheart\binaries\wingdk\atomicheart-wingdk-shipping.exe => No File FirewallRules: [UDP Query User{AABFF7B5-64AE-466E-A7F6-6B6924DC2240}C:\xboxgames\atomic heart\content\atomicheart\binaries\wingdk\atomicheart-wingdk-shipping.exe] => (Allow) C:\xboxgames\atomic heart\content\atomicheart\binaries\wingdk\atomicheart-wingdk-shipping.exe => No File FirewallRules: [TCP Query User{EE2A928C-24F9-4B1A-98F4-EB0233FB62BB}C:\xboxgames\atomic heart\content\atomicheart\binaries\wingdk\atomicheart-wingdk-shipping.exe] => (Allow) C:\xboxgames\atomic heart\content\atomicheart\binaries\wingdk\atomicheart-wingdk-shipping.exe => No File FirewallRules: [UDP Query User{5FF5C0E1-B777-4182-A510-8811B0B5558D}C:\xboxgames\hi-fi rush\content\hibiki\binaries\wingdk\hi-fi-rush.exe] => (Allow) C:\xboxgames\hi-fi rush\content\hibiki\binaries\wingdk\hi-fi-rush.exe => No File FirewallRules: [TCP Query User{7B11DE30-2AB7-47BE-88B0-F13CCEA27BAB}C:\xboxgames\hi-fi rush\content\hibiki\binaries\wingdk\hi-fi-rush.exe] => (Allow) C:\xboxgames\hi-fi rush\content\hibiki\binaries\wingdk\hi-fi-rush.exe => No File FirewallRules: [UDP Query User{7467CE11-5DB6-43BB-86CE-172B76C108A8}C:\games\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe] => (Block) C:\games\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe => No File FirewallRules: [TCP Query User{47A31C43-E760-4439-A552-EC41BA7F9152}C:\games\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe] => (Block) C:\games\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe => No File FirewallRules: [UDP Query User{1F05FF42-F3D5-495E-9686-8B56A439161F}C:\games\hot wheels unleashed\hotwheels\binaries\win64\hotwheels-win64-shipping.exe] => (Allow) C:\games\hot wheels unleashed\hotwheels\binaries\win64\hotwheels-win64-shipping.exe => No File FirewallRules: [TCP Query User{EC15CD3B-BEF9-49C1-9058-4E5449F3B805}C:\games\hot wheels unleashed\hotwheels\binaries\win64\hotwheels-win64-shipping.exe] => (Allow) C:\games\hot wheels unleashed\hotwheels\binaries\win64\hotwheels-win64-shipping.exe => No File FirewallRules: [UDP Query User{1516BB78-3623-48B5-B326-4EA31C32E8A9}C:\games\capcom fighting collection\capcomfightingcollection.exe] => (Allow) C:\games\capcom fighting collection\capcomfightingcollection.exe => No File FirewallRules: [TCP Query User{C53934C5-15C8-4CDF-81E7-5924AFDC851C}C:\games\capcom fighting collection\capcomfightingcollection.exe] => (Allow) C:\games\capcom fighting collection\capcomfightingcollection.exe => No File FirewallRules: [UDP Query User{F5654A10-C9D0-4B29-92F1-635354824C46}C:\users\diego\downloads\rpcs3-v0.0.26-14636-3202cc70_win64\rpcs3.exe] => (Allow) C:\users\diego\downloads\rpcs3-v0.0.26-14636-3202cc70_win64\rpcs3.exe => No File FirewallRules: [TCP Query User{EB8A4A71-600F-4832-A8E0-737F1B00FFA9}C:\users\diego\downloads\rpcs3-v0.0.26-14636-3202cc70_win64\rpcs3.exe] => (Allow) C:\users\diego\downloads\rpcs3-v0.0.26-14636-3202cc70_win64\rpcs3.exe => No File FirewallRules: [UDP Query User{F1D25F3F-7405-44F2-83DB-2500949696DF}C:\xboxgames\dead by daylight\content\deadbydaylight\binaries\wingdk\deadbydaylight-wingdk-shipping.exe] => (Allow) C:\xboxgames\dead by daylight\content\deadbydaylight\binaries\wingdk\deadbydaylight-wingdk-shipping.exe => No File FirewallRules: [TCP Query User{3B2333A4-1E44-427E-811F-CADB788230A6}C:\xboxgames\dead by daylight\content\deadbydaylight\binaries\wingdk\deadbydaylight-wingdk-shipping.exe] => (Allow) C:\xboxgames\dead by daylight\content\deadbydaylight\binaries\wingdk\deadbydaylight-wingdk-shipping.exe => No File FirewallRules: [{52325509-D12B-48EA-A0F4-80E9E1BF0196}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia\Mafia\Setup.exe => No File FirewallRules: [{DA8A00B0-7F69-400A-BA18-53677AA8D6AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia\Mafia\Setup.exe => No File FirewallRules: [{CE3CF723-B1F8-467A-AF07-F2A4614C029F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia\Mafia\Game.exe => No File FirewallRules: [{200231B3-52B1-40A8-982B-85256C93FFB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia\Mafia\Game.exe => No File FirewallRules: [UDP Query User{2894DEC3-4752-4100-9490-5625D357F548}C:\xboxgames\psychonauts 2\content\psychonauts2\binaries\wingdk\psychonauts2-wingdk-shipping.exe] => (Allow) C:\xboxgames\psychonauts 2\content\psychonauts2\binaries\wingdk\psychonauts2-wingdk-shipping.exe => No File FirewallRules: [TCP Query User{4BAEDA89-C5ED-4637-A99D-E0E2031C84FA}C:\xboxgames\psychonauts 2\content\psychonauts2\binaries\wingdk\psychonauts2-wingdk-shipping.exe] => (Allow) C:\xboxgames\psychonauts 2\content\psychonauts2\binaries\wingdk\psychonauts2-wingdk-shipping.exe => No File FirewallRules: [UDP Query User{B5325E5D-1CC9-4AB6-A884-7D7D75F7A676}C:\xboxgames\life is strange- true colors™\content\siren\binaries\wingdk\siren-wingdk-shipping.exe] => (Allow) C:\xboxgames\life is strange- true colors™\content\siren\binaries\wingdk\siren-wingdk-shipping.exe => No File FirewallRules: [TCP Query User{DEDD5AC1-C88B-4F4B-92F6-1AC7572F8B33}C:\xboxgames\life is strange- true colors™\content\siren\binaries\wingdk\siren-wingdk-shipping.exe] => (Allow) C:\xboxgames\life is strange- true colors™\content\siren\binaries\wingdk\siren-wingdk-shipping.exe => No File FirewallRules: [UDP Query User{997EC5A7-EFF5-401A-BA92-F25DEDC82CA1}C:\program files (x86)\zotacfirestorm\firestorm.exe] => (Allow) C:\program files (x86)\zotacfirestorm\firestorm.exe => No File FirewallRules: [TCP Query User{2829D1D5-1637-427F-A658-3D3F48C015FE}C:\program files (x86)\zotacfirestorm\firestorm.exe] => (Allow) C:\program files (x86)\zotacfirestorm\firestorm.exe => No File FirewallRules: [{EFFDBC86-7B9C-4A2C-A436-60F842E860F9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File FirewallRules: [{6820FF51-58D3-465F-8A10-AED1CCD8521B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File FirewallRules: [TCP Query User{844C536B-6F65-4958-86EC-59A0AB0BD6FE}C:\users\diego\downloads\clair.obscur.expedition.33.rexagames.com\sandfall\binaries\win64\sandfall-win64-shipping.exe] => (Block) C:\users\diego\downloads\clair.obscur.expedition.33.rexagames.com\sandfall\binaries\win64\sandfall-win64-shipping.exe => No File FirewallRules: [UDP Query User{6C8E029D-45DA-40C7-B6A6-FE768E1D3A03}C:\users\diego\downloads\clair.obscur.expedition.33.rexagames.com\sandfall\binaries\win64\sandfall-win64-shipping.exe] => (Block) C:\users\diego\downloads\clair.obscur.expedition.33.rexagames.com\sandfall\binaries\win64\sandfall-win64-shipping.exe => No File FirewallRules: [{339049FD-5680-4FEE-991D-7C802E5E967F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\ui32.exe => No File FirewallRules: [{A4827D87-DF68-49B2-8DC6-E01A15C1E663}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\ui32.exe => No File FirewallRules: [TCP Query User{8AD1D64E-02FE-415D-8662-9E621ACCBE90}C:\users\diego\downloads\replanted.v1.5.0.rexagames.com\replanted.exe] => (Block) C:\users\diego\downloads\replanted.v1.5.0.rexagames.com\replanted.exe => No File FirewallRules: [UDP Query User{A3E2291E-027F-4703-91C1-3648E4EFEFA7}C:\users\diego\downloads\replanted.v1.5.0.rexagames.com\replanted.exe] => (Block) C:\users\diego\downloads\replanted.v1.5.0.rexagames.com\replanted.exe => No File FirewallRules: [TCP Query User{D59164EE-17D1-4AB8-ABE0-4242341313C1}C:\users\diego\downloads\scrcpy-win64-v3.3.4\scrcpy-win64-v3.3.4\adb.exe] => (Allow) C:\users\diego\downloads\scrcpy-win64-v3.3.4\scrcpy-win64-v3.3.4\adb.exe => No File FirewallRules: [UDP Query User{A0BD59C5-463A-454E-B502-348B7965929D}C:\users\diego\downloads\scrcpy-win64-v3.3.4\scrcpy-win64-v3.3.4\adb.exe] => (Allow) C:\users\diego\downloads\scrcpy-win64-v3.3.4\scrcpy-win64-v3.3.4\adb.exe => No File FirewallRules: [{1FE4B1DD-B75C-4C8A-A934-33C93C450D7A}] => (Allow) C:\Users\diego\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe => No File FirewallRules: [{20309CBB-2507-4B49-B60E-61523F72EB1C}] => (Allow) C:\Users\diego\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe => No File FirewallRules: [TCP Query User{65CA0E62-6428-49F7-BC21-4EA2F1D24E4E}D:\games\yakuza 0 director's cut\runtime\media\yakuza0_dc.exe] => (Block) D:\games\yakuza 0 director's cut\runtime\media\yakuza0_dc.exe => No File FirewallRules: [UDP Query User{1BD62AE3-49FB-428D-99C5-AB9A7CB3A727}D:\games\yakuza 0 director's cut\runtime\media\yakuza0_dc.exe] => (Block) D:\games\yakuza 0 director's cut\runtime\media\yakuza0_dc.exe => No File FirewallRules: [TCP Query User{848D3F4A-69B8-40D1-9F88-ECF1DE4887BA}D:\games\pico-park-ankergames\pico-park-ankergames\pico_park.exe] => (Block) D:\games\pico-park-ankergames\pico-park-ankergames\pico_park.exe => No File FirewallRules: [UDP Query User{B8BCEFDF-CFF1-407F-A34E-2E8578C5A26C}D:\games\pico-park-ankergames\pico-park-ankergames\pico_park.exe] => (Block) D:\games\pico-park-ankergames\pico-park-ankergames\pico_park.exe => No File FirewallRules: [TCP Query User{EF7D866A-CCB1-4D8F-B484-97CFF32887ED}C:\games\resident evil requiem\re9.exe] => (Block) C:\games\resident evil requiem\re9.exe => No File FirewallRules: [UDP Query User{5346FF8C-17F8-4B3B-950A-DE741645A1D5}C:\games\resident evil requiem\re9.exe] => (Block) C:\games\resident evil requiem\re9.exe => No File FirewallRules: [TCP Query User{D92198B5-5516-4564-A34D-E5A34F559323}D:\games\reanimal\everholm\binaries\win64\reanimal.exe] => (Block) D:\games\reanimal\everholm\binaries\win64\reanimal.exe => No File FirewallRules: [UDP Query User{E5E556AF-C84F-4A47-8F1E-6112BFF0BEB0}D:\games\reanimal\everholm\binaries\win64\reanimal.exe] => (Block) D:\games\reanimal\everholm\binaries\win64\reanimal.exe => No File FirewallRules: [TCP Query User{6C5D50C6-E0B0-41FE-A907-47C225227BE2}D:\games\scott pilgrim vs the world\scott.exe] => (Block) D:\games\scott pilgrim vs the world\scott.exe => No File FirewallRules: [UDP Query User{DC88EA26-6566-407E-ADE6-C9BB5FC71D93}D:\games\scott pilgrim vs the world\scott.exe] => (Block) D:\games\scott pilgrim vs the world\scott.exe => No File FirewallRules: [TCP Query User{25FF0C68-591D-4445-B94E-F63893113498}D:\setup\armgddn browser\skybox vr video player v14717419(1.1.8) -armgddn\steamvr_sourcevrplayer.exe] => (Allow) D:\setup\armgddn browser\skybox vr video player v14717419(1.1.8) -armgddn\steamvr_sourcevrplayer.exe => No File FirewallRules: [UDP Query User{43676CDB-CC41-465C-827F-AAAB18930E3A}D:\setup\armgddn browser\skybox vr video player v14717419(1.1.8) -armgddn\steamvr_sourcevrplayer.exe] => (Allow) D:\setup\armgddn browser\skybox vr video player v14717419(1.1.8) -armgddn\steamvr_sourcevrplayer.exe => No File FirewallRules: [TCP Query User{9B83C390-6E67-4950-894C-EEF762DB3965}D:\games\psychonauts in the rhombus of ruin\psychonautsintherhombusofruin\binaries\win64\psychonautsintherhombusofruin-win64-shipping.exe] => (Block) D:\games\psychonauts in the rhombus of ruin\psychonautsintherhombusofruin\binaries\win64\psychonautsintherhombusofruin-win64-shipping.exe => No File FirewallRules: [UDP Query User{EF27A2F7-1BA8-4318-8A78-955E6E282E14}D:\games\psychonauts in the rhombus of ruin\psychonautsintherhombusofruin\binaries\win64\psychonautsintherhombusofruin-win64-shipping.exe] => (Block) D:\games\psychonauts in the rhombus of ruin\psychonautsintherhombusofruin\binaries\win64\psychonautsintherhombusofruin-win64-shipping.exe => No File FirewallRules: [TCP Query User{5A26255D-E8A3-48D2-9087-AB1C5F53FE35}D:\games\beat saber (1.42.3_15380 all dlc)\beat saber.exe] => (Block) D:\games\beat saber (1.42.3_15380 all dlc)\beat saber.exe => No File FirewallRules: [UDP Query User{200D7343-E05F-4686-8047-514B3E49E0F8}D:\games\beat saber (1.42.3_15380 all dlc)\beat saber.exe] => (Block) D:\games\beat saber (1.42.3_15380 all dlc)\beat saber.exe => No File FirewallRules: [TCP Query User{9520B8D8-150A-4116-BE04-4B2E21834848}C:\games\resident evil requiem biohazard requiem\re9.exe] => (Block) C:\games\resident evil requiem biohazard requiem\re9.exe => No File FirewallRules: [UDP Query User{CC8F6A72-F786-4F79-AAFC-02B0338B1F65}C:\games\resident evil requiem biohazard requiem\re9.exe] => (Block) C:\games\resident evil requiem biohazard requiem\re9.exe => No File FirewallRules: [TCP Query User{8C1C38C1-C91A-4304-8300-9F26914FD6B0}D:\games\the binding of isaac rebirth\isaac-ng.exe] => (Block) D:\games\the binding of isaac rebirth\isaac-ng.exe => No File FirewallRules: [UDP Query User{94D396E3-A1A5-4EB2-A172-EB9A1BD696AA}D:\games\the binding of isaac rebirth\isaac-ng.exe] => (Block) D:\games\the binding of isaac rebirth\isaac-ng.exe => No File FirewallRules: [TCP Query User{71B9CD87-FFD2-4EDB-96D4-07E3721FF4FF}D:\games\fruit ninja vr 2\fruit ninja vr 2.exe] => (Block) D:\games\fruit ninja vr 2\fruit ninja vr 2.exe => No File FirewallRules: [UDP Query User{A9835656-DAF6-4B80-839B-E38BABCB436E}D:\games\fruit ninja vr 2\fruit ninja vr 2.exe] => (Block) D:\games\fruit ninja vr 2\fruit ninja vr 2.exe => No File FirewallRules: [TCP Query User{719771AA-EA79-4939-B3B2-E6768B4AD202}D:\games\pools\pools.exe] => (Block) D:\games\pools\pools.exe => No File FirewallRules: [UDP Query User{921E217C-3298-43E3-B2B5-F3E01DE07006}D:\games\pools\pools.exe] => (Block) D:\games\pools\pools.exe => No File FirewallRules: [TCP Query User{9039F69B-4D90-4BFE-8AB8-65A66F59091E}D:\games\pools\poolsvr\pools.exe] => (Block) D:\games\pools\poolsvr\pools.exe => No File FirewallRules: [UDP Query User{41EBC287-37D9-4D9B-81C5-925B7845C732}D:\games\pools\poolsvr\pools.exe] => (Block) D:\games\pools\poolsvr\pools.exe => No File FirewallRules: [{F50B0B41-386D-49D6-B61B-9573572A8D02}] => (Allow) C:\Program Files (x86)\arcai.com\aips.exe => No File FirewallRules: [{670EA020-2760-4411-A65F-7B094F5CC828}] => (Allow) C:\Program Files (x86)\arcai.com\aips.exe => No File FirewallRules: [{E406AAC3-7256-4114-ACA0-57FFFE3F0B4E}] => (Allow) C:\Program Files (x86)\arcai.com\netcut_windows.exe => No File FirewallRules: [{EA20ED7B-949D-483A-B38A-85A5A77741BD}] => (Allow) C:\Program Files (x86)\arcai.com\netcut_windows.exe => No File FirewallRules: [{86CABB58-0CD2-4B4E-8A68-3377EBB772C5}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe => No File HKLM\Software\Policies\...\system: [EnableSmartScreen] 0 <==== ATTENTION HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION HKU\S-1-5-21-3942013402-3740469761-1670386497-1001\Software\Classes\regfile: <==== ATTENTION HKU\S-1-5-21-3942013402-3740469761-1670386497-1001\Software\Classes\.reg: => <==== ATTENTION HKU\S-1-5-21-3942013402-3740469761-1670386497-1001\Software\Classes\.bat: => <==== ATTENTION HKU\S-1-5-21-3942013402-3740469761-1670386497-1001\Software\Classes\.cmd: => <==== ATTENTION Folder: C:\ProgramData\Jackett File: C:\Program Files\fpsVR\fpsvrCPUTempCounterService.exe Comment: This snippet reverts SmartScreen settings to default StartRegedit: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer] "SmartScreenEnabled"="Warn" [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter] "EnabledV9"=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\AppHost] "EnableWebContentEvaluation"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\AppHost] "EnableWebContentEvaluation"=dword:00000001 [HKU\S-1-5-21-3942013402-3740469761-1670386497-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost] "EnableWebContentEvaluation"=dword:00000001 EndRegedit: HKLM\Software\Policies\...\system: [ShellSmartScreenLevel] Warn StartPowerShell: # This snippet re-enables Windows Defender and applies optimized settings to ensure high protection against malware # Enable real-time protection Set-MpPreference -DisableRealtimeMonitoring $false # Enable behavioural protection Set-MpPreference -DisableBehaviorMonitoring $false # Enable PUP detection Set-MpPreference -PUAProtection Enabled # Enable cloud protection to level 4 - aggressively block unknowns and apply additional protection measures, alternatively use 2 for lower protection or 0 for default Set-MpPreference -CloudBlockLevel 4 # Send advanced information about malicious/unwanted software present on your device Set-MpPreference -MAPSReporting 2 # Send safe samples automatically to Microsoft Set-MpPreference -SubmitSamplesConsent 1 # Enables inspection of HTTP traffic to detect malicious websites Set-MpPreference -EnableNetworkProtection Enabled # Enables block at first seen Set-MpPreference -DisableBlockAtFirstSeen $false # Allows scanning of archive files, such as .zip and .cab files for malware/PUP Set-MpPreference -DisableArchiveScanning $false # Enables automatic scanning of USB & removal drives Set-MpPreference -DisableRemovableDriveScanning $false # Enables scanning of network files Set-MpPreference -DisableScanningNetworkFiles $false # Forces signature check before running a scan Set-MpPreference -CheckForSignaturesBeforeRunningScan $true # Extends cloud check timer from default 10 to 30 seconds Set-MpPreference -CloudExtendedTimeout 30 # Enables automatic scanning of all downloaded files and attachments Set-MpPreference -DisableIOAVProtection $false # Enables script detection Set-MpPreference -DisableScriptScanning $false # Disables automatic exclusions from scanning Set-MpPreference -DisableAutoExclusions 1 # Enables scanning of mapped network drives Set-MpPreference -DisableScanningMappedNetworkDrivesForFullScan 0 # Enables scanning of email files Set-MpPreference -DisableEmailScanning 0 # Enables blocking of malicious domains and IP's on DNS level Set-MpPreference -EnableDnsSinkhole $true # Enables signature updates every 12 hours Set-MpPreference -SignatureUpdateInterval 12 # Enables automatic quarantine for threats labelled as high and severe Set-MpPreference -HighThreatDefaultAction Quarantine Set-MpPreference -SevereThreatDefaultAction Quarantine # Updates signatures Update-MpSignature EndPowerShell: StartPowershell: # Replace /scanonly with /clean if you also want to delete items -- however, this will activate a trial license on the system, I do not recommend it $hmpExe = "$env:TEMP\HitmanPro_x64.exe" $logFile = "$env:TEMP\HitmanPro_ScanLog.txt" Invoke-WebRequest -Uri "https://dl.surfright.nl/HitmanPro_x64.exe" -OutFile $hmpExe -UseBasicParsing $proc = Start-Process $hmpExe -ArgumentList "/ews","/scanonly","/noinstall","/log=`"$logFile`"","/logtype=txt" -Wait -PassThru if (!(Test-Path $logFile)) { Write-Host "Scan failed (exit $($proc.ExitCode))"; exit 1 } Get-Content $logFile -Encoding Unicode EndPowershell: StartPowerShell: # Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console # Does not clean preinstalled objects, only PUP/Adware # If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument # If you would like to only scan with it, change the argument from /clean to /scan # NOTE: For the sake of users from Asia (primarily China), do not use the clean option. It will very likely remove a lot of their important software. New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden $logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt" Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile Get-Content $logFile -Encoding Unicode Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue EndPowerShell: Comment: Verify that Discord does not have any injected code to intercept personal data. If anything is prompted here, it needs to be checked that it isn't malicious code. Powershell: @("$env:APPDATA","$env:LOCALAPPDATA") | ForEach-Object { Get-ChildItem $_ -Recurse -Filter "index.js" -ErrorAction SilentlyContinue } | Where-Object { $_.FullName -match "discord_desktop_core" } | ForEach-Object { Write-Host "--- $($_.FullName) ---"; (Get-Content $_.FullName -Raw).Substring(0,[Math]::Min(2000,(Get-Content $_.FullName -Raw).Length)) } Comment: Remove unwanted files from common folders using native removal power of Farbar to include remove on reboot if needed. Please double check the user does not have any applications incorrectly installed in the directories listed below. C:\ProgramData\*.a3x C:\ProgramData\*.ahk C:\ProgramData\*.au3 C:\ProgramData\*.bat C:\ProgramData\*.cab C:\ProgramData\*.cmd C:\ProgramData\*.com C:\ProgramData\*.dll C:\ProgramData\*.exe C:\ProgramData\*.hta C:\ProgramData\*.jar C:\ProgramData\*.js C:\ProgramData\*.jse C:\ProgramData\*.lnk C:\ProgramData\*.pif C:\ProgramData\*.ps1 C:\ProgramData\*.py C:\ProgramData\*.pyc C:\ProgramData\*.pyd C:\ProgramData\*.scr C:\ProgramData\*.tmp C:\ProgramData\*.vbe C:\ProgramData\*.vbs C:\ProgramData\*.wsf C:\ProgramData\*.wsh C:\ProgramData\*.zip C:\ProgramData\*.rar C:\ProgramData\*.7z C:\Users\*\AppData\Roaming\*.au3 C:\Users\*\AppData\Roaming\*.bat C:\Users\*\AppData\Roaming\*.cab C:\Users\*\AppData\Roaming\*.cmd C:\Users\*\AppData\Roaming\*.com C:\Users\*\AppData\Roaming\*.dll C:\Users\*\AppData\Roaming\*.exe C:\Users\*\AppData\Roaming\*.hta C:\Users\*\AppData\Roaming\*.jar C:\Users\*\AppData\Roaming\*.js C:\Users\*\AppData\Roaming\*.jse C:\Users\*\AppData\Roaming\*.lnk C:\Users\*\AppData\Roaming\*.pif C:\Users\*\AppData\Roaming\*.ps1 C:\Users\*\AppData\Roaming\*.py C:\Users\*\AppData\Roaming\*.pyc C:\Users\*\AppData\Roaming\*.pyd C:\Users\*\AppData\Roaming\*.scr C:\Users\*\AppData\Roaming\*.tmp C:\Users\*\AppData\Roaming\*.vbe C:\Users\*\AppData\Roaming\*.vbs C:\Users\*\AppData\Roaming\*.wsf C:\Users\*\AppData\Roaming\*.wsh C:\Users\*\AppData\Roaming\*.zip C:\Users\*\AppData\Roaming\*.rar C:\Users\*\AppData\Roaming\*.7z C:\Users\CurrentUserName\AppData\Local\*.a3x C:\Users\CurrentUserName\AppData\Local\*.ahk C:\Users\CurrentUserName\AppData\Local\*.au3 C:\Users\CurrentUserName\AppData\Local\*.bat C:\Users\CurrentUserName\AppData\Local\*.cab C:\Users\CurrentUserName\AppData\Local\*.cmd C:\Users\CurrentUserName\AppData\Local\*.com C:\Users\CurrentUserName\AppData\Local\*.dll C:\Users\CurrentUserName\AppData\Local\*.exe C:\Users\CurrentUserName\AppData\Local\*.hta C:\Users\CurrentUserName\AppData\Local\*.jar C:\Users\CurrentUserName\AppData\Local\*.js C:\Users\CurrentUserName\AppData\Local\*.jse C:\Users\CurrentUserName\AppData\Local\*.lnk C:\Users\CurrentUserName\AppData\Local\*.pif C:\Users\CurrentUserName\AppData\Local\*.ps1 C:\Users\CurrentUserName\AppData\Local\*.py C:\Users\CurrentUserName\AppData\Local\*.pyc C:\Users\CurrentUserName\AppData\Local\*.pyd C:\Users\CurrentUserName\AppData\Local\*.scr C:\Users\CurrentUserName\AppData\Local\*.tmp C:\Users\CurrentUserName\AppData\Local\*.vbe C:\Users\CurrentUserName\AppData\Local\*.vbs C:\Users\CurrentUserName\AppData\Local\*.wsf C:\Users\CurrentUserName\AppData\Local\*.wsh C:\Users\CurrentUserName\AppData\Local\*.zip C:\Users\CurrentUserName\AppData\Local\*.rar C:\Users\CurrentUserName\AppData\Local\*.7z C:\Users\CurrentUserName\AppData\Roaming\*.a3x C:\Users\CurrentUserName\AppData\Roaming\*.ahk C:\Users\CurrentUserName\AppData\Roaming\*.au3 C:\Users\CurrentUserName\AppData\Roaming\*.bat C:\Users\CurrentUserName\AppData\Roaming\*.cab C:\Users\CurrentUserName\AppData\Roaming\*.cmd C:\Users\CurrentUserName\AppData\Roaming\*.com C:\Users\CurrentUserName\AppData\Roaming\*.dll C:\Users\CurrentUserName\AppData\Roaming\*.exe C:\Users\CurrentUserName\AppData\Roaming\*.hta C:\Users\CurrentUserName\AppData\Roaming\*.jar C:\Users\CurrentUserName\AppData\Roaming\*.js C:\Users\CurrentUserName\AppData\Roaming\*.jse C:\Users\CurrentUserName\AppData\Roaming\*.lnk C:\Users\CurrentUserName\AppData\Roaming\*.pif C:\Users\CurrentUserName\AppData\Roaming\*.ps1 C:\Users\CurrentUserName\AppData\Roaming\*.py C:\Users\CurrentUserName\AppData\Roaming\*.pyc C:\Users\CurrentUserName\AppData\Roaming\*.pyd C:\Users\CurrentUserName\AppData\Roaming\*.scr C:\Users\CurrentUserName\AppData\Roaming\*.tmp C:\Users\CurrentUserName\AppData\Roaming\*.vbe C:\Users\CurrentUserName\AppData\Roaming\*.vbs C:\Users\CurrentUserName\AppData\Roaming\*.wsf C:\Users\CurrentUserName\AppData\Roaming\*.wsh C:\Users\CurrentUserName\AppData\Roaming\*.zip C:\Users\CurrentUserName\AppData\Roaming\*.rar C:\Users\CurrentUserName\AppData\Roaming\*.7z Comment: Force policy removal C:\Windows\System32\GroupPolicyUsers C:\Windows\System32\GroupPolicy Comment: System repair commands CMD: DISM.exe /Online /Cleanup-image /Restorehealth CMD: SFC.exe /scannow Comment: Network reset commands CMD: netsh int ip reset CMD: netsh int ipv6 reset CMD: ipconfig /flushDNS CMD: netsh winsock reset catalog Comment: Additional temp file removal C:\Windows\System32\config\systemprofile\AppData\Local\*.tmp C:\WINDOWS\system32\*.tmp C:\WINDOWS\syswow64\*.tmp C:\Users\CurrentUserName\AppData\Local\Temp\* C:\Windows\Temp\* C:\Windows\SystemTemp\* EmptyTemp: End::