sigmasigmaboy228

content copied
content

Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:

StartPowerShell:
# This snippet uses Sysinternals Sigcheck to upload file on VirusTotal.
# Change the line containing the string "INSERTFILEPATHHERE" to the desired filepath
# ---
# It displays the following: entropy, file hashes, catalog name & signing chain, VirusTotal scan results and link to it.
# It is also able to traverse symbolic links and directory junctions.
# ---
# NOTE: If the file is not known prior, it gets uploaded to VirusTotal and the result will be available in a few minutes. 
#       You can search up the report by visiting the URL "https://www.virustotal.com/gui/file/<SHA256>"
$TempDir = [System.IO.Path]::GetTempPath()
$ZipPath = Join-Path $TempDir "SigcheckFRST.zip"
$ExtractPath = Join-Path $TempDir "SigcheckFRST"
Invoke-WebRequest -Uri "https://download.sysinternals.com/files/Sigcheck.zip" -OutFile $ZipPath -UseBasicParsing
if (Test-Path $ExtractPath) { Remove-Item $ExtractPath -Recurse -Force }
Expand-Archive -Path $ZipPath -DestinationPath $ExtractPath -Force
$SigcheckExe = Join-Path $ExtractPath "sigcheck.exe"
if (Test-Path $SigcheckExe) {
    $psi = New-Object System.Diagnostics.ProcessStartInfo
    $psi.FileName = $SigcheckExe
    $psi.Arguments = '-accepteula -a -h -i -m -l -vt -vs -nobanner "C:\Users\RyaKei\AppData\Roaming\XuanZhi9\android_bug\59365f2da6e7ab0b788ce020133b3846\gamelan.py"'
    $psi.RedirectStandardOutput = $true
    $psi.StandardOutputEncoding = [System.Text.Encoding]::Unicode
    $psi.UseShellExecute = $false
    $psi.CreateNoWindow = $true
    $p = [System.Diagnostics.Process]::Start($psi)
    $output = $p.StandardOutput.ReadToEnd()
    $p.WaitForExit()
    Write-Output $output
} else {
    Write-Host "Error: Sigcheck does not exist"
}
Remove-Item $ZipPath -Force
EndPowerShell:


2026-04-29 23:30 - 2026-02-19 14:22 - 000000032 _____ C:\Users\RyaKei\AppData\Roaming\msregsvv.dll
UrbanVPN (HKLM\...\{68B6BD06-7C8E-436A-8DED-EF1DF9B01446}) (Version: 5.1.1.7683 - Urban Cyber Security) Hidden
UrbanVPN (HKLM\...\UrbanVPN 5.1.1.7683) (Version: 5.1.1.7683 - Urban Cyber Security)
2026-05-13 15:00 - 2026-05-13 15:00 - 000000000 ____D C:\Users\RyaKei\AppData\Roaming\RenPy
CustomCLSID: HKU\S-1-5-21-1965057442-2014340265-585418409-1001_Classes\CLSID\{89b2b650-c4dd-d68b-46e7-3176f1973c8b}\localserver32 -> "C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" -ToastActivated => No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll -> No File
AlternateDataStreams: C:\6749525315573233238:err [1576]
AlternateDataStreams: C:\Users\RyaKei:Heroes & Generals [38]
AlternateDataStreams: C:\ProgramData\DP45977C.lfl:677104FCAA [5138]
AlternateDataStreams: C:\ProgramData\droidcam-client-options-v1:7BC0924164 [5138]
AlternateDataStreams: C:\ProgramData\droidcam-settings:3FFAD04353 [5138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [5138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [5138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Theft Auto V.lnk:A137319AA2 [5138]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [5138]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [490]
AlternateDataStreams: C:\Users\RyaKei\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\RyaKei\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
FirewallRules: [UDP Query User{514DFB17-EFBE-4A42-8FD2-3E4D0FA5D371}C:\users\ryakei\pictures\among us\among.us.v2020.9.9s by getdroidtips\among.us.v2020.9.9s by getdroidtips\among.us.v2020.9.9s\among us.exe] => (Block) C:\users\ryakei\pictures\among us\among.us.v2020.9.9s by getdroidtips\among.us.v2020.9.9s by getdroidtips\among.us.v2020.9.9s\among us.exe => No File
FirewallRules: [TCP Query User{D81A068D-D1A9-43E9-A041-E2638188B5C4}C:\users\ryakei\pictures\among us\among.us.v2020.9.9s by getdroidtips\among.us.v2020.9.9s by getdroidtips\among.us.v2020.9.9s\among us.exe] => (Block) C:\users\ryakei\pictures\among us\among.us.v2020.9.9s by getdroidtips\among.us.v2020.9.9s by getdroidtips\among.us.v2020.9.9s\among us.exe => No File
FirewallRules: [UDP Query User{C068FDE7-2E1D-4E00-BEC9-E2206CE25605}C:\users\ryakei\downloads\among.us.v2020.9.9s by getdroidtips\among.us.v2020.9.9s by getdroidtips\among.us.v2020.9.9s\among us.exe] => (Block) C:\users\ryakei\downloads\among.us.v2020.9.9s by getdroidtips\among.us.v2020.9.9s by getdroidtips\among.us.v2020.9.9s\among us.exe => No File
FirewallRules: [TCP Query User{E446847F-601B-4408-B99A-9EE34052EFB5}C:\users\ryakei\downloads\among.us.v2020.9.9s by getdroidtips\among.us.v2020.9.9s by getdroidtips\among.us.v2020.9.9s\among us.exe] => (Block) C:\users\ryakei\downloads\among.us.v2020.9.9s by getdroidtips\among.us.v2020.9.9s by getdroidtips\among.us.v2020.9.9s\among us.exe => No File
FirewallRules: [UDP Query User{A424DA8C-EF15-43D9-9E04-26A5A5FE79C0}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [TCP Query User{DF80A08A-EF2E-4B2E-B8E2-EE053C31F39E}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [UDP Query User{B4701180-C082-464E-AB0D-2718A2E8E002}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [TCP Query User{74D5BFAE-4E83-44C5-8547-57A1C94A6A4F}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [{4E2D4583-5457-4C40-B7A7-12C5D72DB16C}] => (Allow) C:\Users\RyaKei\AppData\Local\Programs\Opera\70.0.3728.106\opera.exe => No File
FirewallRules: [{98F510F0-4A67-410C-BAB3-FC9822B329B7}] => (Allow) C:\Users\RyaKei\AppData\Local\Programs\Opera\67.0.3575.53\opera.exe => No File
FirewallRules: [{E16154AF-E443-4378-A134-0519A0B659E2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{468DD579-BFAA-4491-A0B6-A9DA858E1BA8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{7BED1716-BB27-4CE7-B3C2-3E230639D3E4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{A91C4F10-19D1-48CC-8BC2-132183FEB03F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [UDP Query User{4837338C-4B10-4AD9-A3C6-8CEA42E3C975}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [TCP Query User{8D72F78C-BB8A-4475-A6A7-5BA6453DAB17}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [UDP Query User{101E0983-AE6C-4BF7-8227-8FCF1D2C54A6}C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [TCP Query User{5E1802FB-F7E1-44ED-9B33-002EB4E033EA}C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [UDP Query User{C77FB624-4D47-413F-8C8C-C93258B47A0F}C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [TCP Query User{CEF313D3-A27F-419B-BFE4-C568B6DFF598}C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [{4900D3B9-09EB-4068-9D39-86B543880F08}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe => No File
FirewallRules: [{6250B186-D48F-4E96-8A96-F9C1A9CD7F6E}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe => No File
FirewallRules: [{9A791CFA-3D2B-4F95-B555-93AE06610E60}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe => No File
FirewallRules: [{D9D1AD5D-6087-47A0-88C2-D696C3C2569B}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe => No File
FirewallRules: [TCP Query User{10AC0792-655C-4653-83F9-E39BEDF7C2C7}C:\users\ryakei\pictures\among us\among.us.v2020.9.9s by getdroidtips\among.us.v2020.9.9s by getdroidtips\among.us.v2020.9.9s\among us.exe] => (Block) C:\users\ryakei\pictures\among us\among.us.v2020.9.9s by getdroidtips\among.us.v2020.9.9s by getdroidtips\among.us.v2020.9.9s\among us.exe => No File
FirewallRules: [UDP Query User{24134F9C-D082-4CE1-99C2-76DDAFB3DB95}C:\users\ryakei\pictures\among us\among.us.v2020.9.9s by getdroidtips\among.us.v2020.9.9s by getdroidtips\among.us.v2020.9.9s\among us.exe] => (Block) C:\users\ryakei\pictures\among us\among.us.v2020.9.9s by getdroidtips\among.us.v2020.9.9s by getdroidtips\among.us.v2020.9.9s\among us.exe => No File
FirewallRules: [{16C6E98F-2EBE-4CA8-AD66-367AD3F7F493}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{58E1509C-F52C-406D-B329-418503300DC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [TCP Query User{537B2F97-36E9-4019-AF0E-94F17EF64FF4}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [UDP Query User{08E92788-0895-4C1A-96B1-CB61B63159E0}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [TCP Query User{9E48F5D8-3A8E-4F8A-9D7E-77B26F69BC10}C:\users\ryakei\appdata\roaming\.tlauncher\jvms\jre1.8.0_51\bin\javaw.exe] => (Block) C:\users\ryakei\appdata\roaming\.tlauncher\jvms\jre1.8.0_51\bin\javaw.exe => No File
FirewallRules: [UDP Query User{45AF6CD9-1493-4337-B10A-DDCCECA61997}C:\users\ryakei\appdata\roaming\.tlauncher\jvms\jre1.8.0_51\bin\javaw.exe] => (Block) C:\users\ryakei\appdata\roaming\.tlauncher\jvms\jre1.8.0_51\bin\javaw.exe => No File
FirewallRules: [TCP Query User{569CD413-437D-4890-941F-17987A9E0856}C:\users\ryakei\appdata\roaming\.tlauncher\jvms\jre1.8.0_51\bin\javaw.exe] => (Block) C:\users\ryakei\appdata\roaming\.tlauncher\jvms\jre1.8.0_51\bin\javaw.exe => No File
FirewallRules: [UDP Query User{78C35D4E-6150-4486-84A1-3B51D91FFCFC}C:\users\ryakei\appdata\roaming\.tlauncher\jvms\jre1.8.0_51\bin\javaw.exe] => (Block) C:\users\ryakei\appdata\roaming\.tlauncher\jvms\jre1.8.0_51\bin\javaw.exe => No File
FirewallRules: [TCP Query User{7433A8E8-0DFF-468C-B19E-CDFAB17EA0E8}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [UDP Query User{EC882382-A52A-4ED1-A44F-54BF897C4248}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [TCP Query User{A183B095-EF52-4986-8DC2-4F3C86ED22AC}C:\users\ryakei\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Block) C:\users\ryakei\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [UDP Query User{73A1B1BD-48E8-4C80-9005-686F55EEF91D}C:\users\ryakei\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Block) C:\users\ryakei\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [{33B16176-EF63-4CB6-8420-41480D8BEADE}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe => No File
FirewallRules: [{7E24CC1E-E747-4026-84CA-F41875930E05}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe => No File
FirewallRules: [TCP Query User{9982068E-88EF-40AF-A91E-4BB4F79498B5}C:\users\ryakei\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe] => (Block) C:\users\ryakei\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe => No File
FirewallRules: [UDP Query User{A3695490-8892-4B8D-A6F7-B59CFA18C1CB}C:\users\ryakei\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe] => (Block) C:\users\ryakei\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe => No File
FirewallRules: [TCP Query User{6761C418-D08B-4A4E-9900-DF357DAF5DAD}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe => No File
FirewallRules: [UDP Query User{E8B861CB-D9AE-4AEB-A962-649174B5A70A}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe => No File
FirewallRules: [TCP Query User{5B6B0379-4C10-4B60-AB6D-3CCF4BE02ED8}C:\users\ryakei\appdata\roaming\.minecraft\runtime\java-runtime-alpha\windows\java-runtime-alpha\bin\javaw.exe] => (Block) C:\users\ryakei\appdata\roaming\.minecraft\runtime\java-runtime-alpha\windows\java-runtime-alpha\bin\javaw.exe => No File
FirewallRules: [UDP Query User{E22791B0-86C7-4F3C-A167-C4A374E9B8B9}C:\users\ryakei\appdata\roaming\.minecraft\runtime\java-runtime-alpha\windows\java-runtime-alpha\bin\javaw.exe] => (Block) C:\users\ryakei\appdata\roaming\.minecraft\runtime\java-runtime-alpha\windows\java-runtime-alpha\bin\javaw.exe => No File
FirewallRules: [TCP Query User{9487E580-65DD-469E-A97A-2FADA7A26D0E}C:\riot games\riot client\riotclientservices.exe] => (Block) C:\riot games\riot client\riotclientservices.exe => No File
FirewallRules: [UDP Query User{28A5F3AC-7E32-4DD5-BF3B-F7F8D0E8270D}C:\riot games\riot client\riotclientservices.exe] => (Block) C:\riot games\riot client\riotclientservices.exe => No File
FirewallRules: [TCP Query User{2A1A4F63-1E6D-47D0-B416-5C26423AF2BB}C:\users\ryakei\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\ryakei\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [UDP Query User{B13B6110-FC71-4EB1-A7DC-858A44C5EE1A}C:\users\ryakei\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\ryakei\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [TCP Query User{0411A443-1191-4E6D-AA28-577B138EE100}C:\users\ryakei\appdata\roaming\.minecraft\runtime\java-runtime-alpha\windows\java-runtime-alpha\bin\javaw.exe] => (Block) C:\users\ryakei\appdata\roaming\.minecraft\runtime\java-runtime-alpha\windows\java-runtime-alpha\bin\javaw.exe => No File
FirewallRules: [UDP Query User{3BA82CD1-F349-4AE3-8333-2B59E2E84494}C:\users\ryakei\appdata\roaming\.minecraft\runtime\java-runtime-alpha\windows\java-runtime-alpha\bin\javaw.exe] => (Block) C:\users\ryakei\appdata\roaming\.minecraft\runtime\java-runtime-alpha\windows\java-runtime-alpha\bin\javaw.exe => No File
FirewallRules: [TCP Query User{FAA18C2F-7A25-437F-8EAD-68C65D4D7485}C:\users\ryakei\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe] => (Block) C:\users\ryakei\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe => No File
FirewallRules: [UDP Query User{BD46D958-DD75-4D1F-B4DD-AC06D5843620}C:\users\ryakei\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe] => (Block) C:\users\ryakei\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe => No File
FirewallRules: [{5CFB3EFC-F505-4C53-A37A-29CFC583BD84}] => (Allow) C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe => No File
FirewallRules: [TCP Query User{57628EAD-571D-4838-AEC2-2141DA2C40E4}C:\users\ryakei\appdata\roaming\.minecraft\runtime\java-runtime-beta\windows\java-runtime-beta\bin\javaw.exe] => (Allow) C:\users\ryakei\appdata\roaming\.minecraft\runtime\java-runtime-beta\windows\java-runtime-beta\bin\javaw.exe => No File
FirewallRules: [UDP Query User{CDA2C9FC-818E-4682-8F2F-181BBCB6D216}C:\users\ryakei\appdata\roaming\.minecraft\runtime\java-runtime-beta\windows\java-runtime-beta\bin\javaw.exe] => (Allow) C:\users\ryakei\appdata\roaming\.minecraft\runtime\java-runtime-beta\windows\java-runtime-beta\bin\javaw.exe => No File
FirewallRules: [TCP Query User{DCE10EAE-5D03-4577-B961-CD52E95E85E2}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [UDP Query User{4D3C29AE-8A78-4CC4-AC86-B1060F4F40F9}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [TCP Query User{C2E8BAE3-BE82-4F0C-A1E3-64BC421C9283}C:\program files\epic games\fortnite\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files\epic games\fortnite\engine\binaries\win64\epicwebhelper.exe => No File
FirewallRules: [UDP Query User{86AFD6FA-6A9C-4E1C-ACC1-C0209129B4CA}C:\program files\epic games\fortnite\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files\epic games\fortnite\engine\binaries\win64\epicwebhelper.exe => No File
FirewallRules: [{2055A28E-689B-4623-A9B8-C0907029C913}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe => No File
FirewallRules: [{6E17F3CE-8D32-4871-BB42-7624B74A336E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe => No File
FirewallRules: [{0014225E-2983-4D08-B2DC-E63A8B7D2F73}] => (Allow) C:\Program Files\Epic Games\Warframe\Downloaded\Tools\Launcher.exe => No File
FirewallRules: [{68ABC851-2285-4C71-822B-105CE40B5AA9}] => (Allow) C:\Program Files\Epic Games\Warframe\Downloaded\Warframe.x64.exe => No File
FirewallRules: [{7A400D9C-1A80-494D-A5EA-8D59EC43F915}] => (Allow) C:\Program Files\Epic Games\Warframe\Downloaded\Warframe.x64.exe => No File
FirewallRules: [{8BC2DDDA-D5E6-48C1-83E7-284CD27AD2D4}] => (Allow) C:\Program Files\Epic Games\Warframe\Downloaded\Tools\RemoteCrashSender.exe => No File
FirewallRules: [{CDE12226-0218-47EC-B2A9-2E04D24B966E}] => (Allow) C:\Program Files\Epic Games\Warframe\Downloaded\Tools\Launcher.exe => No File
FirewallRules: [{518B332B-C31A-4811-87F9-BA5C2BB55447}] => (Allow) C:\Program Files\Epic Games\Warframe\Downloaded\Warframe.x64.exe => No File
FirewallRules: [{0A252DDA-2F4A-4192-AABB-21FE0B59E282}] => (Allow) C:\Program Files\Epic Games\Warframe\Downloaded\Warframe.x64.exe => No File
FirewallRules: [{27D95A84-8326-4CE1-8B92-8BE8C8C0F3F5}] => (Allow) C:\Program Files\Epic Games\Warframe\Downloaded\Tools\RemoteCrashSender.exe => No File
FirewallRules: [{375E2F98-EEA5-4B44-9996-F004D4F5B469}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe => No File
FirewallRules: [{AEC7380A-C21C-41E5-AD64-A6DBC540E6E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe => No File
FirewallRules: [{32CDECEB-6BC5-43FB-8604-9A63F377DFDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe => No File
FirewallRules: [{6B32B598-5F92-44A0-88D3-BBBB4765ACE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe => No File
FirewallRules: [{C753AC20-7E4A-47DC-9582-556D1771732E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe => No File
FirewallRules: [{708E6C76-CC79-4887-BD67-E487E197C53C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe => No File
FirewallRules: [{2854DE6C-E6A6-4FC2-BDEB-59B7C940EA5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe => No File
FirewallRules: [{C5EFF9EF-7ADD-44A6-B0B1-0AC3F0BA0A78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe => No File
FirewallRules: [TCP Query User{0BA72300-82E9-4DFE-B701-631103D86DC3}C:\users\ryakei\appdata\local\discord\app-1.0.9004\discord.exe] => (Block) C:\users\ryakei\appdata\local\discord\app-1.0.9004\discord.exe => No File
FirewallRules: [UDP Query User{F40598E5-C02B-4B2F-9AF0-2B18425CD4CB}C:\users\ryakei\appdata\local\discord\app-1.0.9004\discord.exe] => (Block) C:\users\ryakei\appdata\local\discord\app-1.0.9004\discord.exe => No File
FirewallRules: [{5E8D390A-512E-4B2A-A7DA-FD8FAE08D269}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RecRoom\Recroom_Release.exe => No File
FirewallRules: [{9550C1B6-30F6-40A1-838F-3427EC57E315}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RecRoom\Recroom_Release.exe => No File
FirewallRules: [TCP Query User{22F19F08-F351-4315-ADD0-1FACEFB5CDC3}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe => No File
FirewallRules: [UDP Query User{52F9F83B-7468-4803-88CE-E8330ED227F5}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe => No File
FirewallRules: [TCP Query User{575293F0-6461-45B9-B525-CB70957D1C16}C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe] => (Allow) C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe => No File
FirewallRules: [UDP Query User{36BCE2EB-02AA-4A43-8671-8658D10A7D82}C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe] => (Allow) C:\program files\epic games\rocketleague\binaries\win64\rocketleague.exe => No File
FirewallRules: [{23A5AEFA-2D80-4495-ABE9-53826A4A5C97}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe => No File
FirewallRules: [{E738ED69-F609-47B4-9692-0C0C6F814F6C}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe => No File
FirewallRules: [TCP Query User{9B94F5BD-48E3-4CFD-BD09-12A74B5182E1}C:\users\ryakei\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\ryakei\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe => No File
FirewallRules: [UDP Query User{C5904A66-C25F-49C5-9581-ADE5DCF3B2D1}C:\users\ryakei\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\ryakei\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe => No File
FirewallRules: [{D16D5F63-5014-4DAD-BDC2-D65E70B76CC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe => No File
FirewallRules: [{279740E1-DCE4-4811-BB0D-2FD3F82113C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe => No File
FirewallRules: [TCP Query User{89460B4A-148E-4C7B-B294-9038D4949D6E}C:\users\ryakei\downloads\project zomboid\project zomboid\jre64\bin\java.exe] => (Block) C:\users\ryakei\downloads\project zomboid\project zomboid\jre64\bin\java.exe => No File
FirewallRules: [UDP Query User{3FF509DF-B333-4868-908B-DAFAB57C7067}C:\users\ryakei\downloads\project zomboid\project zomboid\jre64\bin\java.exe] => (Block) C:\users\ryakei\downloads\project zomboid\project zomboid\jre64\bin\java.exe => No File
FirewallRules: [TCP Query User{655443CB-033F-4D33-8F58-1B32ABAB27A7}C:\users\ryakei\downloads\project zomboid\project zomboid\projectzomboid64.exe] => (Block) C:\users\ryakei\downloads\project zomboid\project zomboid\projectzomboid64.exe => No File
FirewallRules: [UDP Query User{B71C29E9-8932-406A-B670-3DD2C79DF273}C:\users\ryakei\downloads\project zomboid\project zomboid\projectzomboid64.exe] => (Block) C:\users\ryakei\downloads\project zomboid\project zomboid\projectzomboid64.exe => No File
FirewallRules: [{BBBC8EC9-7D86-44E6-8B91-16D727071B1F}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe => No File
FirewallRules: [{7ABCBB39-95D3-4F83-8D28-347BF472ECCA}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe => No File
FirewallRules: [{CC966CCD-7338-4D36-8359-CB9877E540EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe => No File
FirewallRules: [{02F167EE-12FE-4F33-AAE3-5167DDD4500B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe => No File
FirewallRules: [{CCD4E2D4-606D-4960-B7EC-74075CFE657B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ProSoccerOnline\ProSoccerOnline.exe => No File
FirewallRules: [{B836A8B2-F07F-4F86-B4A4-C349535D3872}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ProSoccerOnline\ProSoccerOnline.exe => No File
FirewallRules: [TCP Query User{F2AC2CDD-0C1A-48D0-AAC8-997B22879D9A}C:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe] => (Allow) C:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe => No File
FirewallRules: [UDP Query User{F5BBCA42-D194-4643-857E-56905F90976F}C:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe] => (Allow) C:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe => No File
FirewallRules: [TCP Query User{E955A8E6-7B79-456A-86AC-F22B4DB9FC6F}C:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe] => (Allow) C:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe => No File
FirewallRules: [UDP Query User{2D9B11A8-BDEC-439D-96D9-7F65F9B667DB}C:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe] => (Allow) C:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe => No File
FirewallRules: [TCP Query User{1794CCEC-A7BF-4B3D-BC36-421F354FAC22}C:\users\ryakei\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\ryakei\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe => No File
FirewallRules: [UDP Query User{CAFEAEF1-80F9-45FB-8FC8-B354C064ACAE}C:\users\ryakei\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\ryakei\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe => No File
FirewallRules: [TCP Query User{67EA2050-53EB-41B6-889D-4E4E483F4CCF}C:\users\ryakei\appdata\local\medal\app-4.2060.0\medal.exe] => (Allow) C:\users\ryakei\appdata\local\medal\app-4.2060.0\medal.exe => No File
FirewallRules: [UDP Query User{FD590DC0-C925-4CCC-A861-066BDE46E5DC}C:\users\ryakei\appdata\local\medal\app-4.2060.0\medal.exe] => (Allow) C:\users\ryakei\appdata\local\medal\app-4.2060.0\medal.exe => No File
FirewallRules: [{DDAFE3AF-F390-42DF-A4C6-F9A66C87FA38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe => No File
FirewallRules: [{094DBCE2-FE73-46DC-87FD-2CDA377CE328}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe => No File
FirewallRules: [TCP Query User{7333A6F4-982E-406A-9DEF-2262C738FBFE}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [UDP Query User{5F35FB81-2239-4A98-A527-A51F188F8402}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [TCP Query User{3B0826BA-CDCD-4E16-B9C8-9F71FCCE5A5F}C:\users\ryakei\downloads\sons of the forest\sonsoftheforest.exe] => (Block) C:\users\ryakei\downloads\sons of the forest\sonsoftheforest.exe => No File
FirewallRules: [UDP Query User{6B32003F-54DD-4D43-9886-993760D19310}C:\users\ryakei\downloads\sons of the forest\sonsoftheforest.exe] => (Block) C:\users\ryakei\downloads\sons of the forest\sonsoftheforest.exe => No File
FirewallRules: [{1C1EA9D1-9499-4BB3-A595-D8BEE455839D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe => No File
FirewallRules: [{BA0B038B-A0E4-44B2-8A19-2281CFD6BA77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe => No File
FirewallRules: [TCP Query User{0739C6F2-3E76-4A09-A95C-71ADBC30AA1D}D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [UDP Query User{9E59C187-E09E-4BEE-93EE-6F34974A8343}D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [TCP Query User{4591F44B-CE80-4351-A4A8-63FC1F04F693}C:\users\ryakei\appdata\local\discord\app-1.0.9016\discord.exe] => (Allow) C:\users\ryakei\appdata\local\discord\app-1.0.9016\discord.exe => No File
FirewallRules: [UDP Query User{004F2C5A-0C76-4B91-B3EA-581B1880971A}C:\users\ryakei\appdata\local\discord\app-1.0.9016\discord.exe] => (Allow) C:\users\ryakei\appdata\local\discord\app-1.0.9016\discord.exe => No File
FirewallRules: [TCP Query User{79C5DAF0-E405-4CB5-8C10-D67682C80EC9}D:\steamlibrary\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) D:\steamlibrary\steamapps\common\counter-strike global offensive\csgo.exe => No File
FirewallRules: [UDP Query User{985BC57C-9E68-4E4D-B573-B76B8365E573}D:\steamlibrary\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) D:\steamlibrary\steamapps\common\counter-strike global offensive\csgo.exe => No File
FirewallRules: [{0302403C-9241-4B2D-AC4D-EF6264083E8C}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => No File
FirewallRules: [{A47DFAD3-1944-4DDD-9BD8-FD3FCA7E6260}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => No File
FirewallRules: [TCP Query User{56D7BAF9-7339-4D63-8FD3-52EE0C67A495}C:\users\ryakei\appdata\local\medal\app-4.2203.0\medal.exe] => (Allow) C:\users\ryakei\appdata\local\medal\app-4.2203.0\medal.exe => No File
FirewallRules: [UDP Query User{DE89BE1E-D306-40AA-AF23-B74C78FE9632}C:\users\ryakei\appdata\local\medal\app-4.2203.0\medal.exe] => (Allow) C:\users\ryakei\appdata\local\medal\app-4.2203.0\medal.exe => No File
FirewallRules: [{D74B3EC3-622F-44C8-9B5F-71933C7D9A38}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe => No File
FirewallRules: [{2FE79671-6EAB-476F-9BA8-04F933434596}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe => No File
FirewallRules: [TCP Query User{1CAE7330-B96B-4B7A-91AA-7F0CDB500ED7}C:\riot games\riot client\riotclientelectron\riot client.exe] => (Block) C:\riot games\riot client\riotclientelectron\riot client.exe => No File
FirewallRules: [UDP Query User{27F1C5F6-3F8B-439F-A413-1F835F369ABC}C:\riot games\riot client\riotclientelectron\riot client.exe] => (Block) C:\riot games\riot client\riotclientelectron\riot client.exe => No File
FirewallRules: [TCP Query User{19F52421-8DF0-469F-B7DA-06EE9CA99902}C:\program files\tiktok live studio\0.57.0\tiktok live studio.exe] => (Allow) C:\program files\tiktok live studio\0.57.0\tiktok live studio.exe => No File
FirewallRules: [UDP Query User{FD044BDE-85F6-4C07-B27D-52036D54101E}C:\program files\tiktok live studio\0.57.0\tiktok live studio.exe] => (Allow) C:\program files\tiktok live studio\0.57.0\tiktok live studio.exe => No File
FirewallRules: [TCP Query User{8F1360AC-B346-469B-93ED-29DB247091E7}C:\program files\tiktok live studio\0.58.2\tiktok live studio.exe] => (Allow) C:\program files\tiktok live studio\0.58.2\tiktok live studio.exe => No File
FirewallRules: [UDP Query User{89A58BF8-65C7-4F2C-99BC-91E062E8D1CC}C:\program files\tiktok live studio\0.58.2\tiktok live studio.exe] => (Allow) C:\program files\tiktok live studio\0.58.2\tiktok live studio.exe => No File
FirewallRules: [TCP Query User{182797D0-5C50-41A1-BD3B-826E16617581}C:\program files\tiktok live studio\0.59.0\tiktok live studio.exe] => (Allow) C:\program files\tiktok live studio\0.59.0\tiktok live studio.exe => No File
FirewallRules: [UDP Query User{A5D8856C-1FB7-439C-AF37-E98809C2FBDD}C:\program files\tiktok live studio\0.59.0\tiktok live studio.exe] => (Allow) C:\program files\tiktok live studio\0.59.0\tiktok live studio.exe => No File
FirewallRules: [TCP Query User{EBFCC71A-C655-4632-A91B-88F8332B6C3A}D:\steamlibrary\steamapps\common\ea sports fc 24\fc24.exe] => (Allow) D:\steamlibrary\steamapps\common\ea sports fc 24\fc24.exe => No File
FirewallRules: [UDP Query User{3D265EA3-0FB2-4D60-82B9-0218E9238B29}D:\steamlibrary\steamapps\common\ea sports fc 24\fc24.exe] => (Allow) D:\steamlibrary\steamapps\common\ea sports fc 24\fc24.exe => No File
FirewallRules: [TCP Query User{F2509C5E-17B8-4935-BDFE-A38640DE628F}C:\users\ryakei\appdata\local\medal\app-4.2203.0\medal.exe] => (Allow) C:\users\ryakei\appdata\local\medal\app-4.2203.0\medal.exe => No File
FirewallRules: [UDP Query User{B40A80EF-3C10-4C57-8A5A-7C9A9A48E65B}C:\users\ryakei\appdata\local\medal\app-4.2203.0\medal.exe] => (Allow) C:\users\ryakei\appdata\local\medal\app-4.2203.0\medal.exe => No File
FirewallRules: [TCP Query User{4B1A44BB-9BFF-449C-A12A-938E987AA8A3}C:\program files\tiktok live studio\0.61.2\tiktok live studio.exe] => (Allow) C:\program files\tiktok live studio\0.61.2\tiktok live studio.exe => No File
FirewallRules: [UDP Query User{8AE06BA0-0727-444B-BC27-C32CA3E6665F}C:\program files\tiktok live studio\0.61.2\tiktok live studio.exe] => (Allow) C:\program files\tiktok live studio\0.61.2\tiktok live studio.exe => No File
FirewallRules: [TCP Query User{381F092E-13BF-49AE-B31B-DF713E59B53F}C:\users\ryakei\appdata\local\discord\app-1.0.9163\discord.exe] => (Allow) C:\users\ryakei\appdata\local\discord\app-1.0.9163\discord.exe => No File
FirewallRules: [UDP Query User{2C8D717F-DF1B-4BB2-8530-99409E7D0DF1}C:\users\ryakei\appdata\local\discord\app-1.0.9163\discord.exe] => (Allow) C:\users\ryakei\appdata\local\discord\app-1.0.9163\discord.exe => No File
FirewallRules: [TCP Query User{30EB4136-69B3-433B-BEBF-D2FA13CB6E72}C:\program files\tiktok live studio\0.63.0\tiktok live studio.exe] => (Allow) C:\program files\tiktok live studio\0.63.0\tiktok live studio.exe => No File
FirewallRules: [UDP Query User{72BAEB2E-43F3-4549-8CF8-2D8BE50DE4B5}C:\program files\tiktok live studio\0.63.0\tiktok live studio.exe] => (Allow) C:\program files\tiktok live studio\0.63.0\tiktok live studio.exe => No File
FirewallRules: [TCP Query User{790836F9-FB3E-4BAA-942C-2312D3D8153A}C:\program files\tiktok live studio\0.67.2\tiktok live studio.exe] => (Allow) C:\program files\tiktok live studio\0.67.2\tiktok live studio.exe => No File
FirewallRules: [UDP Query User{BA765326-7083-4669-A76C-6584C59B62A3}C:\program files\tiktok live studio\0.67.2\tiktok live studio.exe] => (Allow) C:\program files\tiktok live studio\0.67.2\tiktok live studio.exe => No File
FirewallRules: [TCP Query User{279A0383-EED8-414C-B177-DF95FBFF9ECE}C:\users\ryakei\appdata\local\discord\app-1.0.9167\discord.exe] => (Allow) C:\users\ryakei\appdata\local\discord\app-1.0.9167\discord.exe => No File
FirewallRules: [UDP Query User{12DA2704-CFBC-4DED-B61B-8FEEB36F3025}C:\users\ryakei\appdata\local\discord\app-1.0.9167\discord.exe] => (Allow) C:\users\ryakei\appdata\local\discord\app-1.0.9167\discord.exe => No File
FirewallRules: [TCP Query User{0A0DDBD1-47A1-4E02-8611-800ED4FD123B}C:\users\ryakei\appdata\local\discord\app-1.0.9169\discord.exe] => (Allow) C:\users\ryakei\appdata\local\discord\app-1.0.9169\discord.exe => No File
FirewallRules: [UDP Query User{A60B8D32-7AA0-477D-BA31-86C04A76B74D}C:\users\ryakei\appdata\local\discord\app-1.0.9169\discord.exe] => (Allow) C:\users\ryakei\appdata\local\discord\app-1.0.9169\discord.exe => No File
FirewallRules: [{E960994D-147A-41F2-A4F2-A47E934AF1CA}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe => No File
FirewallRules: [{D3889D26-61B1-4996-B322-7B3788512F7F}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe => No File
FirewallRules: [TCP Query User{5260CFB2-3352-47BE-A1B7-5509E4D8819F}D:\steamlibrary\steamapps\common\arma 3\arma3_x64.exe] => (Allow) D:\steamlibrary\steamapps\common\arma 3\arma3_x64.exe => No File
FirewallRules: [UDP Query User{2F53A262-62E9-4E8C-B15B-60C362DCD009}D:\steamlibrary\steamapps\common\arma 3\arma3_x64.exe] => (Allow) D:\steamlibrary\steamapps\common\arma 3\arma3_x64.exe => No File
FirewallRules: [TCP Query User{3281E60A-B9FF-49D5-A354-0DFE339B53E0}D:\steamlibrary\steamapps\common\stalcraft\bin_global\win64\java\bin\stalcraftw.exe] => (Allow) D:\steamlibrary\steamapps\common\stalcraft\bin_global\win64\java\bin\stalcraftw.exe => No File
FirewallRules: [UDP Query User{69A0DB94-B01D-41F9-8B74-E4DAE99C6615}D:\steamlibrary\steamapps\common\stalcraft\bin_global\win64\java\bin\stalcraftw.exe] => (Allow) D:\steamlibrary\steamapps\common\stalcraft\bin_global\win64\java\bin\stalcraftw.exe => No File
FirewallRules: [{F4DCE85F-0475-4405-A07F-1408EC99D2E4}] => (Block) D:\steamlibrary\steamapps\common\stalcraft\bin_global\win64\java\bin\stalcraftw.exe => No File
FirewallRules: [{9E72519F-51FC-44A8-926B-B45EB81F83ED}] => (Block) D:\steamlibrary\steamapps\common\stalcraft\bin_global\win64\java\bin\stalcraftw.exe => No File
FirewallRules: [TCP Query User{3505FEC5-6CDC-41FF-8E8A-5CF5F9158C80}C:\program files (x86)\steam\steamapps\common\ea sports fc 24\fc24.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\ea sports fc 24\fc24.exe => No File
FirewallRules: [UDP Query User{2903D3D7-2ED9-47F6-9DB3-5A6F64D8F336}C:\program files (x86)\steam\steamapps\common\ea sports fc 24\fc24.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\ea sports fc 24\fc24.exe => No File
FirewallRules: [{E85C835B-3FCF-4BF8-A93B-102FEC0778EB}] => (Block) C:\program files (x86)\steam\steamapps\common\ea sports fc 24\fc24.exe => No File
FirewallRules: [{EAC04E5F-51DE-4CF6-9B9F-7FF851C49F31}] => (Block) C:\program files (x86)\steam\steamapps\common\ea sports fc 24\fc24.exe => No File
FirewallRules: [TCP Query User{6EFD741C-B5F4-4A80-8F6E-992A9E800519}D:\worldwarz\en_us\client\bin\pc\wwzretailegs.exe] => (Allow) D:\worldwarz\en_us\client\bin\pc\wwzretailegs.exe => No File
FirewallRules: [UDP Query User{C22A9816-BDD4-45DB-8861-61D25B993AA8}D:\worldwarz\en_us\client\bin\pc\wwzretailegs.exe] => (Allow) D:\worldwarz\en_us\client\bin\pc\wwzretailegs.exe => No File
FirewallRules: [{6EEBA191-07D4-45B7-A5A3-981EBA977DB6}] => (Block) D:\worldwarz\en_us\client\bin\pc\wwzretailegs.exe => No File
FirewallRules: [{5C366F74-A124-457F-98AD-9FCCF19D0E7B}] => (Block) D:\worldwarz\en_us\client\bin\pc\wwzretailegs.exe => No File
FirewallRules: [TCP Query User{2ACDD589-4511-4110-9930-683E3E1F1117}C:\users\ryakei\appdata\local\medal\app-4.2699.0\medal.exe] => (Allow) C:\users\ryakei\appdata\local\medal\app-4.2699.0\medal.exe => No File
FirewallRules: [UDP Query User{A70400B4-AD73-4579-94EE-18A70DCE60AE}C:\users\ryakei\appdata\local\medal\app-4.2699.0\medal.exe] => (Allow) C:\users\ryakei\appdata\local\medal\app-4.2699.0\medal.exe => No File
FirewallRules: [{C883A87B-3B1D-4A5F-8CAF-FF0CE13C5771}] => (Block) C:\users\ryakei\appdata\local\medal\app-4.2699.0\medal.exe => No File
FirewallRules: [{5EF93ADE-0CD0-4445-A36B-367CB109D10D}] => (Block) C:\users\ryakei\appdata\local\medal\app-4.2699.0\medal.exe => No File
FirewallRules: [TCP Query User{271ADA82-7B57-4E96-810D-9906BDDDFE34}C:\users\ryakei\appdata\local\medal\app-4.2746.0\medal.exe] => (Allow) C:\users\ryakei\appdata\local\medal\app-4.2746.0\medal.exe => No File
FirewallRules: [UDP Query User{786F56BA-4AEA-4569-9D74-05A0A89E6435}C:\users\ryakei\appdata\local\medal\app-4.2746.0\medal.exe] => (Allow) C:\users\ryakei\appdata\local\medal\app-4.2746.0\medal.exe => No File
FirewallRules: [{A8572643-1267-46CF-9876-8B63AA3BA0A1}] => (Block) C:\users\ryakei\appdata\local\medal\app-4.2746.0\medal.exe => No File
FirewallRules: [{55C3C7AF-A1EC-467F-A18A-776CF8E234BC}] => (Block) C:\users\ryakei\appdata\local\medal\app-4.2746.0\medal.exe => No File
FirewallRules: [{4803BE68-BC97-4D03-BDC6-51B197DAA63C}] => (Allow) C:\Users\RyaKei\AppData\Roaming\uTorrent Web\utweb.exe => No File
FirewallRules: [{33AF97B7-0641-45C0-B456-29F594F2C5B2}] => (Allow) C:\Users\RyaKei\AppData\Roaming\uTorrent Web\utweb.exe => No File
FirewallRules: [{17DB389D-3B58-4136-8FDE-DDDB4513C4DD}] => (Allow) D:\SteamLibrary\steamapps\common\The Outlast Trials\TOTClient.exe => No File
FirewallRules: [{B7761C7D-3215-4435-A530-3AAD5C8519A5}] => (Allow) D:\SteamLibrary\steamapps\common\The Outlast Trials\TOTClient.exe => No File
FirewallRules: [TCP Query User{D007F89C-A56C-48A7-8EE3-5E61041A7B0F}C:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) C:\riot games\riot client\riotclientelectron\riot client.exe => No File
FirewallRules: [UDP Query User{5C240B57-960F-4FAA-94A1-613834F98973}C:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) C:\riot games\riot client\riotclientelectron\riot client.exe => No File
FirewallRules: [{E2ACAEBD-92ED-47C9-AA75-6D6451339498}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
FirewallRules: [{4BA5B45D-7AF9-42D2-87CC-9219644501BE}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [TCP Query User{13D4C4A6-EBAA-4082-A0A2-659C45574943}C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.328.0_x64__2p2nqsd0c76g0\app\chatgpt.exe] => (Allow) C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.328.0_x64__2p2nqsd0c76g0\app\chatgpt.exe => No File
FirewallRules: [UDP Query User{AE4E3DD2-A3B6-4125-AB61-EDB8B638E53F}C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.328.0_x64__2p2nqsd0c76g0\app\chatgpt.exe] => (Allow) C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.328.0_x64__2p2nqsd0c76g0\app\chatgpt.exe => No File
FirewallRules: [{10229E2D-BE66-4E94-8655-B51044DFF2FA}] => (Allow) C:\Program Files (x86)\Overwolf\0.296.3.3\OverwolfBrowser.exe => No File
FirewallRules: [{5D4AD9DB-1872-4106-8E42-B62F816AA894}] => (Allow) C:\Program Files (x86)\Overwolf\0.296.3.3\OverwolfBrowser.exe => No File
FirewallRules: [{8D3E4617-D064-40A8-9403-80F84D245292}] => (Block) C:\Program Files (x86)\Overwolf\0.296.3.3\OverwolfBrowser.exe => No File
FirewallRules: [{77F90495-E6EC-4B4C-8DFC-4F52D53D8774}] => (Block) C:\Program Files (x86)\Overwolf\0.296.3.3\OverwolfBrowser.exe => No File
HKU\S-1-5-21-1965057442-2014340265-585418409-1001\...\Run: [ProductAuthenticationService] => "C:\Users\RyaKei\AppData\Roaming\ProductAuthenticationService\pas.exe" /nogui (No File) <==== ATTENTION
HKU\S-1-5-21-1965057442-2014340265-585418409-1001\...\Run: [Discord] => "C:\Users\RyaKei\AppData\Local\Discord\Update.exe" --processStart Discord.exe (No File)
HKU\S-1-5-21-1965057442-2014340265-585418409-1001\...\Run: [RobloxPlayerBeta] => "C:\Users\RyaKei\AppData\Local\Roblox\Versions\version-689e359b09ad43b0\RobloxPlayerBeta.exe" --launch-to-tray (No File)
HKU\S-1-5-21-1965057442-2014340265-585418409-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\RyaKei\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
Task: {DF0AAFFA-0276-41D4-AE93-7997C22ED31F} - System32\Tasks\Opera scheduled Autoupdate 1598337469 => C:\Users\RyaKei\AppData\Local\Programs\Opera\launcher.exe  --scheduledautoupdate $(Arg0) (No File)
S3 rsDwf; \SystemRoot\system32\DRIVERS\rsDwf.sys (No File)
2025-04-10 03:31 - 2025-04-10 03:31 - 000000048 ____R () C:\Users\RyaKei\AppData\Local\AFBA4C68DC963CADCA3B764F322A45B5
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {3728629D-289C-4121-A1EF-F48DD0FCE2D2} - System32\Tasks\Harbor John Chile 83139-409-1001 => C:\Users\RyaKei\AppData\Roaming\XuanZhi9\android_bug\59365f2da6e7ab0b788ce020133b3846\pythonw.exe [104280 2026-05-13] (Python Software Foundation -> Python Software Foundation) -> "C:\Users\RyaKei\AppData\Roaming\XuanZhi9\android_bug\59365f2da6e7ab0b788ce020133b3846\gamelan.py" <==== ATTENTION

C:\Users\RyaKei\AppData\Roaming\XuanZhi9\android_bug\59365f2da6e7ab0b788ce020133b3846
2026-04-29 23:30 - 2026-02-19 14:22 - 000000032 _____ C:\ProgramData\autobk.inc

2025-10-09 22:37 - 2025-10-09 22:37 - 084564824 _____ (now.gg, Inc.) C:\ProgramData\BlueStacksServicesSetup.exe


StartPowerShell:
# This snippet downloads Emsisoft Emergency Kit (EEK) from the Emsisoft's official site, updates it, scans with it.
# Do note that the executable is 300MB and may take some time to download.
# ---
# This will scan for malware and PUP's in 1) system memory 2) important folders as documentation says
# It will scan in compressed archives, in mail archives, in NTFS alternate data streams and use cloud requests
# ---
# You can use argument "/delete" to delete found objects including references but this is permanent and irreversible.
# You can remove the "/quick" argument to do a full scan but that may take longer than what FRST can handle.
# You can use argument "/quarantine="[folder]"" to put found malware into quarantine, but I personally prefer first verifying the detections.
$downloadUrl = "https://dl.emsisoft.com/EmsisoftEmergencyKit.exe"
$systemDrive = $env:SystemDrive
$frstPath = "$systemDrive\FRST"
$savePath = "$frstPath\EEK.exe"
$extractPath = "$frstPath\EEK"
if (-not (Test-Path $frstPath)) {
    New-Item -Path $frstPath -ItemType Directory -Force | Out-Null
}
if (-not (Test-Path $extractPath)) {
    New-Item -Path $extractPath -ItemType Directory -Force | Out-Null
}
Invoke-WebRequest -Uri $downloadUrl -OutFile $savePath -UseBasicParsing
$proc = Start-Process -FilePath $savePath -ArgumentList "-s -d`"$extractPath`"" -PassThru
while (-not (Test-Path "$extractPath\bin64\a2cmd.exe")) { Start-Sleep -Milliseconds 1000 }
Stop-Process -Id $proc.Id -Force -ErrorAction SilentlyContinue
if ([Environment]::Is64BitOperatingSystem) {
    $a2cmdPath = Join-Path $extractPath "bin64\a2cmd.exe"
} else {
    $a2cmdPath = Join-Path $extractPath "bin32\a2cmd.exe"
}
Start-Process -FilePath $a2cmdPath -ArgumentList "/update" -Wait -NoNewWindow
Start-Process -FilePath $a2cmdPath -ArgumentList "/malware /quick /m /t /pup /a /am /cloud=1 /la=`"$frstPath\EEK_scan.log`"" -Wait -NoNewWindow
Get-Content "$frstPath\EEK_scan.log"
exit
EndPowerShell:

StartPowerShell:
# Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console
# Does not clean preinstalled objects, only PUP/Adware
# If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument
# If you would like to only scan with it, change the argument from /clean to /scan

New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null
Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden
$logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile
Get-Content $logFile -Encoding Unicode
Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue
EndPowerShell:

CMD: reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t REG_SZ /d "Warn" /f
CMD: reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d 1 /f
CMD: netsh int ip reset
CMD: netsh int ipv6 reset
CMD: ipconfig /flushDNS
CMD: netsh winsock reset catalog
C:\Users\CurrentUserName\AppData\Local\Temp\*
C:\Windows\Temp\*
C:\Windows\SystemTemp\*

EmptyTemp:
End::
Malware Log Analysis

content
