Malware Log Analysis

shared / KaydaTheDerg
Login
content copied

content

Start:: SystemRestore: On CreateRestorePoint: CloseProcesses: 2026-06-11 23:05 - 2026-06-13 06:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\InteractiveServices CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] 2026-06-11 22:48 - 2026-06-11 22:48 - 000000000 ____D C:\Users\GGPC\AppData\Roaming\RenPy CustomCLSID: HKU\S-1-5-21-3047939736-3148505240-1737133512-1001_Classes\CLSID\{89b2b650-c4dd-d68b-46e7-3176f1973c8b}\localserver32 -> "C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe" -ToastActivated => No File CustomCLSID: HKU\S-1-5-21-3047939736-3148505240-1737133512-1001_Classes\CLSID\{DE762367-85F7-4825-B53E-589B9C1109F3}\localserver32 -> "c:\program files\musehub\current\musehub.exe" ----AppNotificationActivated: => No File AlternateDataStreams: C:\Users\GGPC\Desktop\CreamInstaller 4.10.2.exe:MBAM.Zone.Identifier [233] AlternateDataStreams: C:\Users\GGPC\Desktop\CreamInstaller 4.10.2.exe:mshield [281] AlternateDataStreams: C:\Users\GGPC\Desktop\geek.exe:MBAM.Zone.Identifier [139] AlternateDataStreams: C:\Users\GGPC\Downloads\1.3-1021-1-3-1655706785.zip:shield [215] AlternateDataStreams: C:\Users\GGPC\Downloads\100 percent save-85-1-1708425963.zip:shield [235] AlternateDataStreams: C:\Users\GGPC\Downloads\1645168265239359490.mp4:shield [276] AlternateDataStreams: C:\Users\GGPC\Downloads\596.36-desktop-win10-win11-64bit-international-dch-whql.exe:MBAM.Zone.Identifier [178] AlternateDataStreams: C:\Users\GGPC\Downloads\596.36-desktop-win10-win11-64bit-international-dch-whql.exe:mshield [223] AlternateDataStreams: C:\Users\GGPC\Downloads\album_2024-08-23_20-15-02.gif:shield [112] AlternateDataStreams: C:\Users\GGPC\Downloads\C6993303A2FB33ABAC284BC9F0F861042E93BA65.torrent:shield [186] AlternateDataStreams: C:\Users\GGPC\Downloads\CoC2_Chrestine_0 (1).coc2:shield [107] AlternateDataStreams: C:\Users\GGPC\Downloads\CoC2_Chrestine_0.coc2:shield [103] AlternateDataStreams: C:\Users\GGPC\Downloads\CoC2_Kai_11.coc2:shield [98] AlternateDataStreams: C:\Users\GGPC\Downloads\data__.tsv:shield [88] AlternateDataStreams: C:\Users\GGPC\Downloads\Escape from Tarkov (Stable) [BSG-Rip] by Ksenia.torrent:shield [165] AlternateDataStreams: C:\Users\GGPC\Downloads\Extended Weapon Customization-277-2-01-1719583610.zip:shield [270] AlternateDataStreams: C:\Users\GGPC\Downloads\Giorma's Realistic Reshade 1.0-3-1-0-1725620687.zip:shield [276] AlternateDataStreams: C:\Users\GGPC\Downloads\half-life-2-death-sound.mp3:shield [153] AlternateDataStreams: C:\Users\GGPC\Downloads\half-life-crowbar.mp3:shield [141] AlternateDataStreams: C:\Users\GGPC\Downloads\half-life-donuts.mp3:shield [139] AlternateDataStreams: C:\Users\GGPC\Downloads\half-life-scientist-scream05.mp3:shield [163] AlternateDataStreams: C:\Users\GGPC\Downloads\IM BAACCCKKKKK.mp4:mshield [52] AlternateDataStreams: C:\Users\GGPC\Downloads\i_like_food_20240804_2_new.mp4:shield [290] AlternateDataStreams: C:\Users\GGPC\Downloads\Pack File Manager 4.1.2.zip:shield [197] AlternateDataStreams: C:\Users\GGPC\Downloads\ReDress-104-0-6-2-1729385540.zip:shield [224] AlternateDataStreams: C:\Users\GGPC\Downloads\RPReplay_Final1720981533.mov:shield [286] AlternateDataStreams: C:\Users\GGPC\Downloads\The best Save-4661-1-0-1723391652.rar:shield [249] AlternateDataStreams: C:\Users\GGPC\Downloads\Voice.ai-Downloader.exe:shield [154] AlternateDataStreams: C:\Users\GGPC\Downloads\Warhammer 40000 - Rogue Trader [FitGirl Repack].torrent:shield [149] AlternateDataStreams: C:\Users\GGPC\Downloads\Warhammer 40000 Rogue Trader (2023).torrent:shield [153] AlternateDataStreams: C:\Users\GGPC\Downloads\WeMod-Setup.exe:shield [111] AlternateDataStreams: C:\Users\GGPC\Downloads\Y2Mate.is_-_tau_vs_imperium_memefunny-evnXJTQkWFE-720p-1659546668591.mp4:shield [375] AlternateDataStreams: C:\Users\GGPC\Documents\eldenring_all-in-one_Hexinton-v4.04_ce7.5.CT:shield [318] FirewallRules: [{250CFBDA-AD1B-4F77-9831-A4ED3EAD4CC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe => No File FirewallRules: [{25D7D032-1EAA-4736-9FCC-F334B05B3D7F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe => No File FirewallRules: [UDP Query User{3ED911D2-8ED3-4ED3-8C30-7EDFE866A8A1}C:\program files (x86)\steam\steamapps\common\medieval dynasty\medieval_dynasty\binaries\win64\medieval_dynasty-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\medieval dynasty\medieval_dynasty\binaries\win64\medieval_dynasty-win64-shipping.exe => No File FirewallRules: [TCP Query User{9E3D05DC-2635-475F-AE80-2B856997C9AE}C:\program files (x86)\steam\steamapps\common\medieval dynasty\medieval_dynasty\binaries\win64\medieval_dynasty-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\medieval dynasty\medieval_dynasty\binaries\win64\medieval_dynasty-win64-shipping.exe => No File FirewallRules: [UDP Query User{939CC2D6-D917-4671-B3FC-4F899EF1B462}C:\users\ggpc\appdata\local\wemod\app-9.21.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-9.21.0\wemod.exe => No File FirewallRules: [TCP Query User{C32FB66E-8EF0-4D77-AC20-282DD5A610F8}C:\users\ggpc\appdata\local\wemod\app-9.21.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-9.21.0\wemod.exe => No File FirewallRules: [UDP Query User{5AF0DA41-A30C-46DA-9446-E9E00FB4848E}C:\program files (x86)\steam\steamapps\common\titanfall2\titanfall2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\titanfall2\titanfall2.exe => No File FirewallRules: [TCP Query User{86ADA208-EB7A-4286-A7B7-5D8AFEFB9549}C:\program files (x86)\steam\steamapps\common\titanfall2\titanfall2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\titanfall2\titanfall2.exe => No File FirewallRules: [UDP Query User{EBEB5762-4588-46C6-A75D-69363ADB82FB}C:\users\ggpc\appdata\local\medal\app-4.2602.0\medal.exe] => (Allow) C:\users\ggpc\appdata\local\medal\app-4.2602.0\medal.exe => No File FirewallRules: [TCP Query User{D4B017AC-7195-4FAB-92B7-6B8DE849F37F}C:\users\ggpc\appdata\local\medal\app-4.2602.0\medal.exe] => (Allow) C:\users\ggpc\appdata\local\medal\app-4.2602.0\medal.exe => No File FirewallRules: [UDP Query User{30FFBC69-5FA2-4732-8D90-B137B0F33457}C:\users\ggpc\appdata\local\wemod\app-9.19.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-9.19.0\wemod.exe => No File FirewallRules: [TCP Query User{5AC0EE14-F0D5-47A5-9C90-3AABA50B5356}C:\users\ggpc\appdata\local\wemod\app-9.19.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-9.19.0\wemod.exe => No File FirewallRules: [UDP Query User{14171D36-5F46-496F-92C7-52DACE5F8C60}C:\users\ggpc\appdata\local\wemod\app-9.17.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-9.17.0\wemod.exe => No File FirewallRules: [TCP Query User{CFCD2A06-CB90-412E-BAED-1AC5B0BD7D95}C:\users\ggpc\appdata\local\wemod\app-9.17.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-9.17.0\wemod.exe => No File FirewallRules: [UDP Query User{4ABA9B0F-F556-4B27-9E6F-52D28F3D1100}C:\users\ggpc\appdata\local\wemod\app-9.16.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-9.16.0\wemod.exe => No File FirewallRules: [TCP Query User{0056F985-C414-4AB4-89A8-6E72CB4AF464}C:\users\ggpc\appdata\local\wemod\app-9.16.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-9.16.0\wemod.exe => No File FirewallRules: [UDP Query User{82C96351-E821-4857-AC13-D3EB3CB9B9E0}C:\users\ggpc\appdata\local\wemod\app-9.15.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-9.15.0\wemod.exe => No File FirewallRules: [TCP Query User{2A181A2A-F9AE-4B6D-8290-0853F6C25EC7}C:\users\ggpc\appdata\local\wemod\app-9.15.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-9.15.0\wemod.exe => No File FirewallRules: [UDP Query User{9A7BEAE9-5F32-411E-B7C7-A0D7A04DB09A}F:\steamlibrary\steamapps\common\star wars battlefront ii\starwarsbattlefrontii.exe] => (Allow) F:\steamlibrary\steamapps\common\star wars battlefront ii\starwarsbattlefrontii.exe => No File FirewallRules: [TCP Query User{DC6F3D68-D6D0-41EF-85A9-CDF3178D45FF}F:\steamlibrary\steamapps\common\star wars battlefront ii\starwarsbattlefrontii.exe] => (Allow) F:\steamlibrary\steamapps\common\star wars battlefront ii\starwarsbattlefrontii.exe => No File FirewallRules: [UDP Query User{7734F133-143D-458C-A966-F8A6C49FC879}F:\steamlibrary\steamapps\common\foxhole\war\binaries\win64\war-win64-shipping.exe] => (Allow) F:\steamlibrary\steamapps\common\foxhole\war\binaries\win64\war-win64-shipping.exe => No File FirewallRules: [TCP Query User{D3663745-01E9-4870-8AC8-CD15899170D4}F:\steamlibrary\steamapps\common\foxhole\war\binaries\win64\war-win64-shipping.exe] => (Allow) F:\steamlibrary\steamapps\common\foxhole\war\binaries\win64\war-win64-shipping.exe => No File FirewallRules: [UDP Query User{C9F5FA0B-0789-4B29-BABA-B54DF54F8015}C:\users\ggpc\appdata\local\wemod\app-9.14.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-9.14.0\wemod.exe => No File FirewallRules: [TCP Query User{494EFC3D-B6C3-40D4-A99C-BEA4724F66AF}C:\users\ggpc\appdata\local\wemod\app-9.14.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-9.14.0\wemod.exe => No File FirewallRules: [UDP Query User{C1EDA6C8-832E-4117-B2CE-B3A7333EC8C5}C:\users\ggpc\appdata\local\wemod\app-9.12.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-9.12.0\wemod.exe => No File FirewallRules: [TCP Query User{26E7AFAB-C9A0-4DF0-ADBC-77552F140269}C:\users\ggpc\appdata\local\wemod\app-9.12.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-9.12.0\wemod.exe => No File FirewallRules: [UDP Query User{C02E233F-7FF5-4186-94AA-13A1EF8E79DD}F:\steamlibrary\steamapps\common\battlefield 1\bf1.exe] => (Allow) F:\steamlibrary\steamapps\common\battlefield 1\bf1.exe => No File FirewallRules: [TCP Query User{762F1920-2B7A-4D43-8F85-2B5F4CEA03C0}F:\steamlibrary\steamapps\common\battlefield 1\bf1.exe] => (Allow) F:\steamlibrary\steamapps\common\battlefield 1\bf1.exe => No File FirewallRules: [UDP Query User{88348A34-FE6E-4702-9C70-A937864C8E0A}C:\users\ggpc\appdata\local\wemod\app-9.10.7\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-9.10.7\wemod.exe => No File FirewallRules: [TCP Query User{4D8C93A2-0FA0-43E8-BFFD-044B3E1B7DD1}C:\users\ggpc\appdata\local\wemod\app-9.10.7\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-9.10.7\wemod.exe => No File FirewallRules: [UDP Query User{22C630AE-AF78-4572-B272-C095E6C265C8}F:\legally aqcuired demos\company of heroes 3\reliccoh3.exe] => (Block) F:\legally aqcuired demos\company of heroes 3\reliccoh3.exe => No File FirewallRules: [TCP Query User{32C9433E-B111-46E2-BA74-C51B541DD4D3}F:\legally aqcuired demos\company of heroes 3\reliccoh3.exe] => (Block) F:\legally aqcuired demos\company of heroes 3\reliccoh3.exe => No File FirewallRules: [UDP Query User{AC41EDCA-D924-472C-9E20-97FA1CCBCF4D}F:\steamlibrary\steamapps\common\voidtrain\voidtrain\binaries\win64\voidtrain-win64-shipping.exe] => (Allow) F:\steamlibrary\steamapps\common\voidtrain\voidtrain\binaries\win64\voidtrain-win64-shipping.exe => No File FirewallRules: [TCP Query User{8379F9B0-71E3-4027-B070-B162B645D947}F:\steamlibrary\steamapps\common\voidtrain\voidtrain\binaries\win64\voidtrain-win64-shipping.exe] => (Allow) F:\steamlibrary\steamapps\common\voidtrain\voidtrain\binaries\win64\voidtrain-win64-shipping.exe => No File FirewallRules: [UDP Query User{9C2BA6AC-0D4E-4AD6-BCD3-9C3FD277E2BF}F:\steamlibrary\steamapps\common\battlefleet gothic armada ii\battlefleetgothic2\binaries\win64\battlefleetgothic2-win64-shipping.exe] => (Allow) F:\steamlibrary\steamapps\common\battlefleet gothic armada ii\battlefleetgothic2\binaries\win64\battlefleetgothic2-win64-shipping.exe => No File FirewallRules: [TCP Query User{6986FA22-3C6F-4E28-A438-22B72579E2E2}F:\steamlibrary\steamapps\common\battlefleet gothic armada ii\battlefleetgothic2\binaries\win64\battlefleetgothic2-win64-shipping.exe] => (Allow) F:\steamlibrary\steamapps\common\battlefleet gothic armada ii\battlefleetgothic2\binaries\win64\battlefleetgothic2-win64-shipping.exe => No File FirewallRules: [UDP Query User{B392088D-ABF4-4EF6-BAE1-20DF32CF29BB}C:\users\ggpc\appdata\local\wemod\app-9.10.6\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-9.10.6\wemod.exe => No File FirewallRules: [TCP Query User{1D6E665A-28FD-4018-9258-458949FA135F}C:\users\ggpc\appdata\local\wemod\app-9.10.6\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-9.10.6\wemod.exe => No File FirewallRules: [UDP Query User{0E4C0598-1688-40E1-B933-C1BBC884D8A0}C:\users\ggpc\appdata\local\wemod\app-9.10.5\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-9.10.5\wemod.exe => No File FirewallRules: [TCP Query User{8A37A63D-FFF6-4D64-ACF4-F061698BB2CA}C:\users\ggpc\appdata\local\wemod\app-9.10.5\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-9.10.5\wemod.exe => No File FirewallRules: [{8492CBCE-0242-446E-9424-9829B614C398}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlateUp\PlateUp\PlateUp.exe => No File FirewallRules: [{A9DDDEEE-5440-4313-B0BA-0DB7377FE846}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlateUp\PlateUp\PlateUp.exe => No File FirewallRules: [UDP Query User{980303E1-84A6-4D01-B8FC-2EE554E47934}C:\users\ggpc\appdata\local\discord\app-1.0.9164\discord.exe] => (Allow) C:\users\ggpc\appdata\local\discord\app-1.0.9164\discord.exe => No File FirewallRules: [TCP Query User{A1203A38-646D-43FA-B4D9-86931C654D16}C:\users\ggpc\appdata\local\discord\app-1.0.9164\discord.exe] => (Allow) C:\users\ggpc\appdata\local\discord\app-1.0.9164\discord.exe => No File FirewallRules: [{D9CDFF7A-A81D-43E6-AB26-D5393D390D00}] => (Allow) F:\SteamLibrary\steamapps\common\Ready Or Not\Engine\Binaries\Win64\CrashReporter.exe => No File FirewallRules: [{FF680496-49FB-4DB1-8D5D-BBEEA3F984F6}] => (Allow) F:\SteamLibrary\steamapps\common\Ready Or Not\Engine\Binaries\Win64\CrashReporter.exe => No File FirewallRules: [{95D9A5FC-8EE5-4793-A314-6D22060CAFC9}] => (Allow) C:\Program Files\Streaming Assistant\driver\bin\win64\pico_et_ft_bt_bridge.exe => No File FirewallRules: [{FF5EFD29-67A3-4450-822B-5C554D5F1C5C}] => (Allow) C:\Program Files\Streaming Assistant\Streaming Assistant.exe => No File FirewallRules: [UDP Query User{05660B9B-0C5C-4586-912F-0D01381B21E7}C:\program files (x86)\steam\steamapps\common\the forever winter\windows\foreverwinter\binaries\win64\foreverwinter-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the forever winter\windows\foreverwinter\binaries\win64\foreverwinter-win64-shipping.exe => No File FirewallRules: [TCP Query User{6AE64B6C-759B-4BCE-AEFF-6FD2D66C12E3}C:\program files (x86)\steam\steamapps\common\the forever winter\windows\foreverwinter\binaries\win64\foreverwinter-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the forever winter\windows\foreverwinter\binaries\win64\foreverwinter-win64-shipping.exe => No File FirewallRules: [UDP Query User{0AEF20C8-FAB8-48CE-9568-1CA20C4DA2E1}C:\users\ggpc\appdata\local\wemod\app-9.10.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-9.10.0\wemod.exe => No File FirewallRules: [TCP Query User{D5CF34A4-DEAF-4F3F-9C79-F5A4D8AF01FF}C:\users\ggpc\appdata\local\wemod\app-9.10.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-9.10.0\wemod.exe => No File FirewallRules: [{F79DA510-075A-49C6-8C62-7458D3E8D3F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Marine 2\Warhammer 40000 Space Marine 2.exe => No File FirewallRules: [{5ABDCF49-5366-4BEF-94D7-7F65E4B20660}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Marine 2\Warhammer 40000 Space Marine 2.exe => No File FirewallRules: [UDP Query User{17C3F8F8-3F22-49CD-A09F-8128D3143745}F:\legally aqcuired demos\warhammer 40,000 - rogue trader\wh40krt.exe] => (Block) F:\legally aqcuired demos\warhammer 40,000 - rogue trader\wh40krt.exe => No File FirewallRules: [TCP Query User{D0C4C510-4902-44B1-908B-046AE947D40C}F:\legally aqcuired demos\warhammer 40,000 - rogue trader\wh40krt.exe] => (Block) F:\legally aqcuired demos\warhammer 40,000 - rogue trader\wh40krt.exe => No File FirewallRules: [UDP Query User{143E0059-9EFB-496A-922D-712F46A01FA3}C:\users\ggpc\appdata\local\wemod\app-9.9.2\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-9.9.2\wemod.exe => No File FirewallRules: [TCP Query User{BE45E8AE-1015-4641-B5F8-9C081ABEFA8B}C:\users\ggpc\appdata\local\wemod\app-9.9.2\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-9.9.2\wemod.exe => No File FirewallRules: [UDP Query User{0FBE3809-4A0D-47C4-BE25-10D54C67B192}F:\legally aqcuired demos\warhammer 40,000 - space marine\spacemarine.exe] => (Block) F:\legally aqcuired demos\warhammer 40,000 - space marine\spacemarine.exe => No File FirewallRules: [TCP Query User{7357EF4A-E2E2-4DD3-B830-609AA13C8E7F}F:\legally aqcuired demos\warhammer 40,000 - space marine\spacemarine.exe] => (Block) F:\legally aqcuired demos\warhammer 40,000 - space marine\spacemarine.exe => No File FirewallRules: [UDP Query User{477E8DD2-06E8-424E-9353-A543ABE2D3C6}C:\users\ggpc\appdata\local\wemod\app-9.9.1\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-9.9.1\wemod.exe => No File FirewallRules: [TCP Query User{BD405267-BF35-4929-BBC2-68A6CDE6C2E4}C:\users\ggpc\appdata\local\wemod\app-9.9.1\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-9.9.1\wemod.exe => No File FirewallRules: [UDP Query User{7A453121-A50A-4AA1-AB82-58A5688B112C}C:\users\ggpc\desktop\no286\nuclear option\nuclearoption.exe] => (Allow) C:\users\ggpc\desktop\no286\nuclear option\nuclearoption.exe => No File FirewallRules: [TCP Query User{D83A7E36-C7DC-4254-A588-C59D1E4D0A1A}C:\users\ggpc\desktop\no286\nuclear option\nuclearoption.exe] => (Allow) C:\users\ggpc\desktop\no286\nuclear option\nuclearoption.exe => No File FirewallRules: [UDP Query User{A9488DD2-1561-4DCF-85E6-1BB20997A544}F:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) F:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe => No File FirewallRules: [TCP Query User{BD761503-1ABF-431F-B5AF-89A46B45BABF}F:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) F:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe => No File FirewallRules: [UDP Query User{282C554D-7410-44AB-B42F-EC99B05DCF4F}C:\users\ggpc\desktop\some files\my summer car (wintechx release)\mysummercar.exe] => (Block) C:\users\ggpc\desktop\some files\my summer car (wintechx release)\mysummercar.exe => No File FirewallRules: [TCP Query User{2A664C6D-6D7C-4972-8DA4-C0B5757AFBE2}C:\users\ggpc\desktop\some files\my summer car (wintechx release)\mysummercar.exe] => (Block) C:\users\ggpc\desktop\some files\my summer car (wintechx release)\mysummercar.exe => No File FirewallRules: [UDP Query User{1CC2C151-9C19-43A6-B937-87A450A0492D}C:\users\ggpc\appdata\local\wemod\app-9.8.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-9.8.0\wemod.exe => No File FirewallRules: [TCP Query User{1386FD3A-7027-4294-B959-BE0099B6321E}C:\users\ggpc\appdata\local\wemod\app-9.8.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-9.8.0\wemod.exe => No File FirewallRules: [UDP Query User{27944C44-02A7-49F9-9F11-75F76AAD9992}C:\program files (x86)\steam\steamapps\common\hell let loose\hll\binaries\win64\hll-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\hell let loose\hll\binaries\win64\hll-win64-shipping.exe => No File FirewallRules: [TCP Query User{49CEDDCD-71E9-4369-81D1-268C81B39C62}C:\program files (x86)\steam\steamapps\common\hell let loose\hll\binaries\win64\hll-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\hell let loose\hll\binaries\win64\hll-win64-shipping.exe => No File FirewallRules: [{00CB163A-245E-4FCC-82DE-8574384534B4}] => (Allow) F:\SteamLibrary\steamapps\common\Enlisted\bpreport.exe => No File FirewallRules: [{02780E93-848F-4668-B9B7-6F020D54624B}] => (Allow) F:\SteamLibrary\steamapps\common\Enlisted\bpreport.exe => No File FirewallRules: [{6D55ACDE-F959-4207-963C-7240924CB091}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AoT2\Launcher.exe => No File FirewallRules: [{4ECE7430-B759-4FB3-8786-70068B7CA3E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AoT2\Launcher.exe => No File FirewallRules: [{33E180A0-361A-48C4-B7B6-6089310ED0AF}] => (Allow) F:\SteamLibrary\steamapps\common\Caliber\Caliber.exe => No File FirewallRules: [{DECC7533-A58A-48CA-A5C7-007971020EF2}] => (Allow) F:\SteamLibrary\steamapps\common\Caliber\Caliber.exe => No File FirewallRules: [UDP Query User{C6F47DB9-4E34-43B4-95AC-61A883CE24A2}F:\legally aqcuired demos\bellwright\bellwright\binaries\win64\bellwrightgame-win64-shipping.exe] => (Block) F:\legally aqcuired demos\bellwright\bellwright\binaries\win64\bellwrightgame-win64-shipping.exe => No File FirewallRules: [TCP Query User{64115BBD-A2DE-4045-8F12-6B46ECBDF389}F:\legally aqcuired demos\bellwright\bellwright\binaries\win64\bellwrightgame-win64-shipping.exe] => (Block) F:\legally aqcuired demos\bellwright\bellwright\binaries\win64\bellwrightgame-win64-shipping.exe => No File FirewallRules: [UDP Query User{8A529EAA-60AF-4B44-AB46-14353A46E9E1}F:\steamlibrary\steamapps\common\war thunder\win64\aces.exe] => (Allow) F:\steamlibrary\steamapps\common\war thunder\win64\aces.exe => No File FirewallRules: [TCP Query User{1D192CF6-42DC-4721-800D-9D99B1F61BD3}F:\steamlibrary\steamapps\common\war thunder\win64\aces.exe] => (Allow) F:\steamlibrary\steamapps\common\war thunder\win64\aces.exe => No File FirewallRules: [UDP Query User{8F14CF0E-98A7-4362-B0C3-37DB4D4FDCB6}F:\steamlibrary\steamapps\common\star wars squadrons\starwarssquadrons.exe] => (Allow) F:\steamlibrary\steamapps\common\star wars squadrons\starwarssquadrons.exe => No File FirewallRules: [TCP Query User{A5ED39C1-D234-401E-8DF9-7E223A4E1616}F:\steamlibrary\steamapps\common\star wars squadrons\starwarssquadrons.exe] => (Allow) F:\steamlibrary\steamapps\common\star wars squadrons\starwarssquadrons.exe => No File FirewallRules: [{45A626A8-4D72-44D6-A6D3-829104746AA3}] => (Allow) F:\SteamLibrary\steamapps\common\RimWorld\RimWorldWin64.exe => No File FirewallRules: [{FB92F200-6C29-4E9F-92E4-3DA477764A42}] => (Allow) F:\SteamLibrary\steamapps\common\RimWorld\RimWorldWin64.exe => No File FirewallRules: [{F438BE34-C92A-44D5-B67C-E5602E739CA2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Manor Lords\ManorLords.exe => No File FirewallRules: [{2315B4AA-DDBF-43FA-8D80-D427457CFEB7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Manor Lords\ManorLords.exe => No File FirewallRules: [UDP Query User{55D16BB7-485E-4597-B067-5F1BF9BB9A66}F:\steamlibrary\steamapps\common\bellwright\bellwright\binaries\win64\bellwrightgame-win64-shipping.exe] => (Allow) F:\steamlibrary\steamapps\common\bellwright\bellwright\binaries\win64\bellwrightgame-win64-shipping.exe => No File FirewallRules: [TCP Query User{8BBDB186-8FAB-404E-827D-9DC1BED2BB1F}F:\steamlibrary\steamapps\common\bellwright\bellwright\binaries\win64\bellwrightgame-win64-shipping.exe] => (Allow) F:\steamlibrary\steamapps\common\bellwright\bellwright\binaries\win64\bellwrightgame-win64-shipping.exe => No File FirewallRules: [{AF1F5AAE-1786-44B5-A2FA-C3676CC16F3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Isle\TheIsle.exe => No File FirewallRules: [{A6540525-A6B4-4AE5-8CA7-DAFA8E3B2CD8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Isle\TheIsle.exe => No File FirewallRules: [{D46F187A-268B-43EB-BCD1-7801294062CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Infection Free Zone\Infection Free Zone.exe => No File FirewallRules: [{59897DC2-1D40-4E96-BF0B-4917D897C79B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Infection Free Zone\Infection Free Zone.exe => No File FirewallRules: [{5E40FFB4-640F-40DB-9F3F-A81A0AF3DC86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kenshi\forgotten construction set.exe => No File FirewallRules: [{464B6BE5-9A3C-4920-8E7E-129E3A862EEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kenshi\forgotten construction set.exe => No File FirewallRules: [{68E7D2E5-E96B-4EA4-ACBB-661DDCEF9669}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kenshi\kenshi_x64.exe => No File FirewallRules: [{EA1E46BD-86F1-486A-B1A6-C620D1535343}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kenshi\kenshi_x64.exe => No File FirewallRules: [UDP Query User{CD730D1F-FF75-4835-AFBD-6EAB6D9BBB22}D:\pirated games\quasimorph.v0.6\quasimorph.v0.6\quasimorph.exe] => (Block) D:\pirated games\quasimorph.v0.6\quasimorph.v0.6\quasimorph.exe => No File FirewallRules: [TCP Query User{3D155A0F-9F90-4A1B-A114-A90BCEAA52EC}D:\pirated games\quasimorph.v0.6\quasimorph.v0.6\quasimorph.exe] => (Block) D:\pirated games\quasimorph.v0.6\quasimorph.v0.6\quasimorph.exe => No File FirewallRules: [{C39D3080-6F26-41C0-979C-985A93629988}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe => No File FirewallRules: [{EA59DD87-C348-40C5-80C3-DCC42015FF60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe => No File FirewallRules: [UDP Query User{F9826326-ACC1-4C7F-8D99-30DA83BC5BE5}F:\steamlibrary\steamapps\common\avorion\bin\avorionserver.exe] => (Allow) F:\steamlibrary\steamapps\common\avorion\bin\avorionserver.exe => No File FirewallRules: [TCP Query User{E99D9868-BCD6-46A7-9DC8-BE8098F1BE34}F:\steamlibrary\steamapps\common\avorion\bin\avorionserver.exe] => (Allow) F:\steamlibrary\steamapps\common\avorion\bin\avorionserver.exe => No File FirewallRules: [{7648FCF5-5E0C-4F22-BDFF-78C71E3BAC5A}] => (Allow) D:\SteamLibrary\steamapps\common\Avorion\bin\Avorion.exe => No File FirewallRules: [{8A081DA7-299D-4FFE-B919-F353BB2FA97C}] => (Allow) D:\SteamLibrary\steamapps\common\Avorion\bin\Avorion.exe => No File FirewallRules: [{AB0D1A66-62F0-447F-9B09-ED9F7379EB71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sons Of The Forest\SonsOfTheForest.exe => No File FirewallRules: [{E75578A4-D528-48F9-ADBF-EE94D5AAB91F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sons Of The Forest\SonsOfTheForest.exe => No File FirewallRules: [UDP Query User{DE47EE1A-3A20-4070-BE52-6D31F04757A7}F:\steamlibrary\steamapps\common\arma 3\arma3_x64.exe] => (Allow) F:\steamlibrary\steamapps\common\arma 3\arma3_x64.exe => No File FirewallRules: [TCP Query User{3F9590E9-6F59-4131-9F1E-F4C799B64C4B}F:\steamlibrary\steamapps\common\arma 3\arma3_x64.exe] => (Allow) F:\steamlibrary\steamapps\common\arma 3\arma3_x64.exe => No File FirewallRules: [{76E82707-4864-4E41-8935-581C9316A22B}] => (Allow) F:\SteamLibrary\steamapps\common\ELDEN RING\Game\start_protected_game.exe => No File FirewallRules: [{DFB944DA-3334-4623-B963-F49BE7996B08}] => (Allow) F:\SteamLibrary\steamapps\common\ELDEN RING\Game\start_protected_game.exe => No File FirewallRules: [{74276856-D220-4CD3-A9BC-704F98AC13F0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File FirewallRules: [{63060A72-55A5-43C1-9D50-FB2F0F79031E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File FirewallRules: [{19785E98-F5D6-4699-B536-7A58335DF7F8}] => (Allow) C:\Program Files\GIGABYTE\Control Center\GCC.exe => No File FirewallRules: [{755F5C7B-D3EE-4533-99AF-0E93EC7EA067}] => (Allow) C:\Program Files\GIGABYTE\Control Center\GCC.exe => No File FirewallRules: [TCP Query User{330C8D4B-F3BC-4574-B253-D6C86586C5DB}C:\users\ggpc\appdata\local\wemod\app-9.22.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-9.22.0\wemod.exe => No File FirewallRules: [UDP Query User{CD358721-3422-44C0-A4DA-D7E8A5ABA718}C:\users\ggpc\appdata\local\wemod\app-9.22.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-9.22.0\wemod.exe => No File FirewallRules: [TCP Query User{F7473A13-85F3-428D-A992-1A310CEDE005}C:\program files (x86)\steam\steamapps\common\mordhau dedicated server\mordhau\binaries\win64\mordhauserver-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\mordhau dedicated server\mordhau\binaries\win64\mordhauserver-win64-shipping.exe => No File FirewallRules: [UDP Query User{ED937521-B697-4376-9C9E-302C6B1FB05B}C:\program files (x86)\steam\steamapps\common\mordhau dedicated server\mordhau\binaries\win64\mordhauserver-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\mordhau dedicated server\mordhau\binaries\win64\mordhauserver-win64-shipping.exe => No File FirewallRules: [TCP Query User{E4E5FD57-A912-4730-BA9C-F3786725931B}F:\steamlibrary\steamapps\common\a game about digging a hole\digginggame\binaries\win64\digginggame.exe] => (Allow) F:\steamlibrary\steamapps\common\a game about digging a hole\digginggame\binaries\win64\digginggame.exe => No File FirewallRules: [UDP Query User{2F4A280A-4499-4482-B014-1B975181755D}F:\steamlibrary\steamapps\common\a game about digging a hole\digginggame\binaries\win64\digginggame.exe] => (Allow) F:\steamlibrary\steamapps\common\a game about digging a hole\digginggame\binaries\win64\digginggame.exe => No File FirewallRules: [TCP Query User{A75C6D50-EEFD-43AA-9400-B1EEE390B1DF}F:\legally aqcuired demos\kdc2\bin\win64mastermastersteampgo\kingdomcome.exe] => (Block) F:\legally aqcuired demos\kdc2\bin\win64mastermastersteampgo\kingdomcome.exe => No File FirewallRules: [UDP Query User{BB76F924-198F-4B5E-8FFE-059D990D8153}F:\legally aqcuired demos\kdc2\bin\win64mastermastersteampgo\kingdomcome.exe] => (Block) F:\legally aqcuired demos\kdc2\bin\win64mastermastersteampgo\kingdomcome.exe => No File FirewallRules: [{32326AEC-FFE8-428D-BC43-7B02E3E4D99A}] => (Allow) F:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe => No File FirewallRules: [{C745B6E1-4DBC-4913-A118-F442339D5AD6}] => (Allow) F:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe => No File FirewallRules: [{186E7883-660F-41DA-BB84-62F4FAF427E2}] => (Allow) F:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe => No File FirewallRules: [{6705FAB9-FDCE-42B6-931A-15F271000BC4}] => (Allow) F:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe => No File FirewallRules: [TCP Query User{B666CF74-5C58-46AF-B88A-F0DAD4782BBB}C:\users\ggpc\appdata\local\wemod\app-10.2.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-10.2.0\wemod.exe => No File FirewallRules: [UDP Query User{2FB931A7-3A6C-48E2-B887-2CCDD3AA3C0F}C:\users\ggpc\appdata\local\wemod\app-10.2.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-10.2.0\wemod.exe => No File FirewallRules: [TCP Query User{52482DCC-21E4-4A65-ADB6-D58B29FC49E3}C:\users\ggpc\appdata\local\wemod\app-10.3.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-10.3.0\wemod.exe => No File FirewallRules: [UDP Query User{6C95BEB0-32C9-4C9B-9ECF-B42921393865}C:\users\ggpc\appdata\local\wemod\app-10.3.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-10.3.0\wemod.exe => No File FirewallRules: [TCP Query User{21792500-B081-4560-ADE4-79812A583B2E}C:\users\ggpc\downloads\motor.town.behind.the.wheel.build.17136841\motor.town.behind.the.wheel.build.17136841\motortown\binaries\win64\motortown-win64-shipping.exe] => (Allow) C:\users\ggpc\downloads\motor.town.behind.the.wheel.build.17136841\motor.town.behind.the.wheel.build.17136841\motortown\binaries\win64\motortown-win64-shipping.exe => No File FirewallRules: [UDP Query User{46298755-E0D4-4677-B841-1DA7E340B3FC}C:\users\ggpc\downloads\motor.town.behind.the.wheel.build.17136841\motor.town.behind.the.wheel.build.17136841\motortown\binaries\win64\motortown-win64-shipping.exe] => (Allow) C:\users\ggpc\downloads\motor.town.behind.the.wheel.build.17136841\motor.town.behind.the.wheel.build.17136841\motortown\binaries\win64\motortown-win64-shipping.exe => No File FirewallRules: [{A90EE1B5-6CED-4801-B6A2-B69A7BF3ACD3}] => (Allow) F:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe => No File FirewallRules: [{F579A700-DE7F-4D8F-A634-03B993FE0F47}] => (Allow) F:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe => No File FirewallRules: [{1BD6B47C-33DC-44C3-A721-14D857B5AC17}] => (Allow) F:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe => No File FirewallRules: [{2EDCA804-468E-433A-88E0-A5A4C3BB7272}] => (Allow) F:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe => No File FirewallRules: [{D2516738-D9AC-4FAB-BD55-4CC9778A4282}] => (Allow) F:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe => No File FirewallRules: [{60A30B17-D642-47D2-B77B-860116B4F5DD}] => (Allow) F:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe => No File FirewallRules: [{26D541F4-967E-47C1-9AAE-FE96CA40A9AD}] => (Allow) F:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe => No File FirewallRules: [{647FD6A4-3865-423D-AEAE-478EE380D3EC}] => (Allow) F:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe => No File FirewallRules: [TCP Query User{E6D2FE44-3AE5-496D-A957-48E51E799CE1}C:\users\ggpc\appdata\local\wemod\app-10.4.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-10.4.0\wemod.exe => No File FirewallRules: [UDP Query User{8618127A-ED1B-499D-BA60-435AD9F84848}C:\users\ggpc\appdata\local\wemod\app-10.4.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-10.4.0\wemod.exe => No File FirewallRules: [{97937CD9-88A7-48C6-9806-91F0BA071712}] => (Allow) F:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe => No File FirewallRules: [{7E5CC954-2A18-45B4-B1A2-FDCC53581B6B}] => (Allow) F:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe => No File FirewallRules: [TCP Query User{2080E220-CDEA-45B3-904B-D428C4FDC6F7}F:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe] => (Allow) F:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe => No File FirewallRules: [UDP Query User{25A467A5-2B20-4CC5-9766-353BE877E494}F:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe] => (Allow) F:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe => No File FirewallRules: [TCP Query User{E0C65BC5-3EB2-4DA4-B332-1D82E1B8670E}F:\legally aqcuired demos\wilding\tom clancy's ghost recon. wildlands\grw.exe] => (Block) F:\legally aqcuired demos\wilding\tom clancy's ghost recon. wildlands\grw.exe => No File FirewallRules: [UDP Query User{73815C0E-B7F5-4DE8-8C89-9F22A5908D49}F:\legally aqcuired demos\wilding\tom clancy's ghost recon. wildlands\grw.exe] => (Block) F:\legally aqcuired demos\wilding\tom clancy's ghost recon. wildlands\grw.exe => No File FirewallRules: [TCP Query User{AB26CFF3-073A-4D04-875F-598E7B348610}F:\legally aqcuired demos\sons of val\sov.exe] => (Block) F:\legally aqcuired demos\sons of val\sov.exe => No File FirewallRules: [UDP Query User{C9FD4727-A89F-498C-B509-D684758882CE}F:\legally aqcuired demos\sons of val\sov.exe] => (Block) F:\legally aqcuired demos\sons of val\sov.exe => No File FirewallRules: [TCP Query User{8BDE3138-5173-465B-A5E5-8194BD8FAC91}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe => No File FirewallRules: [UDP Query User{BD3764EF-C2E2-422D-BFC3-A164063092AB}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe => No File FirewallRules: [TCP Query User{61368114-76B9-425A-B3AE-500A370C9810}C:\users\ggpc\appdata\local\wemod\app-10.12.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-10.12.0\wemod.exe => No File FirewallRules: [UDP Query User{FA3762DD-62AE-4570-A92C-7CDF626AF7F3}C:\users\ggpc\appdata\local\wemod\app-10.12.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-10.12.0\wemod.exe => No File FirewallRules: [TCP Query User{F8912BE2-A0A9-4F6D-BFBC-734DD08F3416}C:\users\ggpc\appdata\local\wemod\app-10.14.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-10.14.0\wemod.exe => No File FirewallRules: [UDP Query User{740E4957-E922-43D3-8798-12448E02E84E}C:\users\ggpc\appdata\local\wemod\app-10.14.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-10.14.0\wemod.exe => No File FirewallRules: [TCP Query User{79516AB1-DD57-4D7D-A548-6ADC1205CE49}C:\users\ggpc\appdata\local\wemod\app-10.15.0\wemod.exe] => (Allow) C:\users\ggpc\appdata\local\wemod\app-10.15.0\wemod.exe => No File FirewallRules: [UDP Query User{53E851F4-6E7A-403E-84D4-4B4917B08736}C:\users\ggpc\appdata\local\wemod\app-10.15.0\wemod.exe] => (Allow) C:\users\ggpc\appdata\local\wemod\app-10.15.0\wemod.exe => No File FirewallRules: [TCP Query User{62EF9303-BE95-4E0A-87A0-6B44FE71CB32}C:\users\ggpc\appdata\local\wemod\app-10.16.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-10.16.0\wemod.exe => No File FirewallRules: [UDP Query User{77631245-EA50-4647-A295-4CD36BDED039}C:\users\ggpc\appdata\local\wemod\app-10.16.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-10.16.0\wemod.exe => No File FirewallRules: [TCP Query User{410F9775-9275-400C-99E4-15CEAAD052B6}C:\users\ggpc\appdata\local\wemod\app-10.17.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-10.17.0\wemod.exe => No File FirewallRules: [UDP Query User{F5406573-96E8-446D-8E52-4A49B4B5A04F}C:\users\ggpc\appdata\local\wemod\app-10.17.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-10.17.0\wemod.exe => No File FirewallRules: [TCP Query User{3C017928-4C4D-41A1-89C9-B5BD5D27E4E7}C:\users\ggpc\appdata\local\wemod\app-10.18.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-10.18.0\wemod.exe => No File FirewallRules: [UDP Query User{A48F7C01-A7AC-4E6C-8746-4035C50A49C4}C:\users\ggpc\appdata\local\wemod\app-10.18.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-10.18.0\wemod.exe => No File FirewallRules: [TCP Query User{E10D5BAB-6FA0-4A51-AA15-FE69FF625CBC}C:\users\ggpc\appdata\local\wemod\app-11.0.2\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-11.0.2\wemod.exe => No File FirewallRules: [UDP Query User{6A287182-BA5E-4FF2-B3BB-898629580175}C:\users\ggpc\appdata\local\wemod\app-11.0.2\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-11.0.2\wemod.exe => No File FirewallRules: [TCP Query User{8D7B5D1B-D27A-4F04-8251-CD155FD6E180}C:\program files (x86)\steam\steamapps\common\glacier events\bf6event.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\glacier events\bf6event.exe => No File FirewallRules: [UDP Query User{D4319499-8874-4159-9FD6-99471323F544}C:\program files (x86)\steam\steamapps\common\glacier events\bf6event.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\glacier events\bf6event.exe => No File FirewallRules: [TCP Query User{212F5D32-A5B1-48FF-84F3-D55B7C58026F}C:\users\ggpc\appdata\local\wemod\app-11.4.2\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-11.4.2\wemod.exe => No File FirewallRules: [UDP Query User{8066CF55-6936-422D-92F6-0E1135039536}C:\users\ggpc\appdata\local\wemod\app-11.4.2\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-11.4.2\wemod.exe => No File FirewallRules: [TCP Query User{C01C9A7C-91C0-428E-9683-2C784B417ADF}C:\users\ggpc\appdata\local\wemod\app-11.5.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-11.5.0\wemod.exe => No File FirewallRules: [UDP Query User{CA45EB48-E5D7-46FF-BCAE-596A45C15F32}C:\users\ggpc\appdata\local\wemod\app-11.5.0\wemod.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-11.5.0\wemod.exe => No File FirewallRules: [{6E39C847-243F-4A39-93FB-145998E14E9F}] => (Allow) F:\SteamLibrary\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe => No File FirewallRules: [{20D15351-F6F6-47CA-A491-B3E630AF0CA1}] => (Allow) F:\SteamLibrary\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe => No File FirewallRules: [{A1F36A98-B746-42BC-B835-8DA0723338AB}] => (Allow) F:\SteamLibrary\steamapps\common\Viscera\Binaries\UDKLift.exe => No File FirewallRules: [{5C3CB5EC-681F-457A-AF6A-E8F4BE2A0840}] => (Allow) F:\SteamLibrary\steamapps\common\Viscera\Binaries\UDKLift.exe => No File FirewallRules: [{62870133-E859-4E71-95DE-60CED85A0BB4}] => (Allow) F:\SteamLibrary\steamapps\common\5K\WindowsNoEditor\Pandemic.exe => No File FirewallRules: [{0A3237AA-468D-45C6-B452-38F85CF61FAF}] => (Allow) F:\SteamLibrary\steamapps\common\5K\WindowsNoEditor\Pandemic.exe => No File FirewallRules: [TCP Query User{13308797-3FEB-48CE-9399-4BEA827A2334}F:\steamlibrary\steamapps\common\5k\windowsnoeditor\pandemic\binaries\win64\pandemic.exe] => (Allow) F:\steamlibrary\steamapps\common\5k\windowsnoeditor\pandemic\binaries\win64\pandemic.exe => No File FirewallRules: [UDP Query User{0E93564E-4496-48E0-9F9E-461324029CC4}F:\steamlibrary\steamapps\common\5k\windowsnoeditor\pandemic\binaries\win64\pandemic.exe] => (Allow) F:\steamlibrary\steamapps\common\5k\windowsnoeditor\pandemic\binaries\win64\pandemic.exe => No File FirewallRules: [TCP Query User{7448331C-3F44-4C25-B7D9-9872A19DDBD6}C:\users\ggpc\appdata\local\wemod\app-12.3.0\wand.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-12.3.0\wand.exe => No File FirewallRules: [UDP Query User{38591724-E6EE-4B68-ACB3-6C4C8DA67B84}C:\users\ggpc\appdata\local\wemod\app-12.3.0\wand.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-12.3.0\wand.exe => No File FirewallRules: [TCP Query User{5C6B8094-43C2-4C45-8B66-F4CC1526A5AC}C:\program files (x86)\steam\steamapps\common\arc raiders\pioneergame\binaries\win64\pioneergame.exe] => (Block) C:\program files (x86)\steam\steamapps\common\arc raiders\pioneergame\binaries\win64\pioneergame.exe => No File FirewallRules: [UDP Query User{DB81152E-920A-4F86-A84E-58D6CE06410A}C:\program files (x86)\steam\steamapps\common\arc raiders\pioneergame\binaries\win64\pioneergame.exe] => (Block) C:\program files (x86)\steam\steamapps\common\arc raiders\pioneergame\binaries\win64\pioneergame.exe => No File FirewallRules: [TCP Query User{333AA919-F0C4-4986-ACBB-EFD99A0D4B31}C:\users\ggpc\desktop\gooner game\anthroheat.exe] => (Block) C:\users\ggpc\desktop\gooner game\anthroheat.exe => No File FirewallRules: [UDP Query User{EC3185CD-AB42-45C7-8B38-8C59E0C64492}C:\users\ggpc\desktop\gooner game\anthroheat.exe] => (Block) C:\users\ggpc\desktop\gooner game\anthroheat.exe => No File FirewallRules: [TCP Query User{1343A784-648F-422F-97D8-903017932AD7}C:\users\ggpc\appdata\local\wemod\app-12.6.0\wand.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-12.6.0\wand.exe => No File FirewallRules: [UDP Query User{7CD433AE-17A4-4987-8179-F398E7F911CB}C:\users\ggpc\appdata\local\wemod\app-12.6.0\wand.exe] => (Block) C:\users\ggpc\appdata\local\wemod\app-12.6.0\wand.exe => No File FirewallRules: [TCP Query User{920818D9-7263-4DB9-9C82-3F54D00D143C}F:\legally aqcuired demos\climbing\cairn.exe] => (Block) F:\legally aqcuired demos\climbing\cairn.exe => No File FirewallRules: [UDP Query User{B8E06D63-65B0-4A83-9BFE-7C68F07D88DD}F:\legally aqcuired demos\climbing\cairn.exe] => (Block) F:\legally aqcuired demos\climbing\cairn.exe => No File FirewallRules: [{DCB5E8BD-C539-4036-AEF2-E2B03AA4432D}] => (Allow) D:\SteamLibrary\steamapps\common\Train Goes Right Demo\TrainGoesRight.exe => No File FirewallRules: [{7247E9DE-896D-4288-B9F4-DF0829A14D31}] => (Allow) D:\SteamLibrary\steamapps\common\Train Goes Right Demo\TrainGoesRight.exe => No File FirewallRules: [{43EED9A1-1F9D-4429-8BC2-82875FB3F077}] => (Allow) F:\SteamLibrary\steamapps\common\They Killed Your Cat\They Killed Your Cat\They Killed Your Cat.exe => No File FirewallRules: [{B95A786D-CD3D-4E4E-BC46-3C71125DE5E3}] => (Allow) F:\SteamLibrary\steamapps\common\They Killed Your Cat\They Killed Your Cat\They Killed Your Cat.exe => No File FirewallRules: [{F3B82C3B-F84D-4091-9299-962EBD0D4E08}] => (Allow) F:\SteamLibrary\steamapps\common\ThereAreNoOrcsDemo\ThereAreNoOrcsDemo\There are no Orcs.exe => No File FirewallRules: [{DDCF7044-612F-45D0-9FCF-2A16AAA50186}] => (Allow) F:\SteamLibrary\steamapps\common\ThereAreNoOrcsDemo\ThereAreNoOrcsDemo\There are no Orcs.exe => No File Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File) Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File) U2 DriverUpdSvc.exe; no ImagePath U2 TuneupSvc.exe; no ImagePath 2026-06-18 17:42 - 2025-06-30 18:39 - 000000130 _____ C:\Users\GGPC\AppData\LocalLow\308fd1f7acc018ce199c1284859b82c6857bc2f321f233d0686d253502588fb8 HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION GroupPolicy-Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKU\S-1-5-21-3047939736-3148505240-1737133512-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION C:\Users\GGPC\Downloads\X4_dlc.7z_Archive_latest_4178 File: C:\Users\GGPC\Downloads\setup.py File: C:\Users\GGPC\Downloads\Setup.exe Folder: C:\Users\GGPC\AppData\Local\NomNom StartPowershell: # Replace /scanonly with /clean if you also want to delete items -- however, this will activate a trial license on the system, I do not recommend it $hmpExe = "$env:TEMP\HitmanPro_x64.exe" $logFile = "$env:TEMP\HitmanPro_ScanLog.txt" Invoke-WebRequest -Uri "https://dl.surfright.nl/HitmanPro_x64.exe" -OutFile $hmpExe -UseBasicParsing $proc = Start-Process $hmpExe -ArgumentList "/ews","/scanonly","/noinstall","/log=`"$logFile`"","/logtype=txt" -Wait -PassThru if (!(Test-Path $logFile)) { Write-Host "Scan failed (exit $($proc.ExitCode))"; exit 1 } Get-Content $logFile -Encoding Unicode EndPowershell: StartPowerShell: # Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console # Does not clean preinstalled objects, only PUP/Adware # If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument # If you would like to only scan with it, change the argument from /clean to /scan # NOTE: For the sake of users from Asia (primarily China), do not use the clean option. It will very likely remove a lot of their important software. New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden $logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt" Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile Get-Content $logFile -Encoding Unicode Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue EndPowerShell: Comment: Verify that Discord does not have any injected code to intercept personal data. If anything is prompted here, it needs to be checked that it isn't malicious code. Powershell: @("$env:APPDATA","$env:LOCALAPPDATA") | ForEach-Object { Get-ChildItem $_ -Recurse -Filter "index.js" -ErrorAction SilentlyContinue } | Where-Object { $_.FullName -match "discord_desktop_core" } | ForEach-Object { Write-Host "--- $($_.FullName) ---"; (Get-Content $_.FullName -Raw).Substring(0,[Math]::Min(2000,(Get-Content $_.FullName -Raw).Length)) } Comment: Remove unwanted files from common folders using native removal power of Farbar to include remove on reboot if needed. Please double check the user does not have any applications incorrectly installed in the directories listed below. C:\ProgramData\*.a3x C:\ProgramData\*.ahk C:\ProgramData\*.au3 C:\ProgramData\*.bat C:\ProgramData\*.cab C:\ProgramData\*.cmd C:\ProgramData\*.com C:\ProgramData\*.dll C:\ProgramData\*.exe C:\ProgramData\*.hta C:\ProgramData\*.jar C:\ProgramData\*.js C:\ProgramData\*.jse C:\ProgramData\*.lnk C:\ProgramData\*.pif C:\ProgramData\*.ps1 C:\ProgramData\*.py C:\ProgramData\*.pyc C:\ProgramData\*.pyd C:\ProgramData\*.scr C:\ProgramData\*.tmp C:\ProgramData\*.vbe C:\ProgramData\*.vbs C:\ProgramData\*.wsf C:\ProgramData\*.wsh C:\ProgramData\*.zip C:\ProgramData\*.rar C:\ProgramData\*.7z C:\Users\*\AppData\Roaming\*.au3 C:\Users\*\AppData\Roaming\*.bat C:\Users\*\AppData\Roaming\*.cab C:\Users\*\AppData\Roaming\*.cmd C:\Users\*\AppData\Roaming\*.com C:\Users\*\AppData\Roaming\*.dll C:\Users\*\AppData\Roaming\*.exe C:\Users\*\AppData\Roaming\*.hta C:\Users\*\AppData\Roaming\*.jar C:\Users\*\AppData\Roaming\*.js C:\Users\*\AppData\Roaming\*.jse C:\Users\*\AppData\Roaming\*.lnk C:\Users\*\AppData\Roaming\*.pif C:\Users\*\AppData\Roaming\*.ps1 C:\Users\*\AppData\Roaming\*.py C:\Users\*\AppData\Roaming\*.pyc C:\Users\*\AppData\Roaming\*.pyd C:\Users\*\AppData\Roaming\*.scr C:\Users\*\AppData\Roaming\*.tmp C:\Users\*\AppData\Roaming\*.vbe C:\Users\*\AppData\Roaming\*.vbs C:\Users\*\AppData\Roaming\*.wsf C:\Users\*\AppData\Roaming\*.wsh C:\Users\*\AppData\Roaming\*.zip C:\Users\*\AppData\Roaming\*.rar C:\Users\*\AppData\Roaming\*.7z C:\Users\CurrentUserName\AppData\Local\*.a3x C:\Users\CurrentUserName\AppData\Local\*.ahk C:\Users\CurrentUserName\AppData\Local\*.au3 C:\Users\CurrentUserName\AppData\Local\*.bat C:\Users\CurrentUserName\AppData\Local\*.cab C:\Users\CurrentUserName\AppData\Local\*.cmd C:\Users\CurrentUserName\AppData\Local\*.com C:\Users\CurrentUserName\AppData\Local\*.dll C:\Users\CurrentUserName\AppData\Local\*.exe C:\Users\CurrentUserName\AppData\Local\*.hta C:\Users\CurrentUserName\AppData\Local\*.jar C:\Users\CurrentUserName\AppData\Local\*.js C:\Users\CurrentUserName\AppData\Local\*.jse C:\Users\CurrentUserName\AppData\Local\*.lnk C:\Users\CurrentUserName\AppData\Local\*.pif C:\Users\CurrentUserName\AppData\Local\*.ps1 C:\Users\CurrentUserName\AppData\Local\*.py C:\Users\CurrentUserName\AppData\Local\*.pyc C:\Users\CurrentUserName\AppData\Local\*.pyd C:\Users\CurrentUserName\AppData\Local\*.scr C:\Users\CurrentUserName\AppData\Local\*.tmp C:\Users\CurrentUserName\AppData\Local\*.vbe C:\Users\CurrentUserName\AppData\Local\*.vbs C:\Users\CurrentUserName\AppData\Local\*.wsf C:\Users\CurrentUserName\AppData\Local\*.wsh C:\Users\CurrentUserName\AppData\Local\*.zip C:\Users\CurrentUserName\AppData\Local\*.rar C:\Users\CurrentUserName\AppData\Local\*.7z C:\Users\CurrentUserName\AppData\Roaming\*.a3x C:\Users\CurrentUserName\AppData\Roaming\*.ahk C:\Users\CurrentUserName\AppData\Roaming\*.au3 C:\Users\CurrentUserName\AppData\Roaming\*.bat C:\Users\CurrentUserName\AppData\Roaming\*.cab C:\Users\CurrentUserName\AppData\Roaming\*.cmd C:\Users\CurrentUserName\AppData\Roaming\*.com C:\Users\CurrentUserName\AppData\Roaming\*.dll C:\Users\CurrentUserName\AppData\Roaming\*.exe C:\Users\CurrentUserName\AppData\Roaming\*.hta C:\Users\CurrentUserName\AppData\Roaming\*.jar C:\Users\CurrentUserName\AppData\Roaming\*.js C:\Users\CurrentUserName\AppData\Roaming\*.jse C:\Users\CurrentUserName\AppData\Roaming\*.lnk C:\Users\CurrentUserName\AppData\Roaming\*.pif C:\Users\CurrentUserName\AppData\Roaming\*.ps1 C:\Users\CurrentUserName\AppData\Roaming\*.py C:\Users\CurrentUserName\AppData\Roaming\*.pyc C:\Users\CurrentUserName\AppData\Roaming\*.pyd C:\Users\CurrentUserName\AppData\Roaming\*.scr C:\Users\CurrentUserName\AppData\Roaming\*.tmp C:\Users\CurrentUserName\AppData\Roaming\*.vbe C:\Users\CurrentUserName\AppData\Roaming\*.vbs C:\Users\CurrentUserName\AppData\Roaming\*.wsf C:\Users\CurrentUserName\AppData\Roaming\*.wsh C:\Users\CurrentUserName\AppData\Roaming\*.zip C:\Users\CurrentUserName\AppData\Roaming\*.rar C:\Users\CurrentUserName\AppData\Roaming\*.7z Comment: Force policy removal C:\Windows\System32\GroupPolicyUsers C:\Windows\System32\GroupPolicy Comment: System repair commands CMD: DISM.exe /Online /Cleanup-image /Restorehealth CMD: SFC.exe /scannow Comment: Network reset commands CMD: netsh int ip reset CMD: netsh int ipv6 reset CMD: ipconfig /flushDNS CMD: netsh winsock reset catalog Comment: Additional temp file removal C:\Windows\System32\config\systemprofile\AppData\Local\*.tmp C:\WINDOWS\system32\*.tmp C:\WINDOWS\syswow64\*.tmp C:\Users\CurrentUserName\AppData\Local\Temp\* C:\Windows\Temp\* C:\Windows\SystemTemp\* EmptyTemp: End::