bleeping computer rootkit

  • Home
  • Q & A
  • Blog
  • Contact
This rootkit is know under other names such as Rootkit.Win32.TDSS, Tidserv, TDSServ, and Alureon. Booting it up back in normal mode, however, and it's still really slow; sluggish startup and Task Manager reports 100% CPU anytime I open or refresh software. Total Virtual: 18265.61 MB HKU\S-1-5-21-1743480844-1970614667-1274377697-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" Description: The server {3C296D07-90AE-4FAC-86F9-65EAA8B82D22} did not register with DCOM within the required timeout. 2021-10-25 18:44 - 2021-10-25 18:44 - 000000000 ____D C:\Program Files\WhoCrashed Guest (S-1-5-21-1743480844-1970614667-1274377697-501 - Limited - Disabled) ==================== Internet (Whitelisted) ==================== MyPaint (HKLM\...\mypaint-w64) (Version: 2.0.1.g478280f2-1 - Martin Renold and the MyPaint Development Team) Description: The server {3C296D07-90AE-4FAC-86F9-65EAA8B82D22} did not register with DCOM within the required timeout. FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File] <==== ATTENTION 2021-11-02 15:36 - 2021-02-10 20:53 - 000000000 ____D C:\Users\racha\AppData\Roaming\Stems Aeon Timeline 2 (HKLM-x32\...\Aeon Timeline 2) (Version: 2.3.16 - Scribble Code) Description: The server {3C296D07-90AE-4FAC-86F9-65EAA8B82D22} did not register with DCOM within the required timeout. Dragon UnPACKer 5 (HKLM-x32\...\DragonUnPACKer5_is1) (Version: 5.7.0 Beta - Alexandre Devilliers (aka Elbereth)) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-14] (Microsoft Windows -> Microsoft Corporation) FirewallRules: [UDP Query User{DF9BDF44-6C47-4986-B3D0-D02B59782835}C:\users\racha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\racha\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{5BB339F1-E8DA-441D-9BE6-3C0EC2F18FC8}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe (SEGA EUROPE LIMITED -> ) 2021-10-27 20:47 - 2021-10-27 20:48 - 000000000 ____D C:\Users\racha\AppData\Local\replica-studios 2021-10-28 16:41 - 2021-10-28 16:41 - 000215552 _____ C:\WINDOWS\system32\CloudIdWxhExtension.dll 2021-10-24 17:54 - 2020-10-24 13:12 - 000000000 ____D C:\Users\racha\Zotero Scrivener (HKLM\...\Scrivener 3) (Version: 3.1.1.0 - Literature and Latte) RECsoprano Plug-in (HKLM\...\{DE038786-FE0B-45E4-9783-7C4C1D48B426}_is1) (Version: 2.0.1 - Tek'it Audio) A guide to rootkits describes what they are, how they work, how to build them, and how to detect them. Kaspersky VPN (HKLM-x32\...\{FF2A12B8-AEB7-48C0-95C8-E2E3D67DFCB2}) (Version: 21.3.10.391 - Kaspersky) Hidden Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) 2021-04-26 21:12 - 2021-05-13 20:16 - 000002547 _____ () C:\Users\racha\AppData\Local\krita-sysinfo.log Disk: 2 (Size: 931.5 GB) (Disk ID: FBED80C9) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) ==================== One month (created) (Whitelisted) ========= This is just after loading up Windows Explorer. This second edition of Security Complete is a one-of-a-kind book—valuable both for its broad content and its low price. 127.0.0.1 kubernetes.docker.internal HKU\S-1-5-21-1743480844-1970614667-1274377697-1001\...\StartupApproved\Run: => "Chromium Updater" VMware Network Adapter VMnet8: VMware Bridge Protocol -> vmware_bridge (disabled) 2021-10-30 11:11 - 2013-01-31 14:26 - 000069016 _____ C:\Users\racha\KlinicSlabBold.otf Please copy and paste all logs into your post unless otherwise requested. Epson Software Updater (HKLM-x32\...\{7CC286A8-EEC5-491F-A4B5-02BD4E656BF6}) (Version: 4.6.2 - Seiko Epson Corporation) SST Surge (HKLM\...\650E559A-2F44-44FE-861F-4108AE4BC30E_is1) (Version: 1.7.1 - Surge Synth Team) ), Administrator (S-1-5-21-1743480844-1970614667-1274377697-500 - Administrator - Disabled), DefaultAccount (S-1-5-21-1743480844-1970614667-1274377697-503 - Limited - Disabled), Guest (S-1-5-21-1743480844-1970614667-1274377697-501 - Limited - Disabled), racha (S-1-5-21-1743480844-1970614667-1274377697-1001 - Administrator - Enabled) => C:\Users\racha, WDAGUtilityAccount (S-1-5-21-1743480844-1970614667-1274377697-504 - Limited - Disabled), ==================== Security Center ========================, AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}, AV: Kaspersky Security Cloud (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}, FW: Kaspersky Security Cloud (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58}, ==================== Installed Programs ======================, (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. JPEXS Free Flash Decompiler (HKLM-x32\...\{E618D276-6596-41F4-8A98-447D442A77DB}_is1) (Version: 14.1.0 - JPEXS) "Having been born a freeman, and for more than thirty years enjoyed the blessings of liberty in a free State—and having at the end of that time been kidnapped and sold into Slavery, where I remained, until happily rescued in the month of ... 2021-02-09 20:30 - 2021-10-05 17:07 - 000000535 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics Malwarebytes Anti-Rootkit is a free program that can be used to search for and remove rootkits from your computer. (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\135.4.4221\QtWebEngineProcess.exe <3> Celemony Melodyne 5 (HKLM\...\Melodyne 5_is1) (Version: 5.1.1 - Celemony) Anytype 0.15.12 (HKU\S-1-5-21-1743480844-1970614667-1274377697-1001\...\{0d161061-aa21-525b-b3f0-649649058170}) (Version: 0.15.12 - Anytype) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] Microsoft Defender Antivirus scan has been stopped before completion. Locky Ransomware Information, Help Guide, and FAQ . Edited by RCLeahcar, 13 November 2021 - 06:26 AM. 2021-10-21 16:41 - 2020-12-18 19:57 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information To Tempt A Texan Neutron 3 Elements (HKLM-x32\...\Neutron 3 Elements) (Version: 3.1.1 - iZotope, Inc.) ਍ These are the cryptomixers hackers use to clean their ransoms 2021-11-14 16:46 - 2021-11-14 16:46 - 000113952 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys RootkitRevealer is a rootkit scanner from Microsoft Sysinternals. 2021-11-13 12:00 - 2021-06-18 18:03 - 000000000 ____D C:\Users\racha\AppData\Local\ElevatedDiagnostics 2021-11-14 11:55 - 2021-11-14 11:57 - 000000000 ____D C:\AdwCleaner AudioEase Speakersphone VST RTAS v1.03 (HKLM-x32\...\AudioEase Speakersphone VST RTAS_is1) (Version: - Audio Ease) ==================== Services (Whitelisted) =================== 2021-10-25 13:55 - 2021-10-25 13:55 - 002914035 _____ C:\Users\racha\Downloads\ProximaNova-www.Dfonts.org.zip Kaspersky Security Cloud (HKLM-x32\...\InstallWIX_{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky) But these past couple days, I've noticed my speed dramatically decline. FirewallRules: [{7391BA82-51D0-4EB1-85C2-D0AB0DCCCD09}] => (Allow) D:\Program Files (x86)\Steam\steam.exe (Valve -> Valve Corporation) yWriter8 (HKLM-x32\...\yWriter8_is1) (Version: - Spacejock Software) Read our profile on United States government and media. ), Task: {02B7F759-6BCC-4762-A593-F8228FCA06B8} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [743488 2021-04-23] (Kaspersky Lab JSC -> AO Kaspersky Lab), Task: {0B79A7A8-F69C-401D-A793-99E3B993682D} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate, Task: {0DC61009-25F3-4252-97DF-17DB5885BF6D} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File), Task: {1556D8D4-B492-438B-A18D-F2B9C9E678EF} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.), Task: {22B6F699-8753-4EE4-B401-181C1C4CAAFB} - System32\Tasks\VivaldiUpdateCheck-62bad5755d42e88a => C:\Users\racha\AppData\Local\Vivaldi\Application\update_notifier.exe [3044752 2021-11-08] (Vivaldi Technologies AS -> Vivaldi Technologies AS), Task: {31CA93A9-36CE-4E1F-AC6E-B2ED2B1302DD} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21862256 2021-09-29] (Microsoft Corporation -> Microsoft Corporation), Task: {36DAFC01-A41A-4208-953A-025BC186122C} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139136 2021-10-14] (Microsoft Corporation -> Microsoft Corporation), Task: {53445B4E-C80E-46F9-A820-8E7A6B3A0F90} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK, Task: {6160BA65-D1C4-4B9A-8746-2B94E7C45E99} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21862256 2021-09-29] (Microsoft Corporation -> Microsoft Corporation), Task: {6BB68A47-EADF-459B-AF1D-AABD96E7AED1} - System32\Tasks\Start-SkyFonts-Service => D:\Program Files\Monotype\SkyFonts\Monotype.SkyFonts.Service.exe /S (No File), Task: {76B03C00-12C2-4BBD-8D6F-AECD7F98BB84} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [7053720 2021-09-27] (Microsoft Corporation -> Microsoft Corporation), Task: {89B29D91-2F39-4D3A-9740-400A72065E01} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [682936 2021-11-03] (Mozilla Corporation -> Mozilla Foundation), Task: {8B795E1C-1257-42C9-933F-781173A142E1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-05-20] (Piriform Software Ltd -> Piriform), Task: {99C344FE-7178-424C-8441-31CC75DB4BD0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28158080 2021-05-20] (Piriform Software Ltd -> Piriform Software Ltd), Task: {9EFEFED0-4C93-4684-A9FC-5C09A23E2093} - System32\Tasks\Opera GX scheduled Autoupdate 1636290111 => C:\Users\racha\AppData\Local\Programs\Opera GX\launcher.exe [46162128 2021-11-04] (Opera Software AS -> Opera Software), Task: {A994F694-190A-4A61-8AB1-892D0C8C72C0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.), Task: {C79F171E-568E-4440-A444-94C6EBB8B663} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139136 2021-10-14] (Microsoft Corporation -> Microsoft Corporation), Task: {D8F5B999-6143-46A7-AD6B-717A0F031309} - System32\Tasks\EPSON XP-520 Series Update {DE6A08C1-609C-4D06-980F-B245DDEBB91B} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNPE.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION), Task: {F19B8092-83C5-4651-94F4-4BE15DCB7989} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [7053720 2021-09-27] (Microsoft Corporation -> Microsoft Corporation), (If an entry is included in the fixlist, the task (.job) file will be moved. Microsoft Windows Desktop Runtime - 3.1.15 (x64) (HKLM-x32\...\{da7296c7-a45d-4214-8543-8bea9015e852}) (Version: 3.1.15.30014 - Microsoft Corporation) Malware Data Science: Attack Detection and Attribution iZotope Nectar 3 Elements (HKLM-x32\...\Nectar 3 Elements) (Version: 3.00 - iZotope, Inc.) Date: 2021-11-14 13:14:36 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-11-2021 Running from C:\Users\racha\Desktop FirewallRules: [{3E80F2DC-0C89-4FCE-9A4B-FA2401668626}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Sonic & All-Stars Racing Transformed\Launcher.exe (SEGA EUROPE LIMITED -> ) My computer uses 100% CPU at random times, though looking at the processes it doesn't really tell you what's using it. Microsoft Office LTSC Professional Plus 2021 - en-us (HKLM\...\ProPlus2021Volume - en-us) (Version: 16.0.14332.20145 - Microsoft Corporation) Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS) This book will provide tips and tricks all along the kill chain of an attack, showing where hackers can have the upper hand in a live conflict and how defenders can outsmart them in this adversarial game of computer cat and mouse. (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe AdwCleaner detected one thing and took care of that. 2021-11-11 14:36 - 2021-11-11 14:36 - 000077824 _____ C:\WINDOWS\system32\runexehelper.exe FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line) FirewallRules: [TCP Query User{57398369-3487-4FCA-9D0F-08B74DF29901}C:\users\racha\appdata\local\vivaldi\application\vivaldi.exe] => (Block) C:\users\racha\appdata\local\vivaldi\application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS) 2021-08-07 18:08 - 2021-10-31 19:01 - 000000002 _____ () C:\Users\racha\AppData\Roaming\ExplorerFavorites.txt FF Plugin: @java.com/DTPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\dtplugin\npDeployJava1.dll [2021-06-23] (Oracle America, Inc. -> Oracle Corporation) Task: {9EFEFED0-4C93-4684-A9FC-5C09A23E2093} - System32\Tasks\Opera GX scheduled Autoupdate 1636290111 => C:\Users\racha\AppData\Local\Programs\Opera GX\launcher.exe [46162128 2021-11-04] (Opera Software AS -> Opera Software) R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2020-10-24] (AVB Disc Soft, SIA -> Disc Soft Ltd) 2021-11-14 14:19 - 2021-06-17 17:30 - 000000000 ____D C:\ProgramData\Mozilla HKU\S-1-5-21-1743480844-1970614667-1274377697-1001\...\StartupApproved\Run: => "Monotype SkyFonts Rack Up" Panda Anti-Rootkit is a free rootkit scanner from Panda Security. Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30133 (HKLM-x32\...\{295d1583-fdb9-414b-a4c8-da539362a26b}) (Version: 14.29.30133.0 - Microsoft Corporation) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1310720 2020-02-10] (Seiko Epson Corporation) [File not signed] The file will not be moved unless listed separately. ========= bitsadmin /list /allusers ========= 2021-11-14 17:02 - 2021-06-05 12:10 - 000000000 ____D C:\WINDOWS\SystemTemp 2021-11-08 18:16 - 2021-01-05 13:47 - 000000000 ____D C:\Users\racha\AppData\Roaming\UnityHub FirewallRules: [TCP Query User{7A50EBD1-93AC-441E-B8E4-A092130FA027}C:\program files\java\jdk-16.0.1\bin\javaw.exe] => (Allow) C:\program files\java\jdk-16.0.1\bin\javaw.exe Here is an example of Edge booting up. Path: FirewallRules: [{2AAF1283-9C50-4E98-BADB-B7C96BC3899E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Anodyne\Anodyne.exe () [File not signed] 2021-10-22 09:28 - 2021-10-22 09:28 - 000000837 _____ C:\Users\racha\Desktop\OpenMPT.lnk ==================== End of FRST.txt ========================ADDITION.TXT ), HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\VMware\VMware Player\bin\;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\Common Files\Propellerhead Software\ReWire\;C:\Program Files\Common Files\Propellerhead Software\ReWire\;C:\Program Files\nodejs\;C:\Program Files\dotnet\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\, HKU\S-1-5-21-1743480844-1970614667-1274377697-1001\Control Panel\Desktop\\Wallpaper -> c:\users\racha\downloads\cb16185160522824b72c0754776244b2_3353494747542547359.gif, HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1), HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn), VMware Network Adapter VMnet8: VMware Bridge Protocol -> vmware_bridge (disabled), VMware Network Adapter VMnet1: VMware Bridge Protocol -> vmware_bridge (disabled), Ethernet: VMware Bridge Protocol -> vmware_bridge (enabled), ==================== MSCONFIG/TASK MANAGER disabled items ==, HKLM\...\StartupApproved\StartupFolder: => "NIHardwareAccessibilityHelper.exe.lnk", HKLM\...\StartupApproved\Run: => "SecurityHealth", HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller", HKLM\...\StartupApproved\Run32: => "Genshin Impact_Launcher", HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerLocalAppData", HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerProgramData", HKLM\...\StartupApproved\Run32: => "RazerCortex", HKU\S-1-5-21-1743480844-1970614667-1274377697-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk", HKU\S-1-5-21-1743480844-1970614667-1274377697-1001\...\StartupApproved\StartupFolder: => "KeyboardChatterBlocker.lnk", HKU\S-1-5-21-1743480844-1970614667-1274377697-1001\...\StartupApproved\StartupFolder: => "SunsetScreen.lnk", HKU\S-1-5-21-1743480844-1970614667-1274377697-1001\...\StartupApproved\StartupFolder: => "SunsetScreen.exe - Shortcut.lnk", HKU\S-1-5-21-1743480844-1970614667-1274377697-1001\...\StartupApproved\Run: => "OneDrive", HKU\S-1-5-21-1743480844-1970614667-1274377697-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams", HKU\S-1-5-21-1743480844-1970614667-1274377697-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount", HKU\S-1-5-21-1743480844-1970614667-1274377697-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning", HKU\S-1-5-21-1743480844-1970614667-1274377697-1001\...\StartupApproved\Run: => "Lync", HKU\S-1-5-21-1743480844-1970614667-1274377697-1001\...\StartupApproved\Run: => "Monotype SkyFonts Rack Up", HKU\S-1-5-21-1743480844-1970614667-1274377697-1001\...\StartupApproved\Run: => "Spotify", HKU\S-1-5-21-1743480844-1970614667-1274377697-1001\...\StartupApproved\Run: => "Chromium Updater", ==================== FirewallRules (Whitelisted) ================, FirewallRules: [UDP Query User{057C1DAB-ED96-4686-AC0F-ADA57A0611FA}C:\users\racha\appdata\local\replica-studios\app-0.0.27\replica-studios.exe] => (Allow) C:\users\racha\appdata\local\replica-studios\app-0.0.27\replica-studios.exe => No File, FirewallRules: [TCP Query User{89D1363E-A425-4A1B-A3D5-7B69FA169535}C:\users\racha\appdata\local\replica-studios\app-0.0.27\replica-studios.exe] => (Allow) C:\users\racha\appdata\local\replica-studios\app-0.0.27\replica-studios.exe => No File, FirewallRules: [UDP Query User{F8B94052-9181-4714-BB79-3C437AAA20C4}C:\users\racha\appdata\local\replica-studios\app-0.0.26\replica-studios.exe] => (Allow) C:\users\racha\appdata\local\replica-studios\app-0.0.26\replica-studios.exe => No File, FirewallRules: [TCP Query User{577D83F4-B2AC-4FB1-80DD-6D3F7B7EB5EA}C:\users\racha\appdata\local\replica-studios\app-0.0.26\replica-studios.exe] => (Allow) C:\users\racha\appdata\local\replica-studios\app-0.0.26\replica-studios.exe => No File, FirewallRules: [{5B8A8EF8-5EDD-479B-925E-46A7403A56D9}] => (Allow) C:\Users\racha\AppData\Roaming\Zoom\bin\airhost.exe => No File, FirewallRules: [{2418D558-50CD-4558-B98B-8E275078FB02}] => (Allow) C:\Users\racha\AppData\Roaming\Zoom\bin\airhost.exe => No File, FirewallRules: [{29AE5D68-DDA3-4C71-8BB6-94D1C57CBB5D}] => (Allow) C:\Users\racha\AppData\Roaming\Zoom\bin\Zoom.exe => No File, FirewallRules: [{E8DCCFB9-0B99-4597-9424-F73B805E75DF}] => (Allow) C:\Program Files\Firefox Nightly\firefox.exe => No File, FirewallRules: [{8AC66B3B-DEFD-487F-9A9B-E53A29790A10}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation), FirewallRules: [UDP Query User{094012A9-6B62-4E9C-A2BC-2FAE96DF8162}C:\users\racha\appdata\local\vivaldi\application\vivaldi.exe] => (Block) C:\users\racha\appdata\local\vivaldi\application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS), FirewallRules: [TCP Query User{57398369-3487-4FCA-9D0F-08B74DF29901}C:\users\racha\appdata\local\vivaldi\application\vivaldi.exe] => (Block) C:\users\racha\appdata\local\vivaldi\application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS), FirewallRules: [UDP Query User{784774F6-F445-4150-BD1A-9846EB4C3685}C:\users\racha\appdata\local\programs\opera gx\77.0.4054.257\opera.exe] => (Block) C:\users\racha\appdata\local\programs\opera gx\77.0.4054.257\opera.exe => No File, FirewallRules: [TCP Query User{7B22A13B-D99E-4670-9368-25364204DEF2}C:\users\racha\appdata\local\programs\opera gx\77.0.4054.257\opera.exe] => (Block) C:\users\racha\appdata\local\programs\opera gx\77.0.4054.257\opera.exe => No File, FirewallRules: [UDP Query User{7992E63F-7F08-41E0-9420-04312CD5EC94}D:\program files\genshin impact\genshin impact game\genshinimpact.exe] => (Allow) D:\program files\genshin impact\genshin impact game\genshinimpact.exe (miHoYo Co.,Ltd.
Non Sandwich Lunches For Adults, Europcar Damage Waiver, Emerson College Sfs Portal, Pros And Cons Of Ballista Catapult, Healthcare Associates Of Texas Login, Wildwood Resort And Marina Menu,
bleeping computer rootkit 2021