CloseProcesses:
CreateRestorePoint:
EmptyTemp:
( ) C:\Users\User\AppData\Roaming\u4d03xqb0rd\ikdakswzg3j.exe
(4T36PKJY) C:\Program Files\YYRWNHMXPY\YYRWNHMXP.exe
(4T36PKJY) C:\Program Files\9L4D6GII1W\9L4D6GII1.exe
( ) C:\Users\User\AppData\Roaming\uodzpmb4gch\4l5ycuey1zz.exe
() C:\Users\User\AppData\Local\Temp\is-3P5T9.tmp\ikdakswzg3j.tmp
(4T36PKJY) C:\Program Files\9UPZRTAXDR\3867JX0G7.exe
( ) C:\Users\User\AppData\Roaming\rivmrgglst3\fenf5cbh12v.exe
() C:\Users\User\AppData\Local\Temp\is-BD2F8.tmp\4l5ycuey1zz.tmp
() C:\Users\User\AppData\Roaming\App.exe
() C:\Users\User\AppData\Local\Temp\is-GHJ8K.tmp\fenf5cbh12v.tmp
HKU\S-1-5-21-2765039487-2702460980-1030939640-1000\...\Run: [Epic Privacy Browser Installer] => C:\Users\User\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe [509096 2018-08-19] (Epic Privacy Browser)
HKU\S-1-5-21-2765039487-2702460980-1030939640-1000\...\Run: [9854245] => C:\Users\User\AppData\Roaming\u4d03xqb0rd\ikdakswzg3j.exe [1274011 2019-01-16] ( )
HKU\S-1-5-21-2765039487-2702460980-1030939640-1000\...\Run: [AA73GF6JH0EEX4B] => C:\Program Files\YYRWNHMXPY\YYRWNHMXP.exe [925696 2019-01-16] (4T36PKJY)
HKU\S-1-5-21-2765039487-2702460980-1030939640-1000\...\Run: [TH5L4U552BEUFBU] => C:\Program Files\9L4D6GII1W\9L4D6GII1.exe [925696 2019-01-16] (4T36PKJY)
HKU\S-1-5-21-2765039487-2702460980-1030939640-1000\...\Run: [1788524] => C:\Users\User\AppData\Roaming\uodzpmb4gch\4l5ycuey1zz.exe [1274011 2019-01-16] ( )
HKU\S-1-5-21-2765039487-2702460980-1030939640-1000\...\Run: [MNA0CYGLTS33F82] => C:\Program Files\9UPZRTAXDR\3867JX0G7.exe [925696 2019-01-16] (4T36PKJY)
HKU\S-1-5-21-2765039487-2702460980-1030939640-1000\...\Run: [4389267] => C:\Users\User\AppData\Roaming\rivmrgglst3\fenf5cbh12v.exe [1274011 2019-01-16] ( )
HKU\S-1-5-21-2765039487-2702460980-1030939640-1000\...\RunOnce: [App] => C:\Users\User\AppData\Roaming\App.exe [595456 2019-01-16] ()
Tcpip\..\Interfaces\{7D59FF45-F2FF-4ED2-BCFD-5EAEC4F25645}: [DhcpNameServer] 31.11.202.254 37.8.214.2
2019-01-16 20:59 - 2019-01-16 20:59 - 000000008 __RSH C:\Users\User\ntuser.pol
2019-01-16 20:59 - 2019-01-16 20:59 - 000000008 __RSH C:\ProgramData\ntuser.pol
2019-01-16 20:49 - 2019-01-16 20:49 - 000000000 ____D C:\Users\User\AppData\Roaming\rivmrgglst3
2019-01-16 20:49 - 2019-01-16 20:49 - 000000000 ____D C:\Program Files\9UPZRTAXDR
2019-01-16 16:01 - 2019-01-16 16:01 - 000000000 ____D C:\Users\User\AppData\Roaming\uodzpmb4gch
2019-01-16 16:01 - 2019-01-16 16:01 - 000000000 ____D C:\Program Files\9L4D6GII1W
2019-01-16 15:21 - 2019-01-16 15:21 - 000595456 _____ C:\Users\User\AppData\Roaming\App.exe
2019-01-16 15:21 - 2019-01-16 15:21 - 000000000 ____D C:\Users\User\AppData\Roaming\u4d03xqb0rd
2019-01-16 15:21 - 2019-01-16 15:21 - 000000000 ____D C:\Program Files\YYRWNHMXPY
2019-01-15 23:21 - 2019-01-15 23:21 - 000000000 ____D C:\Users\User\AppData\Roaming\EpicNet Inc
2019-01-15 23:19 - 2019-01-15 23:19 - 000621928 _____ (VideoDriver) C:\Windows\72DC5DA98E53.sys
2019-01-16 15:21 - 2019-01-16 15:21 - 000595456 _____ () C:\Users\User\AppData\Roaming\App.exe
2019-01-16 21:07 - 2019-01-16 21:07 - 000730112 _____ () C:\Users\User\AppData\Local\Temp\is-3P5T9.tmp\ikdakswzg3j.tmp
2019-01-16 21:07 - 2019-01-16 21:07 - 000730112 _____ () C:\Users\User\AppData\Local\Temp\is-BD2F8.tmp\4l5ycuey1zz.tmp
2019-01-16 15:21 - 2019-01-16 15:21 - 000595456 _____ () C:\Users\User\AppData\Roaming\App.exe
2019-01-16 21:07 - 2019-01-16 21:07 - 000730112 _____ () C:\Users\User\AppData\Local\Temp\is-GHJ8K.tmp\fenf5cbh12v.tmp
2019-01-16 21:07 - 2008-10-15 16:44 - 000205312 _____ () C:\Users\User\AppData\Local\Temp\is-P0IB2.tmp\itdownload.dll
2019-01-16 21:07 - 2008-10-15 16:44 - 000205312 _____ () C:\Users\User\AppData\Local\Temp\is-P0IB0.tmp\itdownload.dll
2019-01-16 21:07 - 2008-10-15 16:44 - 000205312 _____ () C:\Users\User\AppData\Local\Temp\is-P0IB1.tmp\itdownload.dll
FilesInDirectory: C:\Users\User\AppData\Local\*.exe;*.dll;*.ini
FilesInDirectory: C:\Users\User\AppData\Roaming\*.exe;*.dll;*.ini
CMD: dir /a "C:\Users\User\AppData\Roaming"
CMD: dir /a "C:\Program Files (x86)"
CMD: dir /a "C:\Program Files"