cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþ
--------------------------------------------------------------------------------
Microsoft Antimalware (F7F4CD20-7371-4319-B1DB-6FCFC68573EC) Service Log
Started On 10-25-2023 04:03:29
************************************************************
OS install time not retrieved: hr = 0x8007000d
Current time: 10/25/2023 03:03:29.229802400 UTC (14968 ms since boot)
2023-10-25T03:03:29.222Z ProductId: 4, ProductFeature: 0, LaunchedProtected: 0, IsWcos: 0, IsContainerOs: 0
2023-10-25T03:03:29.222Z [WPP] Starting WPP trace with buffersize 4MB, maxfilesize: 16MB, filename: WdoWppTracing-20231025-040329-00000003-ffffffff.bin ...
2023-10-25T03:03:29.222Z [WPP] Trace session started - WdoWppTracing-20231025-040329-00000003-ffffffff.bin
2023-10-25T03:03:29.222Z OS Build/Branch info: 19041.1.amd64fre.vb_release.191206-1406
2023-10-25T03:03:29.222Z [PlatUpd] Service launched successfully from: E:\ProgramData\Microsoft\Windows Defender\Offline Scanner
2023-10-25T03:03:29.222Z Service is asked to be reenabled.
2023-10-25T03:03:29.222Z Task(-EnableService) launched
2023-10-25T03:03:29.238Z Loaded module#0 MpComServer.
2023-10-25T03:03:29.238Z Loading engine...
2023-10-25T03:03:29.347Z UpdateEngine start: Source: 3, szUpdateDirectory: E:\Windows\Microsoft Antimalware\Definition Updates\{0AB91187-3B2C-42E1-B9B3-2C5E1877F57B}
2023-10-25T03:03:29.425Z Verifying engine and signature files (source: 0) ...
2023-10-25T03:03:29.457Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{23A76346-6837-40BA-A060-328755D09ABB}\mpengine.dll]
2023-10-25T03:03:29.504Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{23A76346-6837-40BA-A060-328755D09ABB}\mpasbase.vdm]
2023-10-25T03:03:29.504Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{23A76346-6837-40BA-A060-328755D09ABB}\mpasdlta.vdm]
2023-10-25T03:03:29.535Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{23A76346-6837-40BA-A060-328755D09ABB}\mpavbase.vdm]
2023-10-25T03:03:29.550Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{23A76346-6837-40BA-A060-328755D09ABB}\mpavdlta.vdm]
Database:
2023-10-25T03:03:29.582Z Can't find offline cache cache (E:\Windows\Microsoft Antimalware\Scans\mpcache-447839FF8EECAF9B2CE9047C231B19038405F4BD.bin): 0x00000002IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007bIDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000dIDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d
2023-10-25T03:03:32.393Z [AutoExclusion] Skipped Non-Windows 10+ Server SKUs.
Engine-HIPS:
2023-10-25T03:03:32.409Z Loaded ASR vdm rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-10-25T03:03:32.409Z Loaded ASR vdm rule "Block credential stealing from the Windows local security authority subsystem (lsass.exe)", State=5, Action=7, Type=1, Duplicates(Interval=144000000000, scope=0x380)
Engine-HIPS:
2023-10-25T03:03:32.409Z Loaded ASR vdm rule "Block Office applications from injecting code into other processes", State=5, Action=2, Type=24, Duplicates(Interval=144000000000, scope=0x380)
Engine-HIPS:
2023-10-25T03:03:32.409Z Loaded ASR vdm rule "Controlled folder access", State=0, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-10-25T03:03:32.409Z Loaded ASR vdm rule "Block untrusted and unsigned processes that run from USB", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-10-25T03:03:32.409Z Loaded ASR vdm rule "Block Adobe Reader from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-10-25T03:03:32.409Z Loaded ASR vdm rule "Block Office applications from creating executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-10-25T03:03:32.409Z Loaded ASR vdm rule "Block Webshell creation for Servers", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-10-25T03:03:32.409Z Loaded ASR vdm rule "Block Office communication application from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-10-25T03:03:32.409Z Loaded ASR vdm rule "Block Win32 API calls from Office macro", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-10-25T03:03:32.409Z Loaded ASR vdm rule "Block abuse of in-the-wild exploited vulnerable signed drivers", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-10-25T03:03:32.409Z Loaded ASR vdm rule "Block all Office applications from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-10-25T03:03:32.409Z Loaded ASR vdm rule "Use advanced protection against ransomware", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-10-25T03:03:32.409Z Loaded ASR vdm rule "Block Process Creations originating from PSExec & WMI commands", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-10-25T03:03:32.409Z Loaded ASR vdm rule "Block Launching of executable content from email attachment", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-10-25T03:03:32.409Z Loaded ASR vdm rule "Block JavaScript or VBScript from launching downloaded executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-10-25T03:03:32.409Z Loaded ASR vdm rule "Block persistence through WMI event subscription", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-10-25T03:03:32.409Z Loaded ASR vdm rule "Aplha Test for ASR in Audit Mode", State=5, Action=1, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-10-25T03:03:32.409Z Loaded ASR vdm rule "Block rebooting machine in Safe Mode", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-10-25T03:03:32.409Z Loaded ASR vdm rule "Aplha Test for ASR in Block Mode", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-10-25T03:03:32.409Z Loaded ASR vdm rule "Block execution of potentially obfuscated scripts", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
2023-10-25T03:03:32.409Z CSignatureStatus: back to good
2023-10-25T03:03:32.409Z [Engine] Loaded E:\Windows\Microsoft Antimalware\Definition Updates\{23A76346-6837-40BA-A060-328755D09ABB}
2023-10-25T03:03:32.409Z [Engine] Removing E:\Windows\Microsoft Antimalware\Definition Updates\{0AB91187-3B2C-42E1-B9B3-2C5E1877F57B} ...
2023-10-25T03:03:32.409Z MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0x0
Signature updated via XCopy on 10-25-2023 04:03:32
Product Version: 4.18.1907.16384
Service Version: 4.18.1909.6
Engine Version: 1.1.23090.2007
AS Signature Version: 1.399.1263.0
AV Signature Version: 1.399.1263.0
************************************************************
2023-10-25T03:03:32.409Z UpdateEngine finished with 0x0: Source: 3, szUpdateDirectory: E:\Windows\Microsoft Antimalware\Definition Updates\{0AB91187-3B2C-42E1-B9B3-2C5E1877F57B}
2023-10-25T03:03:32.409Z Engine loaded!
2023-10-25T03:03:32.409Z Verifying license file...
2023-10-25T03:03:32.409Z Verified [E:\ProgramData\Microsoft\Windows Defender\Offline Scanner\msmplics.dll]
2023-10-25T03:03:32.409Z MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0x0
Product Version: 4.18.1907.16384
Service Version: 4.18.1909.6
Engine Version: 1.1.23090.2007
AS Signature Version: 1.399.1263.0
AV Signature Version: 1.399.1263.0
************************************************************
2023-10-25T03:03:33.284Z MpManagerEnable: setting DisableAS to 0 ...
2023-10-25T03:03:33.284Z MpManagerEnable: setting DisableAV to 0 ...
2023-10-25T03:03:33.284Z Scheduled scan configured CPU priority: normal (LowCpuPriority: 0)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E98961FA8, sigsha=29727b199c33e2ba7beb863c494f3a822d8e7975, cached=false, source=0, resourceid=0x8a4b52bb
Engine:
2023-10-25T03:03:58.632Z Setting original file name "control.exe" for "\\?\e:\windows\syswow64\fontext.dll", hr=0x0
Internal signature match:subtype=Lowfi, sigseq=0x00001080EAA4C0A6, sigsha=36c7477fec5d979569134bfb9a26f40eddef2d0d, cached=false, source=0, resourceid=0xfe1ba380
Engine:
2023-10-25T03:04:04.983Z Setting original file name "mavinject64.exe" for "\\?\e:\windows\syswow64\mavinject.exe", hr=0x0
Engine:
2023-10-25T03:04:09.120Z Setting original file name "mshta.exe" for "\\?\e:\windows\syswow64\mshtml.dll", hr=0x0
Engine:
2023-10-25T03:04:14.801Z Setting original file name "pcalua.exe" for "\\?\e:\windows\syswow64\pcacli.dll", hr=0x0
Engine:
2023-10-25T03:04:14.833Z Setting original file name "pcalua.exe" for "\\?\e:\windows\syswow64\pcaui.exe", hr=0x0
Engine:
2023-10-25T03:04:18.311Z Setting original file name "reg.exe" for "\\?\e:\windows\syswow64\reg.exe", hr=0x0
Engine:
2023-10-25T03:04:18.435Z Setting original file name "register-cimprovider2.exe" for "\\?\e:\windows\syswow64\register-cimprovider.exe", hr=0x0
Engine:
2023-10-25T03:04:19.287Z Setting original file name "rundll32.exe" for "\\?\e:\windows\syswow64\rundll32.exe", hr=0x0
Engine:
2023-10-25T03:04:19.568Z Setting original file name "schtasks.exe" for "\\?\e:\windows\syswow64\schtasks.exe", hr=0x0
2023-10-25T03:04:29.233Z Process scan (postsignatureupdatescan) started.
2023-10-25T03:04:29.358Z Process scan (postsignatureupdatescan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9BADD0C7, sigsha=c6503d7da3fb69d0e1e06a3664003856a0794239, cached=false, source=0, resourceid=0x3d68dece
Internal signature match:subtype=Lowfi, sigseq=0x0000157E95A3DDE2, sigsha=63d8897959ecd045bd7bf0881d6031e25b3c36e1, cached=false, source=0, resourceid=0x3d68dece
Engine:
2023-10-25T03:04:52.729Z Setting original file name "mavinject64.exe" for "\\?\e:\windows\system32\mavinject.exe", hr=0x0
Engine:
2023-10-25T03:05:01.286Z Setting original file name "pcalua.exe" for "\\?\e:\windows\system32\pcacli.dll", hr=0x0
Engine:
2023-10-25T03:05:01.302Z Setting original file name "pcalua.exe" for "\\?\e:\windows\system32\pcadm.dll", hr=0x0
Engine:
2023-10-25T03:05:04.426Z Setting original file name "reg.exe" for "\\?\e:\windows\system32\reg.exe", hr=0x0
Engine:
2023-10-25T03:05:04.481Z Setting original file name "register-cimprovider2.exe" for "\\?\e:\windows\system32\register-cimprovider.exe", hr=0x0
Engine:
2023-10-25T03:05:05.370Z Setting original file name "rundll32.exe" for "\\?\e:\windows\system32\rundll32.exe", hr=0x0
Engine:
2023-10-25T03:05:05.662Z Setting original file name "schtasks.exe" for "\\?\e:\windows\system32\schtasks.exe", hr=0x0
Engine:
2023-10-25T03:05:13.290Z Setting original file name "vssadmin.exe" for "\\?\e:\windows\system32\vssadmin.exe", hr=0x0
Engine:
2023-10-25T03:05:23.089Z Triggered AR EMS scan

Engine:
2023-10-25T03:05:23.089Z EMS scan for process: lsass pid: 776, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-10-25T03:05:23.167Z EMS scan for process: svchost pid: 892, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-10-25T03:05:23.198Z EMS scan for process: svchost pid: 1004, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-10-25T03:05:23.214Z EMS scan for process: svchost pid: 848, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-10-25T03:05:23.261Z EMS scan for process: svchost pid: 812, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-10-25T03:05:23.292Z EMS scan for process: svchost pid: 1048, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-10-25T03:05:23.323Z EMS scan for process: svchost pid: 1172, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-10-25T03:05:23.355Z EMS scan for process: svchost pid: 1460, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-10-25T03:05:23.401Z EMS scan for process: svchost pid: 1556, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-10-25T03:05:23.417Z EMS scan for process: svchost pid: 1708, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-10-25T03:05:23.433Z EMS scan for process: svchost pid: 1772, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-10-25T03:05:47.929Z Setting original file name "powershell.exe" for "\\?\e:\windows\syswow64\windowspowershell\v1.0\powershell.exe", hr=0x0
Engine:
2023-10-25T03:05:47.976Z Setting original file name "powershell.exe" for "\\?\e:\windows\system32\windowspowershell\v1.0\powershell.exe", hr=0x0

2023-10-25T03:05:48.224Z Matched bloom filter (standard) (setting MpCloudToVDMBloomFilter) (\\?\E:\Program Files\CCleaner\CCleaner.exe)
Internal signature match:subtype=Lowfi, sigseq=0x000076E70B8B1DB7, sigsha=48a4d8750f5ef0236a2b2c22d15d73f311eb519c, cached=false, source=0, resourceid=0x0ac722ff
Internal signature match:subtype=Lowfi, sigseq=0x0000E5E711B2AB39, sigsha=81aa596ffe243ce47b78e77b4f9e92c4e075f336, cached=false, source=0, resourceid=0xb49f25b9
2023-10-25T03:06:09.002Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-10-25T03:06:29.977Z Service stop requested (ServiceError: 0x0). Calling CleanupMpService ...
2023-10-25T03:06:30.071Z Unloaded module#0 MpComServer.
Microsoft Antimalware (F7F4CD20-7371-4319-B1DB-6FCFC68573EC) Log
Stopped On 10-25-2023 04:06:30 (Exit Code = 0x0)
************************************************************
--------------------------------------------------------------------------------
Microsoft Antimalware (F7F4CD20-7371-4319-B1DB-6FCFC68573EC) Service Log
Started On 10-29-2023 02:21:45
************************************************************
OS install time not retrieved: hr = 0x8007000d
Current time: 10/29/2023 01:21:45.426814800 UTC (15171 ms since boot)
2023-10-29T01:21:45.417Z ProductId: 4, ProductFeature: 0, LaunchedProtected: 0, IsWcos: 0, IsContainerOs: 0
2023-10-29T01:21:45.417Z [WPP] Starting WPP trace with buffersize 4MB, maxfilesize: 16MB, filename: WdoWppTracing-20231029-022145-00000003-ffffffff.bin ...
2023-10-29T01:21:45.417Z [WPP] Trace session started - WdoWppTracing-20231029-022145-00000003-ffffffff.bin
2023-10-29T01:21:45.417Z OS Build/Branch info: 19041.1.amd64fre.vb_release.191206-1406
2023-10-29T01:21:45.417Z [PlatUpd] Service launched successfully from: E:\ProgramData\Microsoft\Windows Defender\Offline Scanner
2023-10-29T01:21:45.417Z Service is asked to be reenabled.
2023-10-29T01:21:45.417Z Task(-EnableService) launched
2023-10-29T01:21:45.433Z Loaded module#0 MpComServer.
2023-10-29T01:21:45.433Z Loading engine...
2023-10-29T01:21:45.527Z UpdateEngine start: Source: 3, szUpdateDirectory: E:\Windows\Microsoft Antimalware\Definition Updates\{E0A627E4-6212-4663-901B-21704FCA0136}
2023-10-29T01:21:45.589Z Verifying engine and signature files (source: 0) ...
2023-10-29T01:21:45.621Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{0C2D78DC-D2EC-4118-8435-8B2004ABA6C8}\mpengine.dll]
2023-10-29T01:21:45.667Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{0C2D78DC-D2EC-4118-8435-8B2004ABA6C8}\mpasbase.vdm]
2023-10-29T01:21:45.667Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{0C2D78DC-D2EC-4118-8435-8B2004ABA6C8}\mpasdlta.vdm]
2023-10-29T01:21:45.699Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{0C2D78DC-D2EC-4118-8435-8B2004ABA6C8}\mpavbase.vdm]
2023-10-29T01:21:45.714Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{0C2D78DC-D2EC-4118-8435-8B2004ABA6C8}\mpavdlta.vdm]
Database:
2023-10-29T01:21:45.746Z Can't find offline cache cache (E:\Windows\Microsoft Antimalware\Scans\mpcache-D89C5FD1E10C9E785C9D667FCF3E4397CB45293C.bin): 0x00000002IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007bIDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000dIDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d
2023-10-29T01:21:48.526Z [AutoExclusion] Skipped Non-Windows 10+ Server SKUs.
Engine-HIPS:
2023-10-29T01:21:48.542Z Loaded ASR vdm rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-10-29T01:21:48.542Z Loaded ASR vdm rule "Block credential stealing from the Windows local security authority subsystem (lsass.exe)", State=5, Action=7, Type=1, Duplicates(Interval=144000000000, scope=0x380)
Engine-HIPS:
2023-10-29T01:21:48.542Z Loaded ASR vdm rule "Block Office applications from injecting code into other processes", State=5, Action=2, Type=24, Duplicates(Interval=144000000000, scope=0x380)
Engine-HIPS:
2023-10-29T01:21:48.542Z Loaded ASR vdm rule "Controlled folder access", State=0, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-10-29T01:21:48.542Z Loaded ASR vdm rule "Block untrusted and unsigned processes that run from USB", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-10-29T01:21:48.542Z Loaded ASR vdm rule "Block Adobe Reader from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-10-29T01:21:48.542Z Loaded ASR vdm rule "Block Office applications from creating executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-10-29T01:21:48.542Z Loaded ASR vdm rule "Block Webshell creation for Servers", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-10-29T01:21:48.542Z Loaded ASR vdm rule "Block Office communication application from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-10-29T01:21:48.542Z Loaded ASR vdm rule "Block Win32 API calls from Office macro", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-10-29T01:21:48.542Z Loaded ASR vdm rule "Block abuse of in-the-wild exploited vulnerable signed drivers", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-10-29T01:21:48.542Z Loaded ASR vdm rule "Block all Office applications from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-10-29T01:21:48.542Z Loaded ASR vdm rule "Use advanced protection against ransomware", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-10-29T01:21:48.542Z Loaded ASR vdm rule "Block Process Creations originating from PSExec & WMI commands", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-10-29T01:21:48.542Z Loaded ASR vdm rule "Block Launching of executable content from email attachment", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-10-29T01:21:48.542Z Loaded ASR vdm rule "Block JavaScript or VBScript from launching downloaded executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-10-29T01:21:48.542Z Loaded ASR vdm rule "Block persistence through WMI event subscription", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-10-29T01:21:48.542Z Loaded ASR vdm rule "Aplha Test for ASR in Audit Mode", State=5, Action=1, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-10-29T01:21:48.542Z Loaded ASR vdm rule "Block rebooting machine in Safe Mode", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-10-29T01:21:48.542Z Loaded ASR vdm rule "Aplha Test for ASR in Block Mode", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-10-29T01:21:48.542Z Loaded ASR vdm rule "Block execution of potentially obfuscated scripts", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
2023-10-29T01:21:48.542Z CSignatureStatus: back to good
2023-10-29T01:21:48.542Z [Engine] Loaded E:\Windows\Microsoft Antimalware\Definition Updates\{0C2D78DC-D2EC-4118-8435-8B2004ABA6C8}
2023-10-29T01:21:48.542Z [Engine] Removing E:\Windows\Microsoft Antimalware\Definition Updates\{23A76346-6837-40BA-A060-328755D09ABB} ...
2023-10-29T01:21:48.542Z [Engine] Removing E:\Windows\Microsoft Antimalware\Definition Updates\{E0A627E4-6212-4663-901B-21704FCA0136} ...
2023-10-29T01:21:48.542Z MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0x0
Signature updated via XCopy on 10-29-2023 02:21:48
Product Version: 4.18.1907.16384
Service Version: 4.18.1909.6
Engine Version: 1.1.23090.2007
AS Signature Version: 1.399.1480.0
AV Signature Version: 1.399.1480.0
************************************************************
2023-10-29T01:21:48.542Z UpdateEngine finished with 0x0: Source: 3, szUpdateDirectory: E:\Windows\Microsoft Antimalware\Definition Updates\{E0A627E4-6212-4663-901B-21704FCA0136}
2023-10-29T01:21:48.557Z Engine loaded!
2023-10-29T01:21:48.557Z Verifying license file...
2023-10-29T01:21:48.557Z Verified [E:\ProgramData\Microsoft\Windows Defender\Offline Scanner\msmplics.dll]
2023-10-29T01:21:48.557Z MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0x0
Product Version: 4.18.1907.16384
Service Version: 4.18.1909.6
Engine Version: 1.1.23090.2007
AS Signature Version: 1.399.1480.0
AV Signature Version: 1.399.1480.0
************************************************************
2023-10-29T01:21:49.479Z MpManagerEnable: setting DisableAS to 0 ...
2023-10-29T01:21:49.479Z MpManagerEnable: setting DisableAV to 0 ...
2023-10-29T01:21:49.479Z Scheduled scan configured CPU priority: normal (LowCpuPriority: 0)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E98961FA8, sigsha=29727b199c33e2ba7beb863c494f3a822d8e7975, cached=false, source=0, resourceid=0x8a4b52bb
2023-10-29T01:22:45.432Z Process scan (postsignatureupdatescan) started.
2023-10-29T01:22:45.542Z Process scan (postsignatureupdatescan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9BADD0C7, sigsha=c6503d7da3fb69d0e1e06a3664003856a0794239, cached=false, source=0, resourceid=0x3d68dece
Internal signature match:subtype=Lowfi, sigseq=0x0000157E95A3DDE2, sigsha=63d8897959ecd045bd7bf0881d6031e25b3c36e1, cached=false, source=0, resourceid=0x3d68dece
Engine:
2023-10-29T01:23:39.789Z Triggered AR EMS scan

Engine:
2023-10-29T01:23:39.789Z EMS scan for process: lsass pid: 772, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-10-29T01:23:39.851Z EMS scan for process: svchost pid: 892, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-10-29T01:23:39.883Z EMS scan for process: svchost pid: 996, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-10-29T01:23:39.898Z EMS scan for process: svchost pid: 840, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-10-29T01:23:39.961Z EMS scan for process: svchost pid: 804, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-10-29T01:23:39.976Z EMS scan for process: svchost pid: 1044, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-10-29T01:23:40.008Z EMS scan for process: svchost pid: 1172, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-10-29T01:23:40.054Z EMS scan for process: svchost pid: 1468, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-10-29T01:23:40.086Z EMS scan for process: svchost pid: 1564, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-10-29T01:23:40.101Z EMS scan for process: svchost pid: 1716, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-10-29T01:23:40.133Z EMS scan for process: svchost pid: 1780, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Internal signature match:subtype=Lowfi, sigseq=0x0000E5E711B2AB39, sigsha=81aa596ffe243ce47b78e77b4f9e92c4e075f336, cached=false, source=0, resourceid=0xb49f25b9
2023-10-29T01:24:25.618Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-10-29T01:24:46.085Z Service stop requested (ServiceError: 0x0). Calling CleanupMpService ...
2023-10-29T01:24:46.163Z Unloaded module#0 MpComServer.
Microsoft Antimalware (F7F4CD20-7371-4319-B1DB-6FCFC68573EC) Log
Stopped On 10-29-2023 02:24:46 (Exit Code = 0x0)
************************************************************
--------------------------------------------------------------------------------
Microsoft Antimalware (F7F4CD20-7371-4319-B1DB-6FCFC68573EC) Service Log
Started On 11-17-2023 11:34:12
************************************************************
OS install time not retrieved: hr = 0x8007000d
Current time: 11/17/2023 10:34:12.314869600 UTC (15062 ms since boot)
2023-11-17T10:34:12.300Z ProductId: 4, ProductFeature: 0, LaunchedProtected: 0, IsWcos: 0, IsContainerOs: 0
2023-11-17T10:34:12.300Z [WPP] Starting WPP trace with buffersize 4MB, maxfilesize: 16MB, filename: WdoWppTracing-20231117-113412-00000003-ffffffff.bin ...
2023-11-17T10:34:12.315Z [WPP] Trace session started - WdoWppTracing-20231117-113412-00000003-ffffffff.bin
2023-11-17T10:34:12.315Z OS Build/Branch info: 19041.1.amd64fre.vb_release.191206-1406
2023-11-17T10:34:12.315Z [PlatUpd] Service launched successfully from: E:\ProgramData\Microsoft\Windows Defender\Offline Scanner
2023-11-17T10:34:12.315Z Service is asked to be reenabled.
2023-11-17T10:34:12.315Z Task(-EnableService) launched
2023-11-17T10:34:12.331Z Loaded module#0 MpComServer.
2023-11-17T10:34:12.331Z Loading engine...
2023-11-17T10:34:12.409Z UpdateEngine start: Source: 3, szUpdateDirectory: E:\Windows\Microsoft Antimalware\Definition Updates\{227F1EA3-633E-4A4A-B99D-0E0B8537A0A8}
2023-11-17T10:34:12.487Z Verifying engine and signature files (source: 0) ...
2023-11-17T10:34:12.503Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{C685A9CC-4339-4C71-AAAF-B55E54969F84}\mpengine.dll]
2023-11-17T10:34:12.565Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{C685A9CC-4339-4C71-AAAF-B55E54969F84}\mpasbase.vdm]
2023-11-17T10:34:12.565Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{C685A9CC-4339-4C71-AAAF-B55E54969F84}\mpasdlta.vdm]
2023-11-17T10:34:12.596Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{C685A9CC-4339-4C71-AAAF-B55E54969F84}\mpavbase.vdm]
2023-11-17T10:34:12.596Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{C685A9CC-4339-4C71-AAAF-B55E54969F84}\mpavdlta.vdm]
Database:
2023-11-17T10:34:12.628Z Can't find offline cache cache (E:\Windows\Microsoft Antimalware\Scans\mpcache-EBD7F712813CC82082B894105E1BFE3ED951649B.bin): 0x00000002IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007bIDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000dIDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d
2023-11-17T10:34:15.455Z [AutoExclusion] Skipped Non-Windows 10+ Server SKUs.
Engine-HIPS:
2023-11-17T10:34:15.471Z Loaded ASR vdm rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-17T10:34:15.471Z Loaded ASR vdm rule "Block credential stealing from the Windows local security authority subsystem (lsass.exe)", State=5, Action=7, Type=1, Duplicates(Interval=144000000000, scope=0x380)
Engine-HIPS:
2023-11-17T10:34:15.471Z Loaded ASR vdm rule "Block Office applications from injecting code into other processes", State=5, Action=2, Type=24, Duplicates(Interval=144000000000, scope=0x380)
Engine-HIPS:
2023-11-17T10:34:15.471Z Loaded ASR vdm rule "Controlled folder access", State=0, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-11-17T10:34:15.471Z Loaded ASR vdm rule "Block untrusted and unsigned processes that run from USB", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-17T10:34:15.471Z Loaded ASR vdm rule "Block Adobe Reader from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-17T10:34:15.471Z Loaded ASR vdm rule "Block Office applications from creating executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-17T10:34:15.471Z Loaded ASR vdm rule "Block Webshell creation for Servers", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-11-17T10:34:15.471Z Loaded ASR vdm rule "Block Office communication application from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-17T10:34:15.471Z Loaded ASR vdm rule "Block Win32 API calls from Office macro", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-17T10:34:15.471Z Loaded ASR vdm rule "Block abuse of in-the-wild exploited vulnerable signed drivers", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-17T10:34:15.471Z Loaded ASR vdm rule "Block all Office applications from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-17T10:34:15.471Z Loaded ASR vdm rule "Use advanced protection against ransomware", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-17T10:34:15.471Z Loaded ASR vdm rule "Block Process Creations originating from PSExec & WMI commands", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-17T10:34:15.471Z Loaded ASR vdm rule "Block Launching of executable content from email attachment", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-17T10:34:15.471Z Loaded ASR vdm rule "Block JavaScript or VBScript from launching downloaded executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-17T10:34:15.471Z Loaded ASR vdm rule "Block persistence through WMI event subscription", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-17T10:34:15.471Z Loaded ASR vdm rule "Aplha Test for ASR in Audit Mode", State=5, Action=1, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-11-17T10:34:15.471Z Loaded ASR vdm rule "Block rebooting machine in Safe Mode", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-17T10:34:15.471Z Loaded ASR vdm rule "Aplha Test for ASR in Block Mode", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-11-17T10:34:15.471Z Loaded ASR vdm rule "Block execution of potentially obfuscated scripts", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
2023-11-17T10:34:15.471Z CSignatureStatus: back to good
2023-11-17T10:34:15.471Z [Engine] Loaded E:\Windows\Microsoft Antimalware\Definition Updates\{C685A9CC-4339-4C71-AAAF-B55E54969F84}
2023-11-17T10:34:15.471Z [Engine] Removing E:\Windows\Microsoft Antimalware\Definition Updates\{0C2D78DC-D2EC-4118-8435-8B2004ABA6C8} ...
2023-11-17T10:34:15.471Z [Engine] Removing E:\Windows\Microsoft Antimalware\Definition Updates\{227F1EA3-633E-4A4A-B99D-0E0B8537A0A8} ...
2023-11-17T10:34:15.471Z MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0x0
Signature updated via XCopy on 11-17-2023 11:34:15
Product Version: 4.18.1907.16384
Service Version: 4.18.1909.6
Engine Version: 1.1.23100.2009
AS Signature Version: 1.401.743.0
AV Signature Version: 1.401.743.0
************************************************************
2023-11-17T10:34:15.471Z UpdateEngine finished with 0x0: Source: 3, szUpdateDirectory: E:\Windows\Microsoft Antimalware\Definition Updates\{227F1EA3-633E-4A4A-B99D-0E0B8537A0A8}
2023-11-17T10:34:15.471Z Engine loaded!
2023-11-17T10:34:15.471Z Verifying license file...
2023-11-17T10:34:15.471Z Verified [E:\ProgramData\Microsoft\Windows Defender\Offline Scanner\msmplics.dll]
2023-11-17T10:34:15.471Z MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0x0
Product Version: 4.18.1907.16384
Service Version: 4.18.1909.6
Engine Version: 1.1.23100.2009
AS Signature Version: 1.401.743.0
AV Signature Version: 1.401.743.0
************************************************************
2023-11-17T10:34:16.361Z MpManagerEnable: setting DisableAS to 0 ...
2023-11-17T10:34:16.361Z MpManagerEnable: setting DisableAV to 0 ...
2023-11-17T10:34:16.361Z Scheduled scan configured CPU priority: normal (LowCpuPriority: 0)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E98961FA8, sigsha=29727b199c33e2ba7beb863c494f3a822d8e7975, cached=false, source=0, resourceid=0x8a4b52bb
Internal signature match:subtype=Lowfi, sigseq=0x0000157E2A2F4C65, sigsha=ae88665c30e26eb1154be07be0b5cafd16519aeb, cached=false, source=0, resourceid=0x4b4c5fe9
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9F0A04E5, sigsha=2407722c6dfa0545aa406ec71099f76a189c8ed5, cached=false, source=0, resourceid=0x4b4c5fe9
Internal signature match:subtype=Lowfi, sigseq=0x000058E743C017A9, sigsha=5a7d7d9288c3318fcde92a684e9f4d68bd29bfc3, cached=false, source=0, resourceid=0xa52b0989
Internal signature match:subtype=Lowfi, sigseq=0x000068E759DB46B0, sigsha=200c7ab7e1ec62d04985a98280a0f782eaadb79c, cached=false, source=0, resourceid=0xa52b0989
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC66AE0, sigsha=f0a9119f63c3b8de08e9e2bee368ef2337f99eba, cached=false, source=0, resourceid=0xd3126654
2023-11-17T10:35:12.318Z Process scan (postsignatureupdatescan) started.
2023-11-17T10:35:12.432Z Process scan (postsignatureupdatescan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x0000157E238D9CCA, sigsha=d563b6725589fb9e27e1f451cc04e891a98623cf, cached=false, source=0, resourceid=0xe9912485
Engine:
2023-11-17T10:35:57.959Z Triggered AR EMS scan

Engine:
2023-11-17T10:35:57.959Z EMS scan for process: lsass pid: 776, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-17T10:35:58.022Z EMS scan for process: svchost pid: 896, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-17T10:35:58.069Z EMS scan for process: svchost pid: 1008, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-17T10:35:58.084Z EMS scan for process: svchost pid: 624, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-17T10:35:58.131Z EMS scan for process: svchost pid: 844, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-17T10:35:58.162Z EMS scan for process: svchost pid: 1032, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-17T10:35:58.193Z EMS scan for process: svchost pid: 1164, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-17T10:35:58.225Z EMS scan for process: svchost pid: 1452, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-17T10:35:58.256Z EMS scan for process: svchost pid: 1548, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-17T10:35:58.272Z EMS scan for process: svchost pid: 1696, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-17T10:35:58.303Z EMS scan for process: svchost pid: 1756, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Internal signature match:subtype=Lowfi, sigseq=0x0000E5E711B2AB39, sigsha=81aa596ffe243ce47b78e77b4f9e92c4e075f336, cached=false, source=0, resourceid=0xb49f25b9
2023-11-17T10:36:45.696Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-11-17T10:37:06.537Z Service stop requested (ServiceError: 0x0). Calling CleanupMpService ...
2023-11-17T10:37:06.616Z Unloaded module#0 MpComServer.
Microsoft Antimalware (F7F4CD20-7371-4319-B1DB-6FCFC68573EC) Log
Stopped On 11-17-2023 11:37:06 (Exit Code = 0x0)
************************************************************
--------------------------------------------------------------------------------
Microsoft Antimalware (F7F4CD20-7371-4319-B1DB-6FCFC68573EC) Service Log
Started On 11-20-2023 11:55:35
************************************************************
OS install time not retrieved: hr = 0x8007000d
Current time: 11/20/2023 10:55:35.366080700 UTC (15109 ms since boot)
2023-11-20T10:55:35.352Z ProductId: 4, ProductFeature: 0, LaunchedProtected: 0, IsWcos: 0, IsContainerOs: 0
2023-11-20T10:55:35.352Z [WPP] Starting WPP trace with buffersize 4MB, maxfilesize: 16MB, filename: WdoWppTracing-20231120-115535-00000003-ffffffff.bin ...
2023-11-20T10:55:35.352Z [WPP] Trace session started - WdoWppTracing-20231120-115535-00000003-ffffffff.bin
2023-11-20T10:55:35.352Z OS Build/Branch info: 19041.1.amd64fre.vb_release.191206-1406
2023-11-20T10:55:35.352Z [PlatUpd] Service launched successfully from: E:\ProgramData\Microsoft\Windows Defender\Offline Scanner
2023-11-20T10:55:35.368Z Service is asked to be reenabled.
2023-11-20T10:55:35.368Z Task(-EnableService) launched
2023-11-20T10:55:35.383Z Loaded module#0 MpComServer.
2023-11-20T10:55:35.383Z Loading engine...
2023-11-20T10:55:35.462Z UpdateEngine start: Source: 3, szUpdateDirectory: E:\Windows\Microsoft Antimalware\Definition Updates\{97E2004E-0E13-4876-B374-BD57B3785559}
2023-11-20T10:55:35.524Z Verifying engine and signature files (source: 0) ...
2023-11-20T10:55:35.555Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{85C863F8-CD54-464C-8FF7-A123AE08A677}\mpengine.dll]
2023-11-20T10:55:35.602Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{85C863F8-CD54-464C-8FF7-A123AE08A677}\mpasbase.vdm]
2023-11-20T10:55:35.602Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{85C863F8-CD54-464C-8FF7-A123AE08A677}\mpasdlta.vdm]
2023-11-20T10:55:35.634Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{85C863F8-CD54-464C-8FF7-A123AE08A677}\mpavbase.vdm]
2023-11-20T10:55:35.649Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{85C863F8-CD54-464C-8FF7-A123AE08A677}\mpavdlta.vdm]
Database:
2023-11-20T10:55:35.680Z Can't find offline cache cache (E:\Windows\Microsoft Antimalware\Scans\mpcache-A7AB77627F875B8E6804AC006DE27AE276F1550E.bin): 0x00000002IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007bIDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000dIDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d
2023-11-20T10:55:38.477Z [AutoExclusion] Skipped Non-Windows 10+ Server SKUs.
Engine-HIPS:
2023-11-20T10:55:38.492Z Loaded ASR vdm rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-20T10:55:38.492Z Loaded ASR vdm rule "Block credential stealing from the Windows local security authority subsystem (lsass.exe)", State=5, Action=7, Type=1, Duplicates(Interval=144000000000, scope=0x380)
Engine-HIPS:
2023-11-20T10:55:38.492Z Loaded ASR vdm rule "Block Office applications from injecting code into other processes", State=5, Action=2, Type=24, Duplicates(Interval=144000000000, scope=0x380)
Engine-HIPS:
2023-11-20T10:55:38.492Z Loaded ASR vdm rule "Controlled folder access", State=0, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-11-20T10:55:38.492Z Loaded ASR vdm rule "Block untrusted and unsigned processes that run from USB", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-20T10:55:38.492Z Loaded ASR vdm rule "Block Adobe Reader from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-20T10:55:38.492Z Loaded ASR vdm rule "Block Office applications from creating executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-20T10:55:38.492Z Loaded ASR vdm rule "Block Webshell creation for Servers", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-11-20T10:55:38.492Z Loaded ASR vdm rule "Block Office communication application from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-20T10:55:38.492Z Loaded ASR vdm rule "Block Win32 API calls from Office macro", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-20T10:55:38.492Z Loaded ASR vdm rule "Block abuse of in-the-wild exploited vulnerable signed drivers", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-20T10:55:38.492Z Loaded ASR vdm rule "Block all Office applications from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-20T10:55:38.492Z Loaded ASR vdm rule "Use advanced protection against ransomware", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-20T10:55:38.492Z Loaded ASR vdm rule "Block Process Creations originating from PSExec & WMI commands", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-20T10:55:38.492Z Loaded ASR vdm rule "Block Launching of executable content from email attachment", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-20T10:55:38.492Z Loaded ASR vdm rule "Block JavaScript or VBScript from launching downloaded executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-20T10:55:38.492Z Loaded ASR vdm rule "Block persistence through WMI event subscription", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-20T10:55:38.492Z Loaded ASR vdm rule "Aplha Test for ASR in Audit Mode", State=5, Action=1, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-11-20T10:55:38.492Z Loaded ASR vdm rule "Block rebooting machine in Safe Mode", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-20T10:55:38.492Z Loaded ASR vdm rule "Aplha Test for ASR in Block Mode", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-11-20T10:55:38.492Z Loaded ASR vdm rule "Block execution of potentially obfuscated scripts", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
2023-11-20T10:55:38.492Z CSignatureStatus: back to good
2023-11-20T10:55:38.492Z [Engine] Loaded E:\Windows\Microsoft Antimalware\Definition Updates\{85C863F8-CD54-464C-8FF7-A123AE08A677}
2023-11-20T10:55:38.492Z [Engine] Removing E:\Windows\Microsoft Antimalware\Definition Updates\{97E2004E-0E13-4876-B374-BD57B3785559} ...
2023-11-20T10:55:38.492Z [Engine] Removing E:\Windows\Microsoft Antimalware\Definition Updates\{C685A9CC-4339-4C71-AAAF-B55E54969F84} ...
2023-11-20T10:55:38.492Z MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0x0
Signature updated via XCopy on 11-20-2023 11:55:38
Product Version: 4.18.1907.16384
Service Version: 4.18.1909.6
Engine Version: 1.1.23100.2009
AS Signature Version: 1.401.902.0
AV Signature Version: 1.401.902.0
************************************************************
2023-11-20T10:55:38.492Z UpdateEngine finished with 0x0: Source: 3, szUpdateDirectory: E:\Windows\Microsoft Antimalware\Definition Updates\{97E2004E-0E13-4876-B374-BD57B3785559}
2023-11-20T10:55:38.492Z Engine loaded!
2023-11-20T10:55:38.492Z Verifying license file...
2023-11-20T10:55:38.492Z Verified [E:\ProgramData\Microsoft\Windows Defender\Offline Scanner\msmplics.dll]
2023-11-20T10:55:38.492Z MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0x0
Product Version: 4.18.1907.16384
Service Version: 4.18.1909.6
Engine Version: 1.1.23100.2009
AS Signature Version: 1.401.902.0
AV Signature Version: 1.401.902.0
************************************************************
2023-11-20T10:55:39.414Z MpManagerEnable: setting DisableAS to 0 ...
2023-11-20T10:55:39.414Z MpManagerEnable: setting DisableAV to 0 ...
2023-11-20T10:55:39.414Z Scheduled scan configured CPU priority: normal (LowCpuPriority: 0)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E98961FA8, sigsha=29727b199c33e2ba7beb863c494f3a822d8e7975, cached=false, source=0, resourceid=0x8a4b52bb
Internal signature match:subtype=Lowfi, sigseq=0x0000157E2A2F4C65, sigsha=ae88665c30e26eb1154be07be0b5cafd16519aeb, cached=false, source=0, resourceid=0x4b4c5fe9
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9F0A04E5, sigsha=2407722c6dfa0545aa406ec71099f76a189c8ed5, cached=false, source=0, resourceid=0x4b4c5fe9
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC66AE0, sigsha=f0a9119f63c3b8de08e9e2bee368ef2337f99eba, cached=false, source=0, resourceid=0xd3126654
2023-11-20T10:56:35.376Z Process scan (postsignatureupdatescan) started.
2023-11-20T10:56:35.486Z Process scan (postsignatureupdatescan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x0000157E238D9CCA, sigsha=d563b6725589fb9e27e1f451cc04e891a98623cf, cached=false, source=0, resourceid=0xe9912485
Engine:
2023-11-20T10:57:17.879Z Triggered AR EMS scan

Engine:
2023-11-20T10:57:17.879Z EMS scan for process: lsass pid: 776, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-20T10:57:17.957Z EMS scan for process: svchost pid: 892, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-20T10:57:17.988Z EMS scan for process: svchost pid: 1004, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-20T10:57:18.004Z EMS scan for process: svchost pid: 628, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-20T10:57:18.051Z EMS scan for process: svchost pid: 844, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-20T10:57:18.082Z EMS scan for process: svchost pid: 1036, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-20T10:57:18.113Z EMS scan for process: svchost pid: 1160, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-20T10:57:18.145Z EMS scan for process: svchost pid: 1452, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-20T10:57:18.176Z EMS scan for process: svchost pid: 1548, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-20T10:57:18.207Z EMS scan for process: svchost pid: 1700, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-20T10:57:18.223Z EMS scan for process: svchost pid: 1764, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Internal signature match:subtype=Lowfi, sigseq=0x0000E5E711B2AB39, sigsha=81aa596ffe243ce47b78e77b4f9e92c4e075f336, cached=false, source=0, resourceid=0xb49f25b9
2023-11-20T10:58:05.239Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-11-20T10:58:25.938Z Service stop requested (ServiceError: 0x0). Calling CleanupMpService ...
2023-11-20T10:58:26.017Z Unloaded module#0 MpComServer.
Microsoft Antimalware (F7F4CD20-7371-4319-B1DB-6FCFC68573EC) Log
Stopped On 11-20-2023 11:58:26 (Exit Code = 0x0)
************************************************************
--------------------------------------------------------------------------------
Microsoft Antimalware (F7F4CD20-7371-4319-B1DB-6FCFC68573EC) Service Log
Started On 11-25-2023 01:30:47
************************************************************
OS install time not retrieved: hr = 0x8007000d
Current time: 11/25/2023 00:30:47.404582100 UTC (10156 ms since boot)
2023-11-25T00:30:47.403Z ProductId: 4, ProductFeature: 0, LaunchedProtected: 0, IsWcos: 0, IsContainerOs: 0
2023-11-25T00:30:47.403Z [WPP] Starting WPP trace with buffersize 4MB, maxfilesize: 16MB, filename: WdoWppTracing-20231125-013047-00000003-ffffffff.bin ...
2023-11-25T00:30:47.403Z [WPP] Trace session started - WdoWppTracing-20231125-013047-00000003-ffffffff.bin
2023-11-25T00:30:47.403Z OS Build/Branch info: 19041.1.amd64fre.vb_release.191206-1406
2023-11-25T00:30:47.403Z [PlatUpd] Service launched successfully from: E:\ProgramData\Microsoft\Windows Defender\Offline Scanner
2023-11-25T00:30:47.403Z Service is asked to be reenabled.
2023-11-25T00:30:47.403Z Task(-EnableService) launched
2023-11-25T00:30:47.419Z Loaded module#0 MpComServer.
2023-11-25T00:30:47.419Z Loading engine...
2023-11-25T00:30:47.419Z CSignatureStatus: changed to DUE_REPORTED
2023-11-25T00:30:47.419Z Engine loaded!
2023-11-25T00:30:47.419Z Verifying license file...
2023-11-25T00:30:47.419Z Verified [E:\ProgramData\Microsoft\Windows Defender\Offline Scanner\msmplics.dll]
Product Version: 4.18.1907.16384
Service Version: 4.18.1909.6
Engine Version: 0.0.0.0
AS Signature Version: 0.0.0.0
AV Signature Version: 0.0.0.0
************************************************************
2023-11-25T00:30:49.419Z MpManagerEnable: setting DisableAS to 0 ...
2023-11-25T00:30:49.419Z MpManagerEnable: setting DisableAV to 0 ...
2023-11-25T00:31:23.457Z UpdateEngine start: Source: 1, szUpdateDirectory: E:\Windows\Microsoft Antimalware\Tmp\E6F89584-AF9F-44CD-88B9-C84714BAF5C6
2023-11-25T00:31:23.566Z Verifying engine and signature files (source: 0) ...
2023-11-25T00:31:23.582Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{82EF83B3-FCB0-4A62-8AD9-239A86945B78}\mpengine.dll]
2023-11-25T00:31:23.629Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{82EF83B3-FCB0-4A62-8AD9-239A86945B78}\mpasbase.vdm]
2023-11-25T00:31:23.644Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{82EF83B3-FCB0-4A62-8AD9-239A86945B78}\mpasdlta.vdm]
2023-11-25T00:31:23.675Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{82EF83B3-FCB0-4A62-8AD9-239A86945B78}\mpavbase.vdm]
2023-11-25T00:31:23.675Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{82EF83B3-FCB0-4A62-8AD9-239A86945B78}\mpavdlta.vdm]
Database:
2023-11-25T00:31:23.707Z Can't find offline cache cache (E:\Windows\Microsoft Antimalware\Scans\mpcache-11CF14F48D103C58D8C218161E20D870797F4B5C.bin): 0x00000002IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007bIDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000dIDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d
2023-11-25T00:31:26.565Z [AutoExclusion] Skipped Non-Windows 10+ Server SKUs.
Engine-HIPS:
2023-11-25T00:31:26.565Z Loaded ASR vdm rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-25T00:31:26.565Z Loaded ASR vdm rule "Block credential stealing from the Windows local security authority subsystem (lsass.exe)", State=5, Action=7, Type=1, Duplicates(Interval=144000000000, scope=0x380)
Engine-HIPS:
2023-11-25T00:31:26.565Z Loaded ASR vdm rule "Block Office applications from injecting code into other processes", State=5, Action=2, Type=24, Duplicates(Interval=144000000000, scope=0x380)
Engine-HIPS:
2023-11-25T00:31:26.565Z Loaded ASR vdm rule "Controlled folder access", State=0, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-11-25T00:31:26.565Z Loaded ASR vdm rule "Block untrusted and unsigned processes that run from USB", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-25T00:31:26.565Z Loaded ASR vdm rule "Block Adobe Reader from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-25T00:31:26.565Z Loaded ASR vdm rule "Block Office applications from creating executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-25T00:31:26.565Z Loaded ASR vdm rule "Block Webshell creation for Servers", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-11-25T00:31:26.565Z Loaded ASR vdm rule "Block Office communication application from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-25T00:31:26.565Z Loaded ASR vdm rule "Block Win32 API calls from Office macro", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-25T00:31:26.565Z Loaded ASR vdm rule "Block abuse of in-the-wild exploited vulnerable signed drivers", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-25T00:31:26.565Z Loaded ASR vdm rule "Block all Office applications from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-25T00:31:26.565Z Loaded ASR vdm rule "Use advanced protection against ransomware", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-25T00:31:26.565Z Loaded ASR vdm rule "Block Process Creations originating from PSExec & WMI commands", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-25T00:31:26.565Z Loaded ASR vdm rule "Block Launching of executable content from email attachment", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-25T00:31:26.565Z Loaded ASR vdm rule "Block JavaScript or VBScript from launching downloaded executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-25T00:31:26.565Z Loaded ASR vdm rule "Block persistence through WMI event subscription", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-25T00:31:26.565Z Loaded ASR vdm rule "Aplha Test for ASR in Audit Mode", State=5, Action=1, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-11-25T00:31:26.565Z Loaded ASR vdm rule "Block rebooting machine in Safe Mode", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-25T00:31:26.565Z Loaded ASR vdm rule "Aplha Test for ASR in Block Mode", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-11-25T00:31:26.565Z Loaded ASR vdm rule "Block execution of potentially obfuscated scripts", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
2023-11-25T00:31:26.565Z CSignatureStatus: back to good
2023-11-25T00:31:26.565Z [Engine] Loaded E:\Windows\Microsoft Antimalware\Definition Updates\{82EF83B3-FCB0-4A62-8AD9-239A86945B78}
2023-11-25T00:31:26.565Z [Engine] Removing E:\Windows\Microsoft Antimalware\Definition Updates\{85C863F8-CD54-464C-8FF7-A123AE08A677} ...
2023-11-25T00:31:26.565Z MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0x0
Signature updated on 11-25-2023 01:31:26
Product Version: 4.18.1907.16384
Service Version: 4.18.1909.6
Engine Version: 1.1.23100.2009
AS Signature Version: 1.401.1140.0
AV Signature Version: 1.401.1140.0
************************************************************
2023-11-25T00:31:26.565Z UpdateEngine finished with 0x0: Source: 1, szUpdateDirectory: E:\Windows\Microsoft Antimalware\Tmp\E6F89584-AF9F-44CD-88B9-C84714BAF5C6
Signature updated via MMPC on 11-25-2023 01:31:26
************************************************************
2023-11-25T00:31:28.724Z Scheduled scan configured CPU priority: normal (LowCpuPriority: 0)
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF91EA436, sigsha=af3f4b786d3794385380fcf3c3d96919d8a46658, cached=false, source=0, resourceid=0x74ebd00e
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF6991F72, sigsha=4dbbc08281551726bd04ba902b894b4067c92230, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA1C87284, sigsha=ae3091c75d855340dcd09032a0b064daabbfb780, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9F0A04E5, sigsha=2407722c6dfa0545aa406ec71099f76a189c8ed5, cached=false, source=0, resourceid=0x4b4c5fe9
Internal signature match:subtype=Lowfi, sigseq=0x0000157E373595DB, sigsha=7134d1de7c166d5c551e66a45ad5b9d48a4318f5, cached=false, source=0, resourceid=0x4b3d599f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1A6B1298, sigsha=907946ed0e88820e8ecc90b8b92efd7f17588740, cached=false, source=0, resourceid=0x4b3d599f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E29D5F2ED, sigsha=79a8a820d9c2cb08d3675e9f5e949b0c79d94397, cached=false, source=0, resourceid=0x7869ba8f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0883EF27, sigsha=bb7878611d9211506e3328b7beb9101a493da6d2, cached=false, source=0, resourceid=0x7869ba8f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E14A93A1D, sigsha=136fbab8d34168d8950829fe4f022ee21afbd1c8, cached=false, source=0, resourceid=0x7869ba8f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E83FC0B67, sigsha=14017ceb018d7eb7a310f97b27fadc59a3f6e4e7, cached=false, source=0, resourceid=0xfcd70e60
2023-11-25T00:31:47.403Z Process scan (postsignatureupdatescan) started.
2023-11-25T00:31:47.535Z Process scan (postsignatureupdatescan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x0000157E786518A0, sigsha=f20ef8dbd5555657b1c7409bab8b9de1a9a2b4dd, cached=false, source=0, resourceid=0x5cff7265
Internal signature match:subtype=Lowfi, sigseq=0x0000157E90573C0C, sigsha=b60c1ad184fbcba8c2a993fe3a6ef0097ac7e37e, cached=false, source=0, resourceid=0x4ad065d3
Internal signature match:subtype=Lowfi, sigseq=0x00000555051EE39F, sigsha=32ed9fa9f09fa8fcc70ac6a257c272ea7d24741f, cached=false, source=0, resourceid=0x39e903de
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9FFF7E88, sigsha=f3ff9e037920266c82e8cd27d13af4bb9bf082d8, cached=false, source=0, resourceid=0x59ff5552
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF6991F72, sigsha=4dbbc08281551726bd04ba902b894b4067c92230, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA1C87284, sigsha=ae3091c75d855340dcd09032a0b064daabbfb780, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E491C304B, sigsha=92df020002d1b5985981453b351af2c12ac04ea7, cached=false, source=0, resourceid=0x0adb907b
Internal signature match:subtype=Lowfi, sigseq=0x0000157E373595DB, sigsha=7134d1de7c166d5c551e66a45ad5b9d48a4318f5, cached=false, source=0, resourceid=0x4b3d599f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1A6B1298, sigsha=907946ed0e88820e8ecc90b8b92efd7f17588740, cached=false, source=0, resourceid=0x4b3d599f
Engine:
2023-11-25T00:33:02.730Z Triggered AR EMS scan

Engine:
2023-11-25T00:33:02.730Z EMS scan for process: lsass pid: 784, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-25T00:33:02.808Z EMS scan for process: svchost pid: 904, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-25T00:33:02.840Z EMS scan for process: svchost pid: 1016, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-25T00:33:02.855Z EMS scan for process: svchost pid: 632, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-25T00:33:02.918Z EMS scan for process: svchost pid: 948, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-25T00:33:02.933Z EMS scan for process: svchost pid: 1044, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-25T00:33:02.965Z EMS scan for process: svchost pid: 1168, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-25T00:33:03.011Z EMS scan for process: svchost pid: 1460, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-25T00:33:03.043Z EMS scan for process: svchost pid: 1556, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-25T00:33:03.074Z EMS scan for process: svchost pid: 1708, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-25T00:33:03.089Z EMS scan for process: svchost pid: 1776, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-25T00:33:03.105Z EMS scan for process: svchost pid: 1948, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Internal signature match:subtype=Lowfi, sigseq=0x00000555051EE39F, sigsha=32ed9fa9f09fa8fcc70ac6a257c272ea7d24741f, cached=true, source=0, resourceid=0x39e903de
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6A8BD63B, sigsha=1f9207f616b7840f85224d979fdcb6418188f6f4, cached=false, source=0, resourceid=0xb2fe7d82
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE415B154, sigsha=cbe3df92b4810b023039b2dd9ce788ccbe7c795c, cached=false, source=0, resourceid=0x553c565b
Internal signature match:subtype=Lowfi, sigseq=0x0000E5E711B2AB39, sigsha=81aa596ffe243ce47b78e77b4f9e92c4e075f336, cached=false, source=0, resourceid=0xb49f25b9
2023-11-25T00:33:48.553Z [Cloud] Engine is requesting config to do cloud query [regular network].
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA74A184A, sigsha=35fa37bc1fdffc8cf5ae985ed76974ae1e46b4ef, cached=false, source=0, resourceid=0xea502a63
2023-11-25T00:34:09.511Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-11-25T00:34:09.511Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-11-25T00:34:09.511Z Service stop requested (ServiceError: 0x0). Calling CleanupMpService ...
2023-11-25T00:34:09.589Z Unloaded module#0 MpComServer.
Microsoft Antimalware (F7F4CD20-7371-4319-B1DB-6FCFC68573EC) Log
Stopped On 11-25-2023 01:34:09 (Exit Code = 0x0)
************************************************************
--------------------------------------------------------------------------------
Microsoft Antimalware (F7F4CD20-7371-4319-B1DB-6FCFC68573EC) Service Log
Started On 11-28-2023 03:03:43
************************************************************
OS install time not retrieved: hr = 0x8007000d
Current time: 11/28/2023 02:03:43.471282900 UTC (9218 ms since boot)
2023-11-28T02:03:43.469Z ProductId: 4, ProductFeature: 0, LaunchedProtected: 0, IsWcos: 0, IsContainerOs: 0
2023-11-28T02:03:43.469Z [WPP] Starting WPP trace with buffersize 4MB, maxfilesize: 16MB, filename: WdoWppTracing-20231128-030343-00000003-ffffffff.bin ...
2023-11-28T02:03:43.469Z [WPP] Trace session started - WdoWppTracing-20231128-030343-00000003-ffffffff.bin
2023-11-28T02:03:43.469Z OS Build/Branch info: 19041.1.amd64fre.vb_release.191206-1406
2023-11-28T02:03:43.469Z [PlatUpd] Service launched successfully from: E:\ProgramData\Microsoft\Windows Defender\Offline Scanner
2023-11-28T02:03:43.469Z Service is asked to be reenabled.
2023-11-28T02:03:43.469Z Task(-EnableService) launched
2023-11-28T02:03:43.484Z Loaded module#0 MpComServer.
2023-11-28T02:03:43.484Z Loading engine...
2023-11-28T02:03:43.578Z UpdateEngine start: Source: 3, szUpdateDirectory: E:\Windows\Microsoft Antimalware\Definition Updates\{593C08E4-BC84-4A97-87DF-54D5D73A183C}
2023-11-28T02:03:43.641Z Verifying engine and signature files (source: 0) ...
2023-11-28T02:03:43.656Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{4E3450E1-76F4-45F8-93C1-301291411E3C}\mpengine.dll]
2023-11-28T02:03:43.719Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{4E3450E1-76F4-45F8-93C1-301291411E3C}\mpasbase.vdm]
2023-11-28T02:03:43.719Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{4E3450E1-76F4-45F8-93C1-301291411E3C}\mpasdlta.vdm]
2023-11-28T02:03:43.750Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{4E3450E1-76F4-45F8-93C1-301291411E3C}\mpavbase.vdm]
2023-11-28T02:03:43.750Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{4E3450E1-76F4-45F8-93C1-301291411E3C}\mpavdlta.vdm]
Database:
2023-11-28T02:03:43.781Z Can't find offline cache cache (E:\Windows\Microsoft Antimalware\Scans\mpcache-6FD58B9927DDB0635107132CCC75BEBA470C3AEF.bin): 0x00000002IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007bIDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000dIDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d
2023-11-28T02:03:46.656Z [AutoExclusion] Skipped Non-Windows 10+ Server SKUs.
Engine-HIPS:
2023-11-28T02:03:46.671Z Loaded ASR vdm rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-28T02:03:46.671Z Loaded ASR vdm rule "Block credential stealing from the Windows local security authority subsystem (lsass.exe)", State=5, Action=7, Type=1, Duplicates(Interval=144000000000, scope=0x380)
Engine-HIPS:
2023-11-28T02:03:46.671Z Loaded ASR vdm rule "Block Office applications from injecting code into other processes", State=5, Action=2, Type=24, Duplicates(Interval=144000000000, scope=0x380)
Engine-HIPS:
2023-11-28T02:03:46.671Z Loaded ASR vdm rule "Controlled folder access", State=0, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-11-28T02:03:46.671Z Loaded ASR vdm rule "Block untrusted and unsigned processes that run from USB", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-28T02:03:46.671Z Loaded ASR vdm rule "Block Adobe Reader from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-28T02:03:46.671Z Loaded ASR vdm rule "Block Office applications from creating executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-28T02:03:46.671Z Loaded ASR vdm rule "Block Webshell creation for Servers", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-11-28T02:03:46.671Z Loaded ASR vdm rule "Block Office communication application from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-28T02:03:46.671Z Loaded ASR vdm rule "Block Win32 API calls from Office macro", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-28T02:03:46.671Z Loaded ASR vdm rule "Block abuse of in-the-wild exploited vulnerable signed drivers", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-28T02:03:46.671Z Loaded ASR vdm rule "Block all Office applications from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-28T02:03:46.671Z Loaded ASR vdm rule "Use advanced protection against ransomware", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-28T02:03:46.671Z Loaded ASR vdm rule "Block Process Creations originating from PSExec & WMI commands", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-28T02:03:46.671Z Loaded ASR vdm rule "Block Launching of executable content from email attachment", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-28T02:03:46.671Z Loaded ASR vdm rule "Block JavaScript or VBScript from launching downloaded executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-28T02:03:46.671Z Loaded ASR vdm rule "Block persistence through WMI event subscription", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-28T02:03:46.671Z Loaded ASR vdm rule "Aplha Test for ASR in Audit Mode", State=5, Action=1, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-11-28T02:03:46.671Z Loaded ASR vdm rule "Block rebooting machine in Safe Mode", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-11-28T02:03:46.671Z Loaded ASR vdm rule "Aplha Test for ASR in Block Mode", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-11-28T02:03:46.671Z Loaded ASR vdm rule "Block execution of potentially obfuscated scripts", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
2023-11-28T02:03:46.671Z CSignatureStatus: back to good
2023-11-28T02:03:46.671Z [Engine] Loaded E:\Windows\Microsoft Antimalware\Definition Updates\{4E3450E1-76F4-45F8-93C1-301291411E3C}
2023-11-28T02:03:46.671Z [Engine] Removing E:\Windows\Microsoft Antimalware\Definition Updates\{593C08E4-BC84-4A97-87DF-54D5D73A183C} ...
2023-11-28T02:03:46.671Z [Engine] Removing E:\Windows\Microsoft Antimalware\Definition Updates\{82EF83B3-FCB0-4A62-8AD9-239A86945B78} ...
2023-11-28T02:03:46.671Z MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0x0
Signature updated via XCopy on 11-28-2023 03:03:46
Product Version: 4.18.1907.16384
Service Version: 4.18.1909.6
Engine Version: 1.1.23100.2009
AS Signature Version: 1.401.1316.0
AV Signature Version: 1.401.1316.0
************************************************************
2023-11-28T02:03:46.671Z UpdateEngine finished with 0x0: Source: 3, szUpdateDirectory: E:\Windows\Microsoft Antimalware\Definition Updates\{593C08E4-BC84-4A97-87DF-54D5D73A183C}
2023-11-28T02:03:46.671Z Engine loaded!
2023-11-28T02:03:46.671Z Verifying license file...
2023-11-28T02:03:46.687Z Verified [E:\ProgramData\Microsoft\Windows Defender\Offline Scanner\msmplics.dll]
2023-11-28T02:03:46.687Z MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0x0
Product Version: 4.18.1907.16384
Service Version: 4.18.1909.6
Engine Version: 1.1.23100.2009
AS Signature Version: 1.401.1316.0
AV Signature Version: 1.401.1316.0
************************************************************
2023-11-28T02:03:47.515Z MpManagerEnable: setting DisableAS to 0 ...
2023-11-28T02:03:47.515Z MpManagerEnable: setting DisableAV to 0 ...
2023-11-28T02:03:47.515Z Scheduled scan configured CPU priority: normal (LowCpuPriority: 0)
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF91EA436, sigsha=af3f4b786d3794385380fcf3c3d96919d8a46658, cached=false, source=0, resourceid=0x74ebd00e
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF6991F72, sigsha=4dbbc08281551726bd04ba902b894b4067c92230, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA1C87284, sigsha=ae3091c75d855340dcd09032a0b064daabbfb780, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9F0A04E5, sigsha=2407722c6dfa0545aa406ec71099f76a189c8ed5, cached=false, source=0, resourceid=0x4b4c5fe9
Internal signature match:subtype=Lowfi, sigseq=0x0000157E373595DB, sigsha=7134d1de7c166d5c551e66a45ad5b9d48a4318f5, cached=false, source=0, resourceid=0x4b3d599f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1A6B1298, sigsha=907946ed0e88820e8ecc90b8b92efd7f17588740, cached=false, source=0, resourceid=0x4b3d599f
Internal signature match:subtype=Lowfi, sigseq=0x000058E743C017A9, sigsha=5a7d7d9288c3318fcde92a684e9f4d68bd29bfc3, cached=false, source=0, resourceid=0xa52b0989
Internal signature match:subtype=Lowfi, sigseq=0x000068E759DB46B0, sigsha=200c7ab7e1ec62d04985a98280a0f782eaadb79c, cached=false, source=0, resourceid=0xa52b0989
Internal signature match:subtype=Lowfi, sigseq=0x0000157E29D5F2ED, sigsha=79a8a820d9c2cb08d3675e9f5e949b0c79d94397, cached=false, source=0, resourceid=0x7869ba8f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0883EF27, sigsha=bb7878611d9211506e3328b7beb9101a493da6d2, cached=false, source=0, resourceid=0x7869ba8f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E14A93A1D, sigsha=136fbab8d34168d8950829fe4f022ee21afbd1c8, cached=false, source=0, resourceid=0x7869ba8f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E83FC0B67, sigsha=14017ceb018d7eb7a310f97b27fadc59a3f6e4e7, cached=false, source=0, resourceid=0xfcd70e60
Internal signature match:subtype=Lowfi, sigseq=0x0000157E786518A0, sigsha=f20ef8dbd5555657b1c7409bab8b9de1a9a2b4dd, cached=false, source=0, resourceid=0x5cff7265
Internal signature match:subtype=Lowfi, sigseq=0x0000157E90573C0C, sigsha=b60c1ad184fbcba8c2a993fe3a6ef0097ac7e37e, cached=false, source=0, resourceid=0x4ad065d3
Internal signature match:subtype=Lowfi, sigseq=0x00000555051EE39F, sigsha=32ed9fa9f09fa8fcc70ac6a257c272ea7d24741f, cached=false, source=0, resourceid=0x39e903de
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9FFF7E88, sigsha=f3ff9e037920266c82e8cd27d13af4bb9bf082d8, cached=false, source=0, resourceid=0x59ff5552
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF6991F72, sigsha=4dbbc08281551726bd04ba902b894b4067c92230, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA1C87284, sigsha=ae3091c75d855340dcd09032a0b064daabbfb780, cached=false, source=0, resourceid=0x3656a30f
2023-11-28T02:04:43.471Z Process scan (postsignatureupdatescan) started.
2023-11-28T02:04:43.586Z Process scan (postsignatureupdatescan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x00003BE707670DCD, sigsha=4c76205b80168d7ea31aae30628a584b89778f48, cached=false, source=0, resourceid=0xe01a3e64
Internal signature match:subtype=Lowfi, sigseq=0x0000157E491C304B, sigsha=92df020002d1b5985981453b351af2c12ac04ea7, cached=false, source=0, resourceid=0x0adb907b
Internal signature match:subtype=Lowfi, sigseq=0x0000157E373595DB, sigsha=7134d1de7c166d5c551e66a45ad5b9d48a4318f5, cached=false, source=0, resourceid=0x4b3d599f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1A6B1298, sigsha=907946ed0e88820e8ecc90b8b92efd7f17588740, cached=false, source=0, resourceid=0x4b3d599f
Engine:
2023-11-28T02:05:26.409Z Triggered AR EMS scan

Engine:
2023-11-28T02:05:26.409Z EMS scan for process: lsass pid: 772, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-28T02:05:26.472Z EMS scan for process: svchost pid: 892, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-28T02:05:26.518Z EMS scan for process: svchost pid: 1008, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-28T02:05:26.534Z EMS scan for process: svchost pid: 620, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-28T02:05:26.581Z EMS scan for process: svchost pid: 880, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-28T02:05:26.612Z EMS scan for process: svchost pid: 1036, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-28T02:05:26.643Z EMS scan for process: svchost pid: 1160, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-28T02:05:26.675Z EMS scan for process: svchost pid: 1456, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-28T02:05:26.706Z EMS scan for process: svchost pid: 1552, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-28T02:05:26.722Z EMS scan for process: svchost pid: 1704, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-11-28T02:05:26.753Z EMS scan for process: svchost pid: 1768, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Internal signature match:subtype=Lowfi, sigseq=0x00000555051EE39F, sigsha=32ed9fa9f09fa8fcc70ac6a257c272ea7d24741f, cached=true, source=0, resourceid=0x39e903de
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6A8BD63B, sigsha=1f9207f616b7840f85224d979fdcb6418188f6f4, cached=false, source=0, resourceid=0xb2fe7d82
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE415B154, sigsha=cbe3df92b4810b023039b2dd9ce788ccbe7c795c, cached=false, source=0, resourceid=0x553c565b
Internal signature match:subtype=Lowfi, sigseq=0x0000E5E711B2AB39, sigsha=81aa596ffe243ce47b78e77b4f9e92c4e075f336, cached=false, source=0, resourceid=0xb49f25b9
2023-11-28T02:06:11.464Z [Cloud] Engine is requesting config to do cloud query [regular network].
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA74A184A, sigsha=35fa37bc1fdffc8cf5ae985ed76974ae1e46b4ef, cached=false, source=0, resourceid=0xea502a63
2023-11-28T02:06:32.265Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-11-28T02:06:32.265Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-11-28T02:06:32.265Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-11-28T02:06:32.266Z Service stop requested (ServiceError: 0x0). Calling CleanupMpService ...
2023-11-28T02:06:32.344Z Unloaded module#0 MpComServer.
Microsoft Antimalware (F7F4CD20-7371-4319-B1DB-6FCFC68573EC) Log
Stopped On 11-28-2023 03:06:32 (Exit Code = 0x0)
************************************************************
--------------------------------------------------------------------------------
Microsoft Antimalware (F7F4CD20-7371-4319-B1DB-6FCFC68573EC) Service Log
Started On 12-07-2023 14:06:34
************************************************************
OS install time not retrieved: hr = 0x8007000d
Current time: 12/07/2023 13:06:34.769351200 UTC (9515 ms since boot)
2023-12-07T13:06:34.762Z ProductId: 4, ProductFeature: 0, LaunchedProtected: 0, IsWcos: 0, IsContainerOs: 0
2023-12-07T13:06:34.762Z [WPP] Starting WPP trace with buffersize 4MB, maxfilesize: 16MB, filename: WdoWppTracing-20231207-140634-00000003-ffffffff.bin ...
2023-12-07T13:06:34.762Z [WPP] Trace session started - WdoWppTracing-20231207-140634-00000003-ffffffff.bin
2023-12-07T13:06:34.762Z OS Build/Branch info: 19041.1.amd64fre.vb_release.191206-1406
2023-12-07T13:06:34.762Z [PlatUpd] Service launched successfully from: E:\ProgramData\Microsoft\Windows Defender\Offline Scanner
2023-12-07T13:06:34.762Z Service is asked to be reenabled.
2023-12-07T13:06:34.762Z Task(-EnableService) launched
2023-12-07T13:06:34.777Z Loaded module#0 MpComServer.
2023-12-07T13:06:34.777Z Loading engine...
2023-12-07T13:06:34.871Z UpdateEngine start: Source: 3, szUpdateDirectory: E:\Windows\Microsoft Antimalware\Definition Updates\{7A41BE69-F2B0-4E47-87B5-3FA8B648CA02}
2023-12-07T13:06:34.949Z Verifying engine and signature files (source: 0) ...
2023-12-07T13:06:34.965Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{7EFA5ECE-AE11-45C3-9174-F1E142212188}\mpengine.dll]
2023-12-07T13:06:35.027Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{7EFA5ECE-AE11-45C3-9174-F1E142212188}\mpasbase.vdm]
2023-12-07T13:06:35.027Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{7EFA5ECE-AE11-45C3-9174-F1E142212188}\mpasdlta.vdm]
2023-12-07T13:06:35.059Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{7EFA5ECE-AE11-45C3-9174-F1E142212188}\mpavbase.vdm]
2023-12-07T13:06:35.059Z Verified [E:\Windows\Microsoft Antimalware\Definition Updates\{7EFA5ECE-AE11-45C3-9174-F1E142212188}\mpavdlta.vdm]
Database:
2023-12-07T13:06:35.090Z Can't find offline cache cache (E:\Windows\Microsoft Antimalware\Scans\mpcache-BB3B79ABE63F3A4DE53C42F7B97C175477A8F865.bin): 0x00000002IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007bIDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000dIDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d
2023-12-07T13:06:38.011Z [AutoExclusion] Skipped Non-Windows 10+ Server SKUs.
Engine-HIPS:
2023-12-07T13:06:38.011Z Loaded ASR vdm rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-07T13:06:38.011Z Loaded ASR vdm rule "Block credential stealing from the Windows local security authority subsystem (lsass.exe)", State=5, Action=7, Type=1, Duplicates(Interval=144000000000, scope=0x380)
Engine-HIPS:
2023-12-07T13:06:38.011Z Loaded ASR vdm rule "Block Office applications from injecting code into other processes", State=5, Action=2, Type=24, Duplicates(Interval=144000000000, scope=0x380)
Engine-HIPS:
2023-12-07T13:06:38.011Z Loaded ASR vdm rule "Controlled folder access", State=0, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-12-07T13:06:38.011Z Loaded ASR vdm rule "Block untrusted and unsigned processes that run from USB", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-07T13:06:38.011Z Loaded ASR vdm rule "Block Adobe Reader from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-07T13:06:38.011Z Loaded ASR vdm rule "Block Office applications from creating executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-07T13:06:38.011Z Loaded ASR vdm rule "Block Webshell creation for Servers", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-12-07T13:06:38.011Z Loaded ASR vdm rule "Block Office communication application from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-07T13:06:38.011Z Loaded ASR vdm rule "Block Win32 API calls from Office macro", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-07T13:06:38.011Z Loaded ASR vdm rule "Block abuse of in-the-wild exploited vulnerable signed drivers", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-07T13:06:38.011Z Loaded ASR vdm rule "Block all Office applications from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-07T13:06:38.011Z Loaded ASR vdm rule "Use advanced protection against ransomware", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-07T13:06:38.011Z Loaded ASR vdm rule "Block Process Creations originating from PSExec & WMI commands", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-07T13:06:38.011Z Loaded ASR vdm rule "Block Launching of executable content from email attachment", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-07T13:06:38.011Z Loaded ASR vdm rule "Block JavaScript or VBScript from launching downloaded executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-07T13:06:38.011Z Loaded ASR vdm rule "Block persistence through WMI event subscription", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-07T13:06:38.011Z Loaded ASR vdm rule "Aplha Test for ASR in Audit Mode", State=5, Action=1, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-12-07T13:06:38.011Z Loaded ASR vdm rule "Block rebooting machine in Safe Mode", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-07T13:06:38.011Z Loaded ASR vdm rule "Aplha Test for ASR in Block Mode", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-12-07T13:06:38.011Z Loaded ASR vdm rule "Block execution of potentially obfuscated scripts", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
2023-12-07T13:06:38.027Z CSignatureStatus: back to good
2023-12-07T13:06:38.027Z [Engine] Loaded E:\Windows\Microsoft Antimalware\Definition Updates\{7EFA5ECE-AE11-45C3-9174-F1E142212188}
2023-12-07T13:06:38.027Z [Engine] Removing E:\Windows\Microsoft Antimalware\Definition Updates\{4E3450E1-76F4-45F8-93C1-301291411E3C} ...
2023-12-07T13:06:38.027Z [Engine] Removing E:\Windows\Microsoft Antimalware\Definition Updates\{7A41BE69-F2B0-4E47-87B5-3FA8B648CA02} ...
2023-12-07T13:06:38.027Z MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0x0
Signature updated via XCopy on 12-07-2023 14:06:38
Product Version: 4.18.1907.16384
Service Version: 4.18.1909.6
Engine Version: 1.1.23110.2
AS Signature Version: 1.403.87.0
AV Signature Version: 1.403.87.0
************************************************************
2023-12-07T13:06:38.027Z UpdateEngine finished with 0x0: Source: 3, szUpdateDirectory: E:\Windows\Microsoft Antimalware\Definition Updates\{7A41BE69-F2B0-4E47-87B5-3FA8B648CA02}
2023-12-07T13:06:38.027Z Engine loaded!
2023-12-07T13:06:38.027Z Verifying license file...
2023-12-07T13:06:38.027Z Verified [E:\ProgramData\Microsoft\Windows Defender\Offline Scanner\msmplics.dll]
2023-12-07T13:06:38.027Z MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0x0
Product Version: 4.18.1907.16384
Service Version: 4.18.1909.6
Engine Version: 1.1.23110.2
AS Signature Version: 1.403.87.0
AV Signature Version: 1.403.87.0
************************************************************
2023-12-07T13:06:38.823Z MpManagerEnable: setting DisableAS to 0 ...
2023-12-07T13:06:38.823Z MpManagerEnable: setting DisableAV to 0 ...
2023-12-07T13:06:38.823Z Scheduled scan configured CPU priority: normal (LowCpuPriority: 0)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E72E0FC5F, sigsha=c8ac6bd921e3aaff934d47f169f8fa933c7cd938, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA98ED284, sigsha=198c64dc1fe65d96700b19dab54b073ae7c2e8d8, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E81EA8724, sigsha=53fc5536af205e3504aa3a84b11a6c2bfcd971a6, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF6991F72, sigsha=4dbbc08281551726bd04ba902b894b4067c92230, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA1C87284, sigsha=ae3091c75d855340dcd09032a0b064daabbfb780, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E75987DD1, sigsha=5203f971207c8794fdb268d1ef6813510570ff51, cached=false, source=0, resourceid=0x061a8663
Internal signature match:subtype=Lowfi, sigseq=0x0000157E373595DB, sigsha=7134d1de7c166d5c551e66a45ad5b9d48a4318f5, cached=false, source=0, resourceid=0x4b3d599f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1A6B1298, sigsha=907946ed0e88820e8ecc90b8b92efd7f17588740, cached=false, source=0, resourceid=0x4b3d599f
Internal signature match:subtype=Lowfi, sigseq=0x0000108038338C70, sigsha=5a0eb526c0a7e4bea625b6d4bde9a287b2be8881, cached=false, source=0, resourceid=0x4eff4ae0
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA6C06546, sigsha=a30d80a9e4f59161d90a1195a1c4779a14621233, cached=false, source=0, resourceid=0x5fe76fe7
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED876E587, sigsha=d261a17157894a3c05a4ec6f9d0e644a795c0f9a, cached=false, source=0, resourceid=0xf828a74c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6BC00978, sigsha=89d3c3102ed1b1e511b94ab8ea417676f7683ae1, cached=false, source=0, resourceid=0x348edc88
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6BC00978, sigsha=89d3c3102ed1b1e511b94ab8ea417676f7683ae1, cached=false, source=0, resourceid=0xdfb15e78
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECF3D6D82, sigsha=b7fea1877430e0f1535794b2e6ac9171ed72103e, cached=false, source=0, resourceid=0x45d944dc
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6CF31ED7, sigsha=16c9ffa2cc2cd082e9533ca744bfde0ae3862163, cached=false, source=0, resourceid=0x45d944dc
Internal signature match:subtype=Lowfi, sigseq=0x0000157E786518A0, sigsha=f20ef8dbd5555657b1c7409bab8b9de1a9a2b4dd, cached=false, source=0, resourceid=0x5cff7265
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB7FF42F2, sigsha=8f5081c11864e971bdb38cd876b380c99f3dc131, cached=false, source=0, resourceid=0x5cff7265
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1B014D62, sigsha=c1cf7845ca3c111390d1bfcbf205cf3b265203ee, cached=false, source=0, resourceid=0x5cff7265
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA80D2120, sigsha=b325ffa4c13b81bc63c0ea8d8b5653f8a184d350, cached=false, source=0, resourceid=0x01fe7779
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC3B36C98, sigsha=978f333ac4c8da50a64b989d3dce52a5556ea233, cached=false, source=0, resourceid=0xeea5e8c2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E90573C0C, sigsha=b60c1ad184fbcba8c2a993fe3a6ef0097ac7e37e, cached=false, source=0, resourceid=0x4ad065d3
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECC841817, sigsha=e0711b33d07f7208d418b8403c3a38072fc987ff, cached=false, source=0, resourceid=0x4ad065d3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E42057F1F, sigsha=5d27ebdaaf11c6a160a56c2c74b09fc2f7d21533, cached=false, source=0, resourceid=0x2c29a686
Internal signature match:subtype=Lowfi, sigseq=0x00000555051EE39F, sigsha=32ed9fa9f09fa8fcc70ac6a257c272ea7d24741f, cached=false, source=0, resourceid=0x39e903de
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9FFF7E88, sigsha=f3ff9e037920266c82e8cd27d13af4bb9bf082d8, cached=false, source=0, resourceid=0x59ff5552
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB57753C6, sigsha=17a3663ab1f1a6646eeb54cd914c4f64477f52e4, cached=false, source=0, resourceid=0x03b5a549
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF3D28AAC, sigsha=f710c89645f9cae691af57ceaa35f736887e7564, cached=false, source=0, resourceid=0x108bbfc7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E4A7BB2E7, sigsha=e9933cb6c6f750caa0cffffb9311f3c07c4b9c56, cached=false, source=0, resourceid=0x108bbfc7
Internal signature match:subtype=Lowfi, sigseq=0x0000055543D5839C, sigsha=acf86560bd9a1f7114b23fc30df95ef5545c0f94, cached=false, source=0, resourceid=0x1226cea7
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE70F6EDF, sigsha=9bb47b7f7f92e8a054071075078091aecc68d0e3, cached=false, source=0, resourceid=0xb60a192f
Internal signature match:subtype=Lowfi, sigseq=0x000005556D2204AA, sigsha=017069df02e1a59877c9ed0002348ab264d4fe60, cached=false, source=0, resourceid=0xa2a709fd
Internal signature match:subtype=Lowfi, sigseq=0x0000157E20421608, sigsha=c402371b93c77319b00a893c4200b9e7ae8f3444, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF6991F72, sigsha=4dbbc08281551726bd04ba902b894b4067c92230, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA1C87284, sigsha=ae3091c75d855340dcd09032a0b064daabbfb780, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E75987DD1, sigsha=5203f971207c8794fdb268d1ef6813510570ff51, cached=false, source=0, resourceid=0x061a8663
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDFEF7E70, sigsha=5ad8017a6b808c24f628c1d194da3663e0e6ac1b, cached=false, source=0, resourceid=0x5cfbb764
Internal signature match:subtype=Lowfi, sigseq=0x0000157E48686C53, sigsha=41d134694a1b12760df0e9070f34df523475a7ef, cached=false, source=0, resourceid=0x5cfbb764
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE360FF2, sigsha=e65bc491bb0bc0ed271fcd72e0bb399aa91d6939, cached=false, source=0, resourceid=0xdf70f478
Internal signature match:subtype=Lowfi, sigseq=0x0000157E05446831, sigsha=5bb8aa155a43deb5285ae3efeaf65bc6003bffad, cached=false, source=0, resourceid=0xdf70f478
Internal signature match:subtype=Lowfi, sigseq=0x0000157E07C92DEB, sigsha=bc21176c0efe7ea48c495e45b8ae31bd830288ba, cached=false, source=0, resourceid=0xdf70f478
Internal signature match:subtype=Lowfi, sigseq=0x0000157E427B233D, sigsha=fa9395f72f9396a9eac73af531879ffd81653ce1, cached=false, source=0, resourceid=0x786bd6f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE2DAFFDE, sigsha=795ab76c6f26b99ca01999b735330d6ac381946d, cached=false, source=0, resourceid=0xbe0695b2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E081657CF, sigsha=2bee3862ce601f666f825e70ac66eb7f3af29b59, cached=false, source=0, resourceid=0xbe0695b2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E52DDCDEA, sigsha=3b93f1803b49ef19e78cdb5b0eb394ac1d5f5f58, cached=false, source=0, resourceid=0x267cc814
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECED57273, sigsha=f96f441e2b6c6c3a6f5452714e2e8120c9f5e1a5, cached=false, source=0, resourceid=0x267cc814
Internal signature match:subtype=Lowfi, sigseq=0x0000157E4CB91A4D, sigsha=d7fd7bd446683d7e47590b9c811ab46b0493ee04, cached=false, source=0, resourceid=0x3bc48288
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC7C05CE6, sigsha=8633861b30ffa01d5c0143c88b07d2786f5f8e02, cached=false, source=0, resourceid=0x48e8e4d3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E2A1F1565, sigsha=b1d4bfa0e3fca8ab799702a7c40c2bd5bce78559, cached=false, source=0, resourceid=0x9723640c
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBCA134AE, sigsha=4ef97bb95078f1ebdfe7fa58e34d444ba9eb226c, cached=false, source=0, resourceid=0xb4124f31
Internal signature match:subtype=Lowfi, sigseq=0x00000555DE9B4C76, sigsha=e713eabb1d2e60c664fdc9a5bf4137f6dba307dd, cached=false, source=0, resourceid=0x14f738c1
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED252391F, sigsha=cf54332356751ee0ef4d758d1d3633544e7d38e6, cached=false, source=0, resourceid=0x9cc6f55f
2023-12-07T13:07:34.770Z Process scan (postsignatureupdatescan) started.
2023-12-07T13:07:34.895Z Process scan (postsignatureupdatescan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x000005559942CCDB, sigsha=43c1ef7a236de23235066b1fb737880292839542, cached=false, source=0, resourceid=0x948b6478
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7613972F, sigsha=29107c2cd590d8fcbdcff703d82e67caaf58392a, cached=false, source=0, resourceid=0xd3cbf888
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0CE8C54C, sigsha=9da2eda987d787aba801d34e17068fc19ff865e8, cached=false, source=0, resourceid=0x06313dde
Internal signature match:subtype=Lowfi, sigseq=0x0000157E80A87E5F, sigsha=1e183491c8b128db444b9b47751758ecdd88ad59, cached=false, source=0, resourceid=0xf6522ae7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E504F53C6, sigsha=fc3ec0b9c5af2c3a1b4629f5f65aaa82ea4801e1, cached=false, source=0, resourceid=0x2bd6c79e
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDABF194F, sigsha=b3c336859cce0cf791e10a0024372cb1d1ec36eb, cached=false, source=0, resourceid=0x01d48c94
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0E6D36B0, sigsha=05ab065ef233a5959941b7d1fd5a931b256dea2c, cached=false, source=0, resourceid=0x6b849e21
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7B6B53F9, sigsha=c39a90ed2e8c36037ac27e13e43d00d7831ddf18, cached=false, source=0, resourceid=0x6b849e21
Internal signature match:subtype=Lowfi, sigseq=0x0000157EED97B59B, sigsha=f98bb8b2042f4c308aadb6a020bb05f6ed6c7ba4, cached=false, source=0, resourceid=0xddae17d4
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECDD91E00, sigsha=462f50f79e320d0b4a41514db5ee9db0575032f9, cached=false, source=0, resourceid=0xddae17d4
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB66F9C5A, sigsha=e520dcc80f04af8a1ef85a9cee017f019f07eed0, cached=false, source=0, resourceid=0xddae17d4
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45FA8CCF, sigsha=6b1ec3b2277b9425f1bc05d5e47226e474f44a37, cached=false, source=0, resourceid=0x851bd22e
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFFD01EE2, sigsha=eb9bac5b900f344b6fbb364e75063bbcda662881, cached=false, source=0, resourceid=0xc0c15512
Internal signature match:subtype=Lowfi, sigseq=0x0000157E3BC59A75, sigsha=d77e7a09dbd2352dfe79a01da5e9444706523a3c, cached=false, source=0, resourceid=0xc0c15512
Internal signature match:subtype=Lowfi, sigseq=0x0000157E95EB6C11, sigsha=0025d7ed432e84a93695cb044ab0591c32888ebc, cached=false, source=0, resourceid=0xc0c15512
Internal signature match:subtype=Lowfi, sigseq=0x0000157E77C87D63, sigsha=0804f357827c8ef4f53ed4b1857ef52172ea7424, cached=false, source=0, resourceid=0x4fcfa563
Internal signature match:subtype=Lowfi, sigseq=0x0000157E15CB4297, sigsha=3deeadc8295c01dfdcabba4c213d03aaabf89eaa, cached=false, source=0, resourceid=0x64306927
Internal signature match:subtype=Lowfi, sigseq=0x0000157E300CD560, sigsha=52f626168fb9d4518762da5a8f42fe69393434ef, cached=false, source=0, resourceid=0xe95114cd
Internal signature match:subtype=Lowfi, sigseq=0x0000157E36E6F30E, sigsha=c965363c18a6183f679bbf60b62d4ee15f2b8eb1, cached=false, source=0, resourceid=0xe8010bd2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8D9F916B, sigsha=9edc5491bdca31053e826c52a17ee491b620c077, cached=false, source=0, resourceid=0x6874ff49
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0C4E9B58, sigsha=de997c447f616102b87a98851e54cd5b71b85c2d, cached=false, source=0, resourceid=0xe9912485
Internal signature match:subtype=Lowfi, sigseq=0x0000157E5D2F6A95, sigsha=910133677e2ab51b23e25c70e5fe66fb14b56315, cached=false, source=0, resourceid=0x802168eb
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8AAF5155, sigsha=806cf9965dc83ca5454135947e9392c6c7228a10, cached=false, source=0, resourceid=0x802168eb
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED7A2B5C6, sigsha=cb44b508fa5918cb908c161a2d83d0ce006445ec, cached=false, source=0, resourceid=0xe95d689d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9607E046, sigsha=ac2c83b4e1fc9c2d3fbdf0a25159e9339baa5820, cached=false, source=0, resourceid=0x9680057e
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBF0C7B71, sigsha=23a9b9cd3cd596d6987b9083acb607f26b0ca07f, cached=false, source=0, resourceid=0x93f8b95f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBABF6B6B, sigsha=5e7cafc29da9e7cf4fb47d0f48bd324fe6572af7, cached=false, source=0, resourceid=0x32467e9a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7B79221F, sigsha=a0bfe47c8c35f3ce2923ff89e84270f8d5d2997f, cached=false, source=0, resourceid=0xe5c1199a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE324C7C6, sigsha=845c70a26c55db8c1a85d40d24cfb71689cd711e, cached=false, source=0, resourceid=0x3b7ff202
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9C8408BD, sigsha=a9006c9616a535e97705ab9acfcaccfa2a68d9d4, cached=false, source=0, resourceid=0x3b7ff202
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7C3914CB, sigsha=0e9345700b4997be1c09d6802235906f8eed8af1, cached=false, source=0, resourceid=0x3fb959c4
Internal signature match:subtype=Lowfi, sigseq=0x0000157E50F5E787, sigsha=c72a2dabd50d2900062cdd3a989635f154b2be43, cached=false, source=0, resourceid=0xb216bf8d
Internal signature match:subtype=Lowfi, sigseq=0x0000157EAE9CE044, sigsha=bfc112bd0e84e690ead01ee09b2bcfa732921457, cached=false, source=0, resourceid=0x89700454
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8A65BD9B, sigsha=bf1b0ec75492964ce9de6683215fc4851a0d053d, cached=false, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED4694B36, sigsha=ea32f2782a34807403aefeaa53696ead18dc5a1f, cached=false, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFCCCD8A7, sigsha=74185c1de959c36645875df64d2571a4dee76c28, cached=false, source=0, resourceid=0xb12c8029
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE14DBAC1, sigsha=f3fdf442f77c04493938d10184f2c369cfc14e03, cached=false, source=0, resourceid=0xb87824e7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E72DFF324, sigsha=d0414e2ede0e718a47b4ec630b68f3046408692d, cached=false, source=0, resourceid=0x989eddd1
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFECFC92A, sigsha=7b453cffbb5340840a553c82ce1da962a9d89dd8, cached=false, source=0, resourceid=0x4fe75798
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE00DBBD4, sigsha=a33dd9ee184d03d759c4834b5d80f45af51899c4, cached=false, source=0, resourceid=0xeabb8ef3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E491C304B, sigsha=92df020002d1b5985981453b351af2c12ac04ea7, cached=false, source=0, resourceid=0x0adb907b
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA6A629FE, sigsha=9ea7bc16d137466f1f8ac86dfe068180c87c46b6, cached=false, source=0, resourceid=0xbc26e6a0
Internal signature match:subtype=Lowfi, sigseq=0x0000157E968F7374, sigsha=4b0cf9e5f86f5f617ba1ec4edaed60936edc4d9b, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E5AC8BA51, sigsha=22e8ba2ed3bead4a57f4ce7aa821216910655a85, cached=false, source=0, resourceid=0x9b4328c6
Internal signature match:subtype=Lowfi, sigseq=0x0000157EEA93D3A5, sigsha=73dc700b8ce266eedfd9a6a2f1c2bfaa5bd059e2, cached=false, source=0, resourceid=0xf3a56d0b
Internal signature match:subtype=Lowfi, sigseq=0x0000157E015C5829, sigsha=40fc7a092e9428695e2707762c328f8324160f20, cached=false, source=0, resourceid=0xf3a56d0b
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECA404F30, sigsha=786e2618d76255efb340cc469e50f5b9f12f2c1c, cached=false, source=0, resourceid=0xf3a56d0b
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0E33A2CE, sigsha=e88f10ef8748567e241abf7644608c2548f6046e, cached=false, source=0, resourceid=0x9bd94ac8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E2A92A82D, sigsha=7925237a1fd78f9f1d43da1d7dbf43d85c0cce07, cached=false, source=0, resourceid=0xeecc439b
Internal signature match:subtype=Lowfi, sigseq=0x0000157E373595DB, sigsha=7134d1de7c166d5c551e66a45ad5b9d48a4318f5, cached=false, source=0, resourceid=0x4b3d599f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1A6B1298, sigsha=907946ed0e88820e8ecc90b8b92efd7f17588740, cached=false, source=0, resourceid=0x4b3d599f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E27A471C3, sigsha=c699368d1c7dab5e0640adffde320483a20661dc, cached=false, source=0, resourceid=0x0653da7a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0x3b3b261e
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0x3b3b261e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0xd847c09c
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0xd847c09c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0xb408b576
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0xb408b576
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0xc4fd9959
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0xc4fd9959
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0xfb4d8457
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0xfb4d8457
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0xe9c6c3c0
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0xe9c6c3c0
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED757ABE0, sigsha=52eacf11e585c636264287f53d8eca865fa79583, cached=false, source=0, resourceid=0xb5226e2e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8A9C8C91, sigsha=1015a23cb0334428e4bf76c083c4f80420a97aca, cached=false, source=0, resourceid=0x43ccb6bd
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED038E656, sigsha=f7746402adc98d9d2796028e66ad7171d4c07247, cached=false, source=0, resourceid=0x0b203d8c
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC182D033, sigsha=76e6db047ad873bec8039d1173624da52ffbadd0, cached=false, source=0, resourceid=0x0b203d8c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E73E353E2, sigsha=03719bcf6a17011a0c242d7932894002fbeb92bd, cached=false, source=0, resourceid=0xf4b5697b
Internal signature match:subtype=Lowfi, sigseq=0x0000157E73B7D593, sigsha=a6c8dc0d0abb381f681a5c8a31a09a199f4ce801, cached=false, source=0, resourceid=0xd9161b42
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDB29CACD, sigsha=232cce57ecae32ecd4cb0d0e4e05687591c81361, cached=false, source=0, resourceid=0xc6f93443
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7DFED8CD, sigsha=f52adaafc077f9f0ceeab8a536f77ca1c3398ee7, cached=false, source=0, resourceid=0x37b118b2
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDE346197, sigsha=d5649e6a14b2ef3de6c230a584c08ba5a2086cc4, cached=false, source=0, resourceid=0xceda1946
Internal signature match:subtype=Lowfi, sigseq=0x0000157E3F9C6C1B, sigsha=0960c32c5aae0b12518fdb19ea38283309027f2d, cached=false, source=0, resourceid=0xf10cce72
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED1D33DD4, sigsha=5f32b0f06e3d9c53d943db4bf1013c5cbad6da11, cached=false, source=0, resourceid=0x5b2b6412
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED2407775, sigsha=1059a037a6144f3c5c469167fcc2caae6d3c8f79, cached=false, source=0, resourceid=0x09b96c35
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9800D9B3, sigsha=af9728f053ed27553dc338688b9af1dbe38ed72f, cached=false, source=0, resourceid=0x8511695e
Internal signature match:subtype=Lowfi, sigseq=0x000005553BC4EF32, sigsha=0401730fab8037328ab58c3806d789c718149a11, cached=false, source=0, resourceid=0xce76ae0a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E58D3D69C, sigsha=7653306ed7e4bb4cbd24f4c56ed07ee9fc494284, cached=false, source=0, resourceid=0x578d689a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA189C8EE, sigsha=7dabf9fd7280d6fa9b5c914bfb840b9106d75587, cached=false, source=0, resourceid=0xbb0bd4e4
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE6997222, sigsha=4d13bb30cafc6c8fd4a31fc15b3f3b7ddec16ef0, cached=false, source=0, resourceid=0xcc8ad5a7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E94A3B2C3, sigsha=2f666ca6c2f42d78e59f25290c12e3969b432b9d, cached=false, source=0, resourceid=0xcc8ad5a7
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBFDFD540, sigsha=96e096d9d0454966c2c0f5015bd64b36d6d2c565, cached=false, source=0, resourceid=0xcc8ad5a7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7AD4B722, sigsha=91124c3793d9810eb8ecedf8cadf2a46cb634c5d, cached=false, source=0, resourceid=0xcc8ad5a7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9D492BAF, sigsha=e90ce058789f2b06cf005d56de0b26f57f1c3736, cached=false, source=0, resourceid=0x67452d98
Internal signature match:subtype=Lowfi, sigseq=0x000005554F5CEA63, sigsha=7c3e66a8ee931fd387af84b97c8a112dbd7a0805, cached=false, source=0, resourceid=0x3549dae9
Internal signature match:subtype=Lowfi, sigseq=0x0000157E373214B2, sigsha=5ad6bdbbab670a35043649daf11c94f93de515ce, cached=false, source=0, resourceid=0x9525267d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E303AD357, sigsha=aa0a589c24b16ecfb3e60b70feb93b386025b722, cached=false, source=0, resourceid=0x9525267d
Engine:
2023-12-07T13:08:19.845Z Triggered AR EMS scan

Engine:
2023-12-07T13:08:19.845Z EMS scan for process: lsass pid: 780, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-07T13:08:19.923Z EMS scan for process: svchost pid: 900, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-07T13:08:19.954Z EMS scan for process: svchost pid: 1004, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-07T13:08:19.970Z EMS scan for process: svchost pid: 628, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-07T13:08:20.017Z EMS scan for process: svchost pid: 888, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-07T13:08:20.048Z EMS scan for process: svchost pid: 1036, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-07T13:08:20.079Z EMS scan for process: svchost pid: 1164, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-07T13:08:20.110Z EMS scan for process: svchost pid: 1456, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-07T13:08:20.157Z EMS scan for process: svchost pid: 1552, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-07T13:08:20.173Z EMS scan for process: svchost pid: 1696, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-07T13:08:20.189Z EMS scan for process: svchost pid: 1760, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E968F7374, sigsha=4b0cf9e5f86f5f617ba1ec4edaed60936edc4d9b, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E968F7374, sigsha=4b0cf9e5f86f5f617ba1ec4edaed60936edc4d9b, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E968F7374, sigsha=4b0cf9e5f86f5f617ba1ec4edaed60936edc4d9b, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E968F7374, sigsha=4b0cf9e5f86f5f617ba1ec4edaed60936edc4d9b, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E968F7374, sigsha=4b0cf9e5f86f5f617ba1ec4edaed60936edc4d9b, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E968F7374, sigsha=4b0cf9e5f86f5f617ba1ec4edaed60936edc4d9b, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8A65BD9B, sigsha=bf1b0ec75492964ce9de6683215fc4851a0d053d, cached=false, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED4694B36, sigsha=ea32f2782a34807403aefeaa53696ead18dc5a1f, cached=false, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E968F7374, sigsha=4b0cf9e5f86f5f617ba1ec4edaed60936edc4d9b, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E968F7374, sigsha=4b0cf9e5f86f5f617ba1ec4edaed60936edc4d9b, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E968F7374, sigsha=4b0cf9e5f86f5f617ba1ec4edaed60936edc4d9b, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E968F7374, sigsha=4b0cf9e5f86f5f617ba1ec4edaed60936edc4d9b, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E968F7374, sigsha=4b0cf9e5f86f5f617ba1ec4edaed60936edc4d9b, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x00000555051EE39F, sigsha=32ed9fa9f09fa8fcc70ac6a257c272ea7d24741f, cached=true, source=0, resourceid=0x39e903de
Internal signature match:subtype=Lowfi, sigseq=0x0000157E968F7374, sigsha=4b0cf9e5f86f5f617ba1ec4edaed60936edc4d9b, cached=true, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=true, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8D9F916B, sigsha=9edc5491bdca31053e826c52a17ee491b620c077, cached=true, source=0, resourceid=0x6874ff49
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC55E2510, sigsha=98a0147a1ed65fda955ee8ad7b8c0d60eddb567f, cached=false, source=0, resourceid=0x1c0111d2
Internal signature match:subtype=Lowfi, sigseq=0x000005554F5CEA63, sigsha=7c3e66a8ee931fd387af84b97c8a112dbd7a0805, cached=true, source=0, resourceid=0x3549dae9
Internal signature match:subtype=Lowfi, sigseq=0x0000157E15CB4297, sigsha=3deeadc8295c01dfdcabba4c213d03aaabf89eaa, cached=true, source=0, resourceid=0x64306927
Internal signature match:subtype=Lowfi, sigseq=0x0000157E234F2300, sigsha=2e0525b8514f547c712e02a272adb35d34347222, cached=false, source=0, resourceid=0xe248dba8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8A65BD9B, sigsha=bf1b0ec75492964ce9de6683215fc4851a0d053d, cached=true, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED4694B36, sigsha=ea32f2782a34807403aefeaa53696ead18dc5a1f, cached=true, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E234F2300, sigsha=2e0525b8514f547c712e02a272adb35d34347222, cached=false, source=0, resourceid=0xe248dba8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E234F2300, sigsha=2e0525b8514f547c712e02a272adb35d34347222, cached=false, source=0, resourceid=0xe248dba8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E234F2300, sigsha=2e0525b8514f547c712e02a272adb35d34347222, cached=false, source=0, resourceid=0xe248dba8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E29321F31, sigsha=de05299a8225039f0d76a86aa1e0d48ff56267c7, cached=false, source=0, resourceid=0x22f6514e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E655CA499, sigsha=8f3dd56c848c09b209a4fe4be36b8fea6c89451c, cached=false, source=0, resourceid=0xfff9e2f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9A982FFA, sigsha=8ef513691f22e9a90a28af80398efc6661813094, cached=false, source=0, resourceid=0xfff9e2f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E619A8630, sigsha=cb18fa8ff9f2354980f26679d725d57b0f537fe9, cached=false, source=0, resourceid=0xfff9e2f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E20DE3423, sigsha=5c4ea0dbe9dceab983b51fc585b394502aa4866e, cached=false, source=0, resourceid=0x02ff26fc
Internal signature match:subtype=Lowfi, sigseq=0x0000157E20DE3423, sigsha=5c4ea0dbe9dceab983b51fc585b394502aa4866e, cached=true, source=0, resourceid=0x02ff26fc
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6A8BD63B, sigsha=1f9207f616b7840f85224d979fdcb6418188f6f4, cached=false, source=0, resourceid=0xb2fe7d82
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED876E587, sigsha=d261a17157894a3c05a4ec6f9d0e644a795c0f9a, cached=false, source=0, resourceid=0x553c565b
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0FA70874, sigsha=87a9ff92dc9cd909cc384d73872e8f07c7e59b1e, cached=false, source=0, resourceid=0x553c565b
Internal signature match:subtype=Lowfi, sigseq=0x0000E5E711B2AB39, sigsha=81aa596ffe243ce47b78e77b4f9e92c4e075f336, cached=false, source=0, resourceid=0xb49f25b9
2023-12-07T13:09:05.128Z [Cloud] Engine is requesting config to do cloud query [regular network].
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC8172FA9, sigsha=4862066936ed22ee092e79de99b169746909d699, cached=false, source=0, resourceid=0xf5572db6
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED876E587, sigsha=d261a17157894a3c05a4ec6f9d0e644a795c0f9a, cached=false, source=0, resourceid=0xea502a63
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.127Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-07T13:09:26.142Z Service stop requested (ServiceError: 0x0). Calling CleanupMpService ...
2023-12-07T13:09:26.205Z Unloaded module#0 MpComServer.
Microsoft Antimalware (F7F4CD20-7371-4319-B1DB-6FCFC68573EC) Log
Stopped On 12-07-2023 14:09:26 (Exit Code = 0x0)
************************************************************
--------------------------------------------------------------------------------
Microsoft Antimalware (F7F4CD20-7371-4319-B1DB-6FCFC68573EC) Service Log
Started On 12-17-2023 10:58:28
************************************************************
OS install time not retrieved: hr = 0x8007000d
Current time: 12/17/2023 09:58:28.934220600 UTC (8687 ms since boot)
2023-12-17T09:58:28.931Z ProductId: 4, ProductFeature: 0, LaunchedProtected: 0, IsWcos: 0, IsContainerOs: 0
2023-12-17T09:58:28.931Z [WPP] Starting WPP trace with buffersize 4MB, maxfilesize: 16MB, filename: WdoWppTracing-20231217-105828-00000003-ffffffff.bin ...
2023-12-17T09:58:28.931Z [WPP] Trace session started - WdoWppTracing-20231217-105828-00000003-ffffffff.bin
2023-12-17T09:58:28.931Z OS Build/Branch info: 19041.1.amd64fre.vb_release.191206-1406
2023-12-17T09:58:28.931Z [PlatUpd] Service launched successfully from: E:\ProgramData\Microsoft\Windows Defender\Offline Scanner
2023-12-17T09:58:28.931Z Service is asked to be reenabled.
2023-12-17T09:58:28.931Z Task(-EnableService) launched
2023-12-17T09:58:28.947Z Loaded module#0 MpComServer.
2023-12-17T09:58:28.947Z Loading engine...
2023-12-17T09:58:29.041Z UpdateEngine start: Source: 3, szUpdateDirectory: E:\WINDOWS\Microsoft Antimalware\Definition Updates\{4D96571D-55C2-4F4C-A31E-8D86A219AE51}
2023-12-17T09:58:29.119Z Verifying engine and signature files (source: 0) ...
2023-12-17T09:58:29.134Z Verified [E:\WINDOWS\Microsoft Antimalware\Definition Updates\{E1E6F92A-029A-4CC2-BA84-8000A58847E0}\mpengine.dll]
2023-12-17T09:58:29.197Z Verified [E:\WINDOWS\Microsoft Antimalware\Definition Updates\{E1E6F92A-029A-4CC2-BA84-8000A58847E0}\mpasbase.vdm]
2023-12-17T09:58:29.212Z Verified [E:\WINDOWS\Microsoft Antimalware\Definition Updates\{E1E6F92A-029A-4CC2-BA84-8000A58847E0}\mpasdlta.vdm]
2023-12-17T09:58:29.244Z Verified [E:\WINDOWS\Microsoft Antimalware\Definition Updates\{E1E6F92A-029A-4CC2-BA84-8000A58847E0}\mpavbase.vdm]
2023-12-17T09:58:29.244Z Verified [E:\WINDOWS\Microsoft Antimalware\Definition Updates\{E1E6F92A-029A-4CC2-BA84-8000A58847E0}\mpavdlta.vdm]
Database:
2023-12-17T09:58:29.275Z Can't find offline cache cache (E:\WINDOWS\Microsoft Antimalware\Scans\mpcache-7B558DD2517F45D3CECF92323D41CD47AD32C731.bin): 0x00000002IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007bIDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000dIDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d
2023-12-17T09:58:32.290Z [AutoExclusion] Skipped Non-Windows 10+ Server SKUs.
Engine-HIPS:
2023-12-17T09:58:32.305Z Loaded ASR vdm rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-17T09:58:32.305Z Loaded ASR vdm rule "Block credential stealing from the Windows local security authority subsystem (lsass.exe)", State=5, Action=7, Type=1, Duplicates(Interval=144000000000, scope=0x380)
Engine-HIPS:
2023-12-17T09:58:32.305Z Loaded ASR vdm rule "Block Office applications from injecting code into other processes", State=5, Action=2, Type=24, Duplicates(Interval=144000000000, scope=0x380)
Engine-HIPS:
2023-12-17T09:58:32.305Z Loaded ASR vdm rule "Controlled folder access", State=0, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-12-17T09:58:32.305Z Loaded ASR vdm rule "Block untrusted and unsigned processes that run from USB", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-17T09:58:32.305Z Loaded ASR vdm rule "Block Adobe Reader from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-17T09:58:32.305Z Loaded ASR vdm rule "Block Office applications from creating executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-17T09:58:32.305Z Loaded ASR vdm rule "Block Webshell creation for Servers", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-12-17T09:58:32.305Z Loaded ASR vdm rule "Block Office communication application from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-17T09:58:32.305Z Loaded ASR vdm rule "Block Win32 API calls from Office macro", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-17T09:58:32.305Z Loaded ASR vdm rule "Block abuse of in-the-wild exploited vulnerable signed drivers", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-17T09:58:32.305Z Loaded ASR vdm rule "Block all Office applications from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-17T09:58:32.305Z Loaded ASR vdm rule "Use advanced protection against ransomware", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-17T09:58:32.305Z Loaded ASR vdm rule "Block Process Creations originating from PSExec & WMI commands", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-17T09:58:32.305Z Loaded ASR vdm rule "Block Launching of executable content from email attachment", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-17T09:58:32.305Z Loaded ASR vdm rule "Block JavaScript or VBScript from launching downloaded executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-17T09:58:32.305Z Loaded ASR vdm rule "Block persistence through WMI event subscription", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-17T09:58:32.305Z Loaded ASR vdm rule "Aplha Test for ASR in Audit Mode", State=5, Action=1, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-12-17T09:58:32.305Z Loaded ASR vdm rule "Block rebooting machine in Safe Mode", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-17T09:58:32.305Z Loaded ASR vdm rule "Aplha Test for ASR in Block Mode", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-12-17T09:58:32.305Z Loaded ASR vdm rule "Block execution of potentially obfuscated scripts", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
2023-12-17T09:58:32.305Z CSignatureStatus: back to good
2023-12-17T09:58:32.305Z [Engine] Loaded E:\WINDOWS\Microsoft Antimalware\Definition Updates\{E1E6F92A-029A-4CC2-BA84-8000A58847E0}
2023-12-17T09:58:32.305Z [Engine] Removing E:\WINDOWS\Microsoft Antimalware\Definition Updates\{4D96571D-55C2-4F4C-A31E-8D86A219AE51} ...
2023-12-17T09:58:32.305Z [Engine] Removing E:\WINDOWS\Microsoft Antimalware\Definition Updates\{7EFA5ECE-AE11-45C3-9174-F1E142212188} ...
2023-12-17T09:58:32.305Z MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0x0
Signature updated via XCopy on 12-17-2023 10:58:32
Product Version: 4.18.1907.16384
Service Version: 4.18.1909.6
Engine Version: 1.1.23110.2
AS Signature Version: 1.403.640.0
AV Signature Version: 1.403.640.0
************************************************************
2023-12-17T09:58:32.305Z UpdateEngine finished with 0x0: Source: 3, szUpdateDirectory: E:\WINDOWS\Microsoft Antimalware\Definition Updates\{4D96571D-55C2-4F4C-A31E-8D86A219AE51}
2023-12-17T09:58:32.305Z Engine loaded!
2023-12-17T09:58:32.305Z Verifying license file...
2023-12-17T09:58:32.321Z Verified [E:\ProgramData\Microsoft\Windows Defender\Offline Scanner\msmplics.dll]
2023-12-17T09:58:32.321Z MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0x0
Product Version: 4.18.1907.16384
Service Version: 4.18.1909.6
Engine Version: 1.1.23110.2
AS Signature Version: 1.403.640.0
AV Signature Version: 1.403.640.0
************************************************************
2023-12-17T09:58:32.977Z MpManagerEnable: setting DisableAS to 0 ...
2023-12-17T09:58:32.977Z MpManagerEnable: setting DisableAV to 0 ...
2023-12-17T09:58:32.977Z Scheduled scan configured CPU priority: normal (LowCpuPriority: 0)
Internal signature match:subtype=Lowfi, sigseq=0x0000108047104308, sigsha=9996b2d1a9b9239b72ae2ea763b71fb8d30def61, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E72E0FC5F, sigsha=c8ac6bd921e3aaff934d47f169f8fa933c7cd938, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA98ED284, sigsha=198c64dc1fe65d96700b19dab54b073ae7c2e8d8, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E81EA8724, sigsha=53fc5536af205e3504aa3a84b11a6c2bfcd971a6, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF6991F72, sigsha=4dbbc08281551726bd04ba902b894b4067c92230, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA1C87284, sigsha=ae3091c75d855340dcd09032a0b064daabbfb780, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000055584077371, sigsha=847de3f39cfd85a781665ee755bc7e1524def11a, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E75987DD1, sigsha=5203f971207c8794fdb268d1ef6813510570ff51, cached=false, source=0, resourceid=0x061a8663
Internal signature match:subtype=Lowfi, sigseq=0x0000157E373595DB, sigsha=7134d1de7c166d5c551e66a45ad5b9d48a4318f5, cached=false, source=0, resourceid=0x4b3d599f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1A6B1298, sigsha=907946ed0e88820e8ecc90b8b92efd7f17588740, cached=false, source=0, resourceid=0x4b3d599f
Internal signature match:subtype=Lowfi, sigseq=0x0000108038338C70, sigsha=5a0eb526c0a7e4bea625b6d4bde9a287b2be8881, cached=false, source=0, resourceid=0x4eff4ae0
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6E1F5A58, sigsha=d0744d6de344d8d591c15b81a99b127a6a3c05ad, cached=false, source=0, resourceid=0x9b95a5b2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0FA70874, sigsha=87a9ff92dc9cd909cc384d73872e8f07c7e59b1e, cached=false, source=0, resourceid=0x9b95a5b2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6BC00978, sigsha=89d3c3102ed1b1e511b94ab8ea417676f7683ae1, cached=false, source=0, resourceid=0x348edc88
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6BC00978, sigsha=89d3c3102ed1b1e511b94ab8ea417676f7683ae1, cached=false, source=0, resourceid=0xdfb15e78
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECF3D6D82, sigsha=b7fea1877430e0f1535794b2e6ac9171ed72103e, cached=false, source=0, resourceid=0x45d944dc
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6CF31ED7, sigsha=16c9ffa2cc2cd082e9533ca744bfde0ae3862163, cached=false, source=0, resourceid=0x45d944dc
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA80D2120, sigsha=b325ffa4c13b81bc63c0ea8d8b5653f8a184d350, cached=false, source=0, resourceid=0x01fe7779
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC3B36C98, sigsha=978f333ac4c8da50a64b989d3dce52a5556ea233, cached=false, source=0, resourceid=0xeea5e8c2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E2FC029CB, sigsha=9692474e8263a14739fbd52975b94fbf24ae9d20, cached=false, source=0, resourceid=0x3a64ab1b
Internal signature match:subtype=Lowfi, sigseq=0x0000157E90573C0C, sigsha=b60c1ad184fbcba8c2a993fe3a6ef0097ac7e37e, cached=false, source=0, resourceid=0x4ad065d3
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECC841817, sigsha=e0711b33d07f7208d418b8403c3a38072fc987ff, cached=false, source=0, resourceid=0x4ad065d3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E42057F1F, sigsha=5d27ebdaaf11c6a160a56c2c74b09fc2f7d21533, cached=false, source=0, resourceid=0x2c29a686
Internal signature match:subtype=Lowfi, sigseq=0x00000555051EE39F, sigsha=32ed9fa9f09fa8fcc70ac6a257c272ea7d24741f, cached=false, source=0, resourceid=0x39e903de
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9FFF7E88, sigsha=f3ff9e037920266c82e8cd27d13af4bb9bf082d8, cached=false, source=0, resourceid=0x59ff5552
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB57753C6, sigsha=17a3663ab1f1a6646eeb54cd914c4f64477f52e4, cached=false, source=0, resourceid=0x03b5a549
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF3D28AAC, sigsha=f710c89645f9cae691af57ceaa35f736887e7564, cached=false, source=0, resourceid=0x108bbfc7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E4A7BB2E7, sigsha=e9933cb6c6f750caa0cffffb9311f3c07c4b9c56, cached=false, source=0, resourceid=0x108bbfc7
Internal signature match:subtype=Lowfi, sigseq=0x0000055543D5839C, sigsha=acf86560bd9a1f7114b23fc30df95ef5545c0f94, cached=false, source=0, resourceid=0x1226cea7
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE70F6EDF, sigsha=9bb47b7f7f92e8a054071075078091aecc68d0e3, cached=false, source=0, resourceid=0xb60a192f
Internal signature match:subtype=Lowfi, sigseq=0x000005556D2204AA, sigsha=017069df02e1a59877c9ed0002348ab264d4fe60, cached=false, source=0, resourceid=0xa2a709fd
Internal signature match:subtype=Lowfi, sigseq=0x0000108047104308, sigsha=9996b2d1a9b9239b72ae2ea763b71fb8d30def61, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF6991F72, sigsha=4dbbc08281551726bd04ba902b894b4067c92230, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA1C87284, sigsha=ae3091c75d855340dcd09032a0b064daabbfb780, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000055584077371, sigsha=847de3f39cfd85a781665ee755bc7e1524def11a, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E75987DD1, sigsha=5203f971207c8794fdb268d1ef6813510570ff51, cached=false, source=0, resourceid=0x061a8663
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE360FF2, sigsha=e65bc491bb0bc0ed271fcd72e0bb399aa91d6939, cached=false, source=0, resourceid=0xdf70f478
Internal signature match:subtype=Lowfi, sigseq=0x0000157E05446831, sigsha=5bb8aa155a43deb5285ae3efeaf65bc6003bffad, cached=false, source=0, resourceid=0xdf70f478
Internal signature match:subtype=Lowfi, sigseq=0x0000157E07C92DEB, sigsha=bc21176c0efe7ea48c495e45b8ae31bd830288ba, cached=false, source=0, resourceid=0xdf70f478
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE2DAFFDE, sigsha=795ab76c6f26b99ca01999b735330d6ac381946d, cached=false, source=0, resourceid=0xbe0695b2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E081657CF, sigsha=2bee3862ce601f666f825e70ac66eb7f3af29b59, cached=false, source=0, resourceid=0xbe0695b2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E52DDCDEA, sigsha=3b93f1803b49ef19e78cdb5b0eb394ac1d5f5f58, cached=false, source=0, resourceid=0x267cc814
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECED57273, sigsha=f96f441e2b6c6c3a6f5452714e2e8120c9f5e1a5, cached=false, source=0, resourceid=0x267cc814
Internal signature match:subtype=Lowfi, sigseq=0x0000157E4CB91A4D, sigsha=d7fd7bd446683d7e47590b9c811ab46b0493ee04, cached=false, source=0, resourceid=0x3bc48288
2023-12-17T09:59:28.938Z Process scan (postsignatureupdatescan) started.
2023-12-17T09:59:29.016Z Process scan (postsignatureupdatescan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC7C05CE6, sigsha=8633861b30ffa01d5c0143c88b07d2786f5f8e02, cached=false, source=0, resourceid=0x48e8e4d3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E2A1F1565, sigsha=b1d4bfa0e3fca8ab799702a7c40c2bd5bce78559, cached=false, source=0, resourceid=0x9723640c
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBCA134AE, sigsha=4ef97bb95078f1ebdfe7fa58e34d444ba9eb226c, cached=false, source=0, resourceid=0xb4124f31
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED252391F, sigsha=cf54332356751ee0ef4d758d1d3633544e7d38e6, cached=false, source=0, resourceid=0x9cc6f55f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7613972F, sigsha=29107c2cd590d8fcbdcff703d82e67caaf58392a, cached=false, source=0, resourceid=0xd3cbf888
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0CE8C54C, sigsha=9da2eda987d787aba801d34e17068fc19ff865e8, cached=false, source=0, resourceid=0x06313dde
Internal signature match:subtype=Lowfi, sigseq=0x0000157EADD83950, sigsha=64812731acbc5147b58095d16c2ecb42bda958b0, cached=false, source=0, resourceid=0xf6522ae7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E80A87E5F, sigsha=1e183491c8b128db444b9b47751758ecdd88ad59, cached=false, source=0, resourceid=0xf6522ae7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0E6D36B0, sigsha=05ab065ef233a5959941b7d1fd5a931b256dea2c, cached=false, source=0, resourceid=0x6b849e21
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7B6B53F9, sigsha=c39a90ed2e8c36037ac27e13e43d00d7831ddf18, cached=false, source=0, resourceid=0x6b849e21
Internal signature match:subtype=Lowfi, sigseq=0x0000157EED97B59B, sigsha=f98bb8b2042f4c308aadb6a020bb05f6ed6c7ba4, cached=false, source=0, resourceid=0xddae17d4
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECDD91E00, sigsha=462f50f79e320d0b4a41514db5ee9db0575032f9, cached=false, source=0, resourceid=0xddae17d4
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB66F9C5A, sigsha=e520dcc80f04af8a1ef85a9cee017f019f07eed0, cached=false, source=0, resourceid=0xddae17d4
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45FA8CCF, sigsha=6b1ec3b2277b9425f1bc05d5e47226e474f44a37, cached=false, source=0, resourceid=0x851bd22e
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFFD01EE2, sigsha=eb9bac5b900f344b6fbb364e75063bbcda662881, cached=false, source=0, resourceid=0xc0c15512
Internal signature match:subtype=Lowfi, sigseq=0x0000157E3BC59A75, sigsha=d77e7a09dbd2352dfe79a01da5e9444706523a3c, cached=false, source=0, resourceid=0xc0c15512
Internal signature match:subtype=Lowfi, sigseq=0x0000157E95EB6C11, sigsha=0025d7ed432e84a93695cb044ab0591c32888ebc, cached=false, source=0, resourceid=0xc0c15512
Internal signature match:subtype=Lowfi, sigseq=0x0000157E77C87D63, sigsha=0804f357827c8ef4f53ed4b1857ef52172ea7424, cached=false, source=0, resourceid=0x4fcfa563
Internal signature match:subtype=Lowfi, sigseq=0x0000157E15CB4297, sigsha=3deeadc8295c01dfdcabba4c213d03aaabf89eaa, cached=false, source=0, resourceid=0x64306927
Internal signature match:subtype=Lowfi, sigseq=0x0000157E300CD560, sigsha=52f626168fb9d4518762da5a8f42fe69393434ef, cached=false, source=0, resourceid=0xe95114cd
Internal signature match:subtype=Lowfi, sigseq=0x0000157E36E6F30E, sigsha=c965363c18a6183f679bbf60b62d4ee15f2b8eb1, cached=false, source=0, resourceid=0xe8010bd2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8D9F916B, sigsha=9edc5491bdca31053e826c52a17ee491b620c077, cached=false, source=0, resourceid=0x6874ff49
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0C4E9B58, sigsha=de997c447f616102b87a98851e54cd5b71b85c2d, cached=false, source=0, resourceid=0xe9912485
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED7A2B5C6, sigsha=cb44b508fa5918cb908c161a2d83d0ce006445ec, cached=false, source=0, resourceid=0xe95d689d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1FADD701, sigsha=edfebed220167445f52b7a4ee7ae35e4407cf263, cached=false, source=0, resourceid=0xe95d689d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9607E046, sigsha=ac2c83b4e1fc9c2d3fbdf0a25159e9339baa5820, cached=false, source=0, resourceid=0x9680057e
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBF0C7B71, sigsha=23a9b9cd3cd596d6987b9083acb607f26b0ca07f, cached=false, source=0, resourceid=0x93f8b95f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E01D1F404, sigsha=5109d3e15063dfdcf46ebd8792ddf2397f3dfbdf, cached=false, source=0, resourceid=0x32467e9a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBABF6B6B, sigsha=5e7cafc29da9e7cf4fb47d0f48bd324fe6572af7, cached=false, source=0, resourceid=0x32467e9a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7B79221F, sigsha=a0bfe47c8c35f3ce2923ff89e84270f8d5d2997f, cached=false, source=0, resourceid=0xe5c1199a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE324C7C6, sigsha=845c70a26c55db8c1a85d40d24cfb71689cd711e, cached=false, source=0, resourceid=0x3b7ff202
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9C8408BD, sigsha=a9006c9616a535e97705ab9acfcaccfa2a68d9d4, cached=false, source=0, resourceid=0x3b7ff202
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8DADEF34, sigsha=3b78bb042c921bec7822b985bfc4ece7a4218507, cached=false, source=0, resourceid=0x3fb959c4
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7C3914CB, sigsha=0e9345700b4997be1c09d6802235906f8eed8af1, cached=false, source=0, resourceid=0x3fb959c4
Internal signature match:subtype=Lowfi, sigseq=0x0000157E50F5E787, sigsha=c72a2dabd50d2900062cdd3a989635f154b2be43, cached=false, source=0, resourceid=0xb216bf8d
Internal signature match:subtype=Lowfi, sigseq=0x0000157EAE9CE044, sigsha=bfc112bd0e84e690ead01ee09b2bcfa732921457, cached=false, source=0, resourceid=0x89700454
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8A65BD9B, sigsha=bf1b0ec75492964ce9de6683215fc4851a0d053d, cached=false, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED4694B36, sigsha=ea32f2782a34807403aefeaa53696ead18dc5a1f, cached=false, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE14DBAC1, sigsha=f3fdf442f77c04493938d10184f2c369cfc14e03, cached=false, source=0, resourceid=0xb87824e7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E72DFF324, sigsha=d0414e2ede0e718a47b4ec630b68f3046408692d, cached=false, source=0, resourceid=0x989eddd1
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFECFC92A, sigsha=7b453cffbb5340840a553c82ce1da962a9d89dd8, cached=false, source=0, resourceid=0x4fe75798
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE00DBBD4, sigsha=a33dd9ee184d03d759c4834b5d80f45af51899c4, cached=false, source=0, resourceid=0xeabb8ef3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E491C304B, sigsha=92df020002d1b5985981453b351af2c12ac04ea7, cached=false, source=0, resourceid=0x0adb907b
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA6A629FE, sigsha=9ea7bc16d137466f1f8ac86dfe068180c87c46b6, cached=false, source=0, resourceid=0xbc26e6a0
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7699BAE7, sigsha=c56efc63c0efed7d951022aa0a9f30ea7446e3ec, cached=false, source=0, resourceid=0xbc26e6a0
Internal signature match:subtype=Lowfi, sigseq=0x0000157E5AC8BA51, sigsha=22e8ba2ed3bead4a57f4ce7aa821216910655a85, cached=false, source=0, resourceid=0x9b4328c6
Internal signature match:subtype=Lowfi, sigseq=0x0000157EEA93D3A5, sigsha=73dc700b8ce266eedfd9a6a2f1c2bfaa5bd059e2, cached=false, source=0, resourceid=0xf3a56d0b
Internal signature match:subtype=Lowfi, sigseq=0x0000157E015C5829, sigsha=40fc7a092e9428695e2707762c328f8324160f20, cached=false, source=0, resourceid=0xf3a56d0b
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECA404F30, sigsha=786e2618d76255efb340cc469e50f5b9f12f2c1c, cached=false, source=0, resourceid=0xf3a56d0b
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0E33A2CE, sigsha=e88f10ef8748567e241abf7644608c2548f6046e, cached=false, source=0, resourceid=0x9bd94ac8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E2A92A82D, sigsha=7925237a1fd78f9f1d43da1d7dbf43d85c0cce07, cached=false, source=0, resourceid=0xeecc439b
Internal signature match:subtype=Lowfi, sigseq=0x0000157E373595DB, sigsha=7134d1de7c166d5c551e66a45ad5b9d48a4318f5, cached=false, source=0, resourceid=0x4b3d599f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1A6B1298, sigsha=907946ed0e88820e8ecc90b8b92efd7f17588740, cached=false, source=0, resourceid=0x4b3d599f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E27A471C3, sigsha=c699368d1c7dab5e0640adffde320483a20661dc, cached=false, source=0, resourceid=0x0653da7a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB47F9CE5, sigsha=1c7facf1f461c9b7d57e2eec57ff1218af24c228, cached=false, source=0, resourceid=0x0653da7a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0x3b3b261e
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0x3b3b261e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0xd847c09c
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0xd847c09c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0xb408b576
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0xb408b576
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0xc4fd9959
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0xc4fd9959
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0xfb4d8457
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0xfb4d8457
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0xe9c6c3c0
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0xe9c6c3c0
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED757ABE0, sigsha=52eacf11e585c636264287f53d8eca865fa79583, cached=false, source=0, resourceid=0xb5226e2e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8A9C8C91, sigsha=1015a23cb0334428e4bf76c083c4f80420a97aca, cached=false, source=0, resourceid=0x43ccb6bd
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED038E656, sigsha=f7746402adc98d9d2796028e66ad7171d4c07247, cached=false, source=0, resourceid=0x0b203d8c
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC182D033, sigsha=76e6db047ad873bec8039d1173624da52ffbadd0, cached=false, source=0, resourceid=0x0b203d8c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E73E353E2, sigsha=03719bcf6a17011a0c242d7932894002fbeb92bd, cached=false, source=0, resourceid=0xf4b5697b
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDB29CACD, sigsha=232cce57ecae32ecd4cb0d0e4e05687591c81361, cached=false, source=0, resourceid=0xc6f93443
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7DFED8CD, sigsha=f52adaafc077f9f0ceeab8a536f77ca1c3398ee7, cached=false, source=0, resourceid=0x37b118b2
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDE346197, sigsha=d5649e6a14b2ef3de6c230a584c08ba5a2086cc4, cached=false, source=0, resourceid=0xceda1946
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED1D33DD4, sigsha=5f32b0f06e3d9c53d943db4bf1013c5cbad6da11, cached=false, source=0, resourceid=0x5b2b6412
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9800D9B3, sigsha=af9728f053ed27553dc338688b9af1dbe38ed72f, cached=false, source=0, resourceid=0x8511695e
Internal signature match:subtype=Lowfi, sigseq=0x000005553BC4EF32, sigsha=0401730fab8037328ab58c3806d789c718149a11, cached=false, source=0, resourceid=0xce76ae0a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E58D3D69C, sigsha=7653306ed7e4bb4cbd24f4c56ed07ee9fc494284, cached=false, source=0, resourceid=0x578d689a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE6997222, sigsha=4d13bb30cafc6c8fd4a31fc15b3f3b7ddec16ef0, cached=false, source=0, resourceid=0xcc8ad5a7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E94A3B2C3, sigsha=2f666ca6c2f42d78e59f25290c12e3969b432b9d, cached=false, source=0, resourceid=0xcc8ad5a7
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBFDFD540, sigsha=96e096d9d0454966c2c0f5015bd64b36d6d2c565, cached=false, source=0, resourceid=0xcc8ad5a7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7AD4B722, sigsha=91124c3793d9810eb8ecedf8cadf2a46cb634c5d, cached=false, source=0, resourceid=0xcc8ad5a7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9D492BAF, sigsha=e90ce058789f2b06cf005d56de0b26f57f1c3736, cached=false, source=0, resourceid=0x67452d98
Internal signature match:subtype=Lowfi, sigseq=0x000005554F5CEA63, sigsha=7c3e66a8ee931fd387af84b97c8a112dbd7a0805, cached=false, source=0, resourceid=0x3549dae9
Internal signature match:subtype=Lowfi, sigseq=0x0000157E373214B2, sigsha=5ad6bdbbab670a35043649daf11c94f93de515ce, cached=false, source=0, resourceid=0x9525267d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E303AD357, sigsha=aa0a589c24b16ecfb3e60b70feb93b386025b722, cached=false, source=0, resourceid=0x9525267d
Engine:
2023-12-17T10:00:16.093Z Triggered AR EMS scan

Engine:
2023-12-17T10:00:16.093Z EMS scan for process: lsass pid: 800, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-17T10:00:16.171Z EMS scan for process: svchost pid: 916, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-17T10:00:16.202Z EMS scan for process: svchost pid: 100, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-17T10:00:16.218Z EMS scan for process: svchost pid: 820, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-17T10:00:16.265Z EMS scan for process: svchost pid: 824, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-17T10:00:16.296Z EMS scan for process: svchost pid: 1048, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-17T10:00:16.327Z EMS scan for process: svchost pid: 1176, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-17T10:00:16.374Z EMS scan for process: svchost pid: 1464, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-17T10:00:16.405Z EMS scan for process: svchost pid: 1560, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-17T10:00:16.421Z EMS scan for process: svchost pid: 1708, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-17T10:00:16.437Z EMS scan for process: svchost pid: 1772, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8A65BD9B, sigsha=bf1b0ec75492964ce9de6683215fc4851a0d053d, cached=false, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED4694B36, sigsha=ea32f2782a34807403aefeaa53696ead18dc5a1f, cached=false, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x00000555051EE39F, sigsha=32ed9fa9f09fa8fcc70ac6a257c272ea7d24741f, cached=true, source=0, resourceid=0x39e903de
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=true, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8D9F916B, sigsha=9edc5491bdca31053e826c52a17ee491b620c077, cached=true, source=0, resourceid=0x6874ff49
Internal signature match:subtype=Lowfi, sigseq=0x000005554F5CEA63, sigsha=7c3e66a8ee931fd387af84b97c8a112dbd7a0805, cached=true, source=0, resourceid=0x3549dae9
Internal signature match:subtype=Lowfi, sigseq=0x0000157E15CB4297, sigsha=3deeadc8295c01dfdcabba4c213d03aaabf89eaa, cached=true, source=0, resourceid=0x64306927
Internal signature match:subtype=Lowfi, sigseq=0x0000157E234F2300, sigsha=2e0525b8514f547c712e02a272adb35d34347222, cached=false, source=0, resourceid=0xe248dba8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8A65BD9B, sigsha=bf1b0ec75492964ce9de6683215fc4851a0d053d, cached=true, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED4694B36, sigsha=ea32f2782a34807403aefeaa53696ead18dc5a1f, cached=true, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC8172FA9, sigsha=4862066936ed22ee092e79de99b169746909d699, cached=false, source=0, resourceid=0xe5c21c2c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E234F2300, sigsha=2e0525b8514f547c712e02a272adb35d34347222, cached=false, source=0, resourceid=0xe248dba8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E234F2300, sigsha=2e0525b8514f547c712e02a272adb35d34347222, cached=false, source=0, resourceid=0xe248dba8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E234F2300, sigsha=2e0525b8514f547c712e02a272adb35d34347222, cached=false, source=0, resourceid=0xe248dba8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6E1F5A58, sigsha=d0744d6de344d8d591c15b81a99b127a6a3c05ad, cached=false, source=0, resourceid=0xaad28b66
Internal signature match:subtype=Lowfi, sigseq=0x000010808DD9BACA, sigsha=1d2bd2e128afaf92cfadad680073d16f56ff3f37, cached=false, source=0, resourceid=0x650575a3
Internal signature match:subtype=Lowfi, sigseq=0x0000108088DED988, sigsha=07a21b7b56166d151006d9e5b55653d6f067dc6a, cached=false, source=0, resourceid=0x650575a3
Internal signature match:subtype=Lowfi, sigseq=0x000005550A584201, sigsha=612fc2194d8c99efd2ffc513db4deafbcc6a0b91, cached=false, source=0, resourceid=0x650575a3
Internal signature match:subtype=Lowfi, sigseq=0x000010808DD9BACA, sigsha=1d2bd2e128afaf92cfadad680073d16f56ff3f37, cached=false, source=0, resourceid=0xe662e669
Internal signature match:subtype=Lowfi, sigseq=0x0000108088DED988, sigsha=07a21b7b56166d151006d9e5b55653d6f067dc6a, cached=false, source=0, resourceid=0xe662e669
Internal signature match:subtype=Lowfi, sigseq=0x000005550A584201, sigsha=612fc2194d8c99efd2ffc513db4deafbcc6a0b91, cached=false, source=0, resourceid=0xe662e669
Internal signature match:subtype=Lowfi, sigseq=0x0000157E20DE3423, sigsha=5c4ea0dbe9dceab983b51fc585b394502aa4866e, cached=false, source=0, resourceid=0x02ff26fc
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6C239567, sigsha=745875914289cd59add90ad192eee1d9ed5bad64, cached=false, source=0, resourceid=0x02ff26fc
Internal signature match:subtype=Lowfi, sigseq=0x0000157E20DE3423, sigsha=5c4ea0dbe9dceab983b51fc585b394502aa4866e, cached=true, source=0, resourceid=0x02ff26fc
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6C239567, sigsha=745875914289cd59add90ad192eee1d9ed5bad64, cached=true, source=0, resourceid=0x02ff26fc
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6A8BD63B, sigsha=1f9207f616b7840f85224d979fdcb6418188f6f4, cached=false, source=0, resourceid=0xb2fe7d82
Internal signature match:subtype=Lowfi, sigseq=0x0000E5E711B2AB39, sigsha=81aa596ffe243ce47b78e77b4f9e92c4e075f336, cached=false, source=0, resourceid=0xb49f25b9
2023-12-17T10:01:07.168Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.650Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-17T10:01:29.659Z Service stop requested (ServiceError: 0x0). Calling CleanupMpService ...
2023-12-17T10:01:29.753Z Unloaded module#0 MpComServer.
Microsoft Antimalware (F7F4CD20-7371-4319-B1DB-6FCFC68573EC) Log
Stopped On 12-17-2023 11:01:29 (Exit Code = 0x0)
************************************************************
--------------------------------------------------------------------------------
Microsoft Antimalware (F7F4CD20-7371-4319-B1DB-6FCFC68573EC) Service Log
Started On 12-18-2023 12:17:21
************************************************************
OS install time not retrieved: hr = 0x8007000d
Current time: 12/18/2023 11:17:21.650981300 UTC (8390 ms since boot)
2023-12-18T11:17:21.636Z ProductId: 4, ProductFeature: 0, LaunchedProtected: 0, IsWcos: 0, IsContainerOs: 0
2023-12-18T11:17:21.636Z [WPP] Starting WPP trace with buffersize 4MB, maxfilesize: 16MB, filename: WdoWppTracing-20231218-121721-00000003-ffffffff.bin ...
2023-12-18T11:17:21.651Z [WPP] Trace session started - WdoWppTracing-20231218-121721-00000003-ffffffff.bin
2023-12-18T11:17:21.651Z OS Build/Branch info: 19041.1.amd64fre.vb_release.191206-1406
2023-12-18T11:17:21.651Z [PlatUpd] Service launched successfully from: E:\ProgramData\Microsoft\Windows Defender\Offline Scanner
2023-12-18T11:17:21.651Z Service is asked to be reenabled.
2023-12-18T11:17:21.651Z Task(-EnableService) launched
2023-12-18T11:17:21.667Z Loaded module#0 MpComServer.
2023-12-18T11:17:21.667Z Loading engine...
2023-12-18T11:17:21.761Z UpdateEngine start: Source: 3, szUpdateDirectory: E:\WINDOWS\Microsoft Antimalware\Definition Updates\{799E3E60-A5E5-4B2D-B009-0FACAD381CEF}
2023-12-18T11:17:21.823Z Verifying engine and signature files (source: 0) ...
2023-12-18T11:17:21.854Z Verified [E:\WINDOWS\Microsoft Antimalware\Definition Updates\{3D88EF25-F55A-4C2B-9284-E1399450853E}\mpengine.dll]
2023-12-18T11:17:21.901Z Verified [E:\WINDOWS\Microsoft Antimalware\Definition Updates\{3D88EF25-F55A-4C2B-9284-E1399450853E}\mpasbase.vdm]
2023-12-18T11:17:21.917Z Verified [E:\WINDOWS\Microsoft Antimalware\Definition Updates\{3D88EF25-F55A-4C2B-9284-E1399450853E}\mpasdlta.vdm]
2023-12-18T11:17:21.948Z Verified [E:\WINDOWS\Microsoft Antimalware\Definition Updates\{3D88EF25-F55A-4C2B-9284-E1399450853E}\mpavbase.vdm]
2023-12-18T11:17:21.964Z Verified [E:\WINDOWS\Microsoft Antimalware\Definition Updates\{3D88EF25-F55A-4C2B-9284-E1399450853E}\mpavdlta.vdm]
Database:
2023-12-18T11:17:21.995Z Can't find offline cache cache (E:\WINDOWS\Microsoft Antimalware\Scans\mpcache-6AD15FDA7FADF7BA69FAF54EBC79A95D986054B8.bin): 0x00000002IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007bIDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000dIDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d
2023-12-18T11:17:25.010Z [AutoExclusion] Skipped Non-Windows 10+ Server SKUs.
Engine-HIPS:
2023-12-18T11:17:25.010Z Loaded ASR vdm rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-18T11:17:25.010Z Loaded ASR vdm rule "Block credential stealing from the Windows local security authority subsystem (lsass.exe)", State=5, Action=7, Type=1, Duplicates(Interval=144000000000, scope=0x380)
Engine-HIPS:
2023-12-18T11:17:25.010Z Loaded ASR vdm rule "Block Office applications from injecting code into other processes", State=5, Action=2, Type=24, Duplicates(Interval=144000000000, scope=0x380)
Engine-HIPS:
2023-12-18T11:17:25.010Z Loaded ASR vdm rule "Controlled folder access", State=0, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-12-18T11:17:25.010Z Loaded ASR vdm rule "Block untrusted and unsigned processes that run from USB", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-18T11:17:25.010Z Loaded ASR vdm rule "Block Adobe Reader from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-18T11:17:25.010Z Loaded ASR vdm rule "Block Office applications from creating executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-18T11:17:25.010Z Loaded ASR vdm rule "Block Webshell creation for Servers", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-12-18T11:17:25.010Z Loaded ASR vdm rule "Block Office communication application from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-18T11:17:25.010Z Loaded ASR vdm rule "Block Win32 API calls from Office macro", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-18T11:17:25.010Z Loaded ASR vdm rule "Block abuse of in-the-wild exploited vulnerable signed drivers", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-18T11:17:25.010Z Loaded ASR vdm rule "Block all Office applications from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-18T11:17:25.010Z Loaded ASR vdm rule "Use advanced protection against ransomware", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-18T11:17:25.010Z Loaded ASR vdm rule "Block Process Creations originating from PSExec & WMI commands", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-18T11:17:25.010Z Loaded ASR vdm rule "Block Launching of executable content from email attachment", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-18T11:17:25.010Z Loaded ASR vdm rule "Block JavaScript or VBScript from launching downloaded executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-18T11:17:25.010Z Loaded ASR vdm rule "Block persistence through WMI event subscription", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-18T11:17:25.010Z Loaded ASR vdm rule "Aplha Test for ASR in Audit Mode", State=5, Action=1, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-12-18T11:17:25.010Z Loaded ASR vdm rule "Block rebooting machine in Safe Mode", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-18T11:17:25.010Z Loaded ASR vdm rule "Aplha Test for ASR in Block Mode", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-12-18T11:17:25.010Z Loaded ASR vdm rule "Block execution of potentially obfuscated scripts", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
2023-12-18T11:17:25.010Z CSignatureStatus: back to good
2023-12-18T11:17:25.010Z [Engine] Loaded E:\WINDOWS\Microsoft Antimalware\Definition Updates\{3D88EF25-F55A-4C2B-9284-E1399450853E}
2023-12-18T11:17:25.010Z [Engine] Removing E:\WINDOWS\Microsoft Antimalware\Definition Updates\{799E3E60-A5E5-4B2D-B009-0FACAD381CEF} ...
2023-12-18T11:17:25.010Z [Engine] Removing E:\WINDOWS\Microsoft Antimalware\Definition Updates\{E1E6F92A-029A-4CC2-BA84-8000A58847E0} ...
2023-12-18T11:17:25.025Z MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0x0
Signature updated via XCopy on 12-18-2023 12:17:25
Product Version: 4.18.1907.16384
Service Version: 4.18.1909.6
Engine Version: 1.1.23110.2
AS Signature Version: 1.403.693.0
AV Signature Version: 1.403.693.0
************************************************************
2023-12-18T11:17:25.025Z UpdateEngine finished with 0x0: Source: 3, szUpdateDirectory: E:\WINDOWS\Microsoft Antimalware\Definition Updates\{799E3E60-A5E5-4B2D-B009-0FACAD381CEF}
2023-12-18T11:17:25.025Z Engine loaded!
2023-12-18T11:17:25.025Z Verifying license file...
2023-12-18T11:17:25.025Z Verified [E:\ProgramData\Microsoft\Windows Defender\Offline Scanner\msmplics.dll]
2023-12-18T11:17:25.025Z MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0x0
Product Version: 4.18.1907.16384
Service Version: 4.18.1909.6
Engine Version: 1.1.23110.2
AS Signature Version: 1.403.693.0
AV Signature Version: 1.403.693.0
************************************************************
2023-12-18T11:17:25.697Z MpManagerEnable: setting DisableAS to 0 ...
2023-12-18T11:17:25.697Z MpManagerEnable: setting DisableAV to 0 ...
2023-12-18T11:17:25.697Z Scheduled scan configured CPU priority: normal (LowCpuPriority: 0)
Internal signature match:subtype=Lowfi, sigseq=0x0000108047104308, sigsha=9996b2d1a9b9239b72ae2ea763b71fb8d30def61, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E72E0FC5F, sigsha=c8ac6bd921e3aaff934d47f169f8fa933c7cd938, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA98ED284, sigsha=198c64dc1fe65d96700b19dab54b073ae7c2e8d8, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E81EA8724, sigsha=53fc5536af205e3504aa3a84b11a6c2bfcd971a6, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF6991F72, sigsha=4dbbc08281551726bd04ba902b894b4067c92230, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA1C87284, sigsha=ae3091c75d855340dcd09032a0b064daabbfb780, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000055584077371, sigsha=847de3f39cfd85a781665ee755bc7e1524def11a, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E75987DD1, sigsha=5203f971207c8794fdb268d1ef6813510570ff51, cached=false, source=0, resourceid=0x061a8663
Internal signature match:subtype=Lowfi, sigseq=0x0000157E373595DB, sigsha=7134d1de7c166d5c551e66a45ad5b9d48a4318f5, cached=false, source=0, resourceid=0x4b3d599f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1A6B1298, sigsha=907946ed0e88820e8ecc90b8b92efd7f17588740, cached=false, source=0, resourceid=0x4b3d599f
Internal signature match:subtype=Lowfi, sigseq=0x0000108038338C70, sigsha=5a0eb526c0a7e4bea625b6d4bde9a287b2be8881, cached=false, source=0, resourceid=0x4eff4ae0
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECF3D6D82, sigsha=b7fea1877430e0f1535794b2e6ac9171ed72103e, cached=false, source=0, resourceid=0x45d944dc
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6CF31ED7, sigsha=16c9ffa2cc2cd082e9533ca744bfde0ae3862163, cached=false, source=0, resourceid=0x45d944dc
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA80D2120, sigsha=b325ffa4c13b81bc63c0ea8d8b5653f8a184d350, cached=false, source=0, resourceid=0x01fe7779
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC3B36C98, sigsha=978f333ac4c8da50a64b989d3dce52a5556ea233, cached=false, source=0, resourceid=0xeea5e8c2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17D80484, sigsha=112401fd3d9456ef10091a40f6dee0e347a921e0, cached=false, source=0, resourceid=0x581327ea
Internal signature match:subtype=Lowfi, sigseq=0x0000157E2FC029CB, sigsha=9692474e8263a14739fbd52975b94fbf24ae9d20, cached=false, source=0, resourceid=0x3a64ab1b
Internal signature match:subtype=Lowfi, sigseq=0x0000157E90573C0C, sigsha=b60c1ad184fbcba8c2a993fe3a6ef0097ac7e37e, cached=false, source=0, resourceid=0x4ad065d3
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECC841817, sigsha=e0711b33d07f7208d418b8403c3a38072fc987ff, cached=false, source=0, resourceid=0x4ad065d3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E63932B80, sigsha=2d53ae41a039f458bf9f8c127e3e53fd412f055b, cached=false, source=0, resourceid=0x4fa8d9f2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E42057F1F, sigsha=5d27ebdaaf11c6a160a56c2c74b09fc2f7d21533, cached=false, source=0, resourceid=0x2c29a686
Internal signature match:subtype=Lowfi, sigseq=0x00000555051EE39F, sigsha=32ed9fa9f09fa8fcc70ac6a257c272ea7d24741f, cached=false, source=0, resourceid=0x39e903de
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9FFF7E88, sigsha=f3ff9e037920266c82e8cd27d13af4bb9bf082d8, cached=false, source=0, resourceid=0x59ff5552
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB57753C6, sigsha=17a3663ab1f1a6646eeb54cd914c4f64477f52e4, cached=false, source=0, resourceid=0x03b5a549
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF504A3A9, sigsha=8818296d48fe68b215bd8183c3c0ae8afb70a38b, cached=false, source=0, resourceid=0x108bbfc7
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF3D28AAC, sigsha=f710c89645f9cae691af57ceaa35f736887e7564, cached=false, source=0, resourceid=0x108bbfc7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E4A7BB2E7, sigsha=e9933cb6c6f750caa0cffffb9311f3c07c4b9c56, cached=false, source=0, resourceid=0x108bbfc7
Internal signature match:subtype=Lowfi, sigseq=0x0000055543D5839C, sigsha=acf86560bd9a1f7114b23fc30df95ef5545c0f94, cached=false, source=0, resourceid=0x1226cea7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E3C2D24A4, sigsha=4b72c4f248c845fc31a403e524501a9251ece9f6, cached=false, source=0, resourceid=0xb60a192f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE70F6EDF, sigsha=9bb47b7f7f92e8a054071075078091aecc68d0e3, cached=false, source=0, resourceid=0xb60a192f
Internal signature match:subtype=Lowfi, sigseq=0x000005556D2204AA, sigsha=017069df02e1a59877c9ed0002348ab264d4fe60, cached=false, source=0, resourceid=0xa2a709fd
Internal signature match:subtype=Lowfi, sigseq=0x0000108047104308, sigsha=9996b2d1a9b9239b72ae2ea763b71fb8d30def61, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF6991F72, sigsha=4dbbc08281551726bd04ba902b894b4067c92230, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA1C87284, sigsha=ae3091c75d855340dcd09032a0b064daabbfb780, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000055584077371, sigsha=847de3f39cfd85a781665ee755bc7e1524def11a, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E75987DD1, sigsha=5203f971207c8794fdb268d1ef6813510570ff51, cached=false, source=0, resourceid=0x061a8663
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE360FF2, sigsha=e65bc491bb0bc0ed271fcd72e0bb399aa91d6939, cached=false, source=0, resourceid=0xdf70f478
Internal signature match:subtype=Lowfi, sigseq=0x0000157E05446831, sigsha=5bb8aa155a43deb5285ae3efeaf65bc6003bffad, cached=false, source=0, resourceid=0xdf70f478
Internal signature match:subtype=Lowfi, sigseq=0x0000157E19881DD0, sigsha=f02cc3fa251dc5c0d58a0f43387f763305b9cdd4, cached=false, source=0, resourceid=0xdf70f478
Internal signature match:subtype=Lowfi, sigseq=0x0000157E07C92DEB, sigsha=bc21176c0efe7ea48c495e45b8ae31bd830288ba, cached=false, source=0, resourceid=0xdf70f478
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1851F6F0, sigsha=347191cc63939eb11174f62ea8cf9ff25e119e4b, cached=false, source=0, resourceid=0x9caced11
Internal signature match:subtype=Lowfi, sigseq=0x0000157E25878D8B, sigsha=86062c71080e37753c3921ca74e99b1c896d5ddf, cached=false, source=0, resourceid=0x9caced11
Internal signature match:subtype=Lowfi, sigseq=0x0000157E21A9C807, sigsha=425dad1a99cb275e076d3f1889503c011cbc8ad0, cached=false, source=0, resourceid=0x9caced11
Internal signature match:subtype=Lowfi, sigseq=0x0000157E50A591FE, sigsha=c26d87d8e9b133cfdfe761581629883738ea8128, cached=false, source=0, resourceid=0xbc8a9aeb
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7C18D1AB, sigsha=37b9385e670e39275ebe9230032ae7df0b35054c, cached=false, source=0, resourceid=0x90410ea5
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7C18D1AB, sigsha=37b9385e670e39275ebe9230032ae7df0b35054c, cached=false, source=0, resourceid=0x2189618e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E611C3203, sigsha=192065e741eabb332688d0c8eef88d40c36c00e8, cached=false, source=0, resourceid=0x786bd6f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE2DAFFDE, sigsha=795ab76c6f26b99ca01999b735330d6ac381946d, cached=false, source=0, resourceid=0xbe0695b2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E081657CF, sigsha=2bee3862ce601f666f825e70ac66eb7f3af29b59, cached=false, source=0, resourceid=0xbe0695b2
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFBE10215, sigsha=157a4fb1e9b45247a7bc8ede893b9c4391485faf, cached=false, source=0, resourceid=0x7f604d08
Internal signature match:subtype=Lowfi, sigseq=0x0000157E52DDCDEA, sigsha=3b93f1803b49ef19e78cdb5b0eb394ac1d5f5f58, cached=false, source=0, resourceid=0x267cc814
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECED57273, sigsha=f96f441e2b6c6c3a6f5452714e2e8120c9f5e1a5, cached=false, source=0, resourceid=0x267cc814
Internal signature match:subtype=Lowfi, sigseq=0x0000157E4CB91A4D, sigsha=d7fd7bd446683d7e47590b9c811ab46b0493ee04, cached=false, source=0, resourceid=0x3bc48288
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC7C05CE6, sigsha=8633861b30ffa01d5c0143c88b07d2786f5f8e02, cached=false, source=0, resourceid=0x48e8e4d3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7EAA2C81, sigsha=3e93e7d69f9a38341b96b412e8fc46226c47faf4, cached=false, source=0, resourceid=0x3f0f3bf1
2023-12-18T11:18:21.663Z Process scan (postsignatureupdatescan) started.
2023-12-18T11:18:21.762Z Process scan (postsignatureupdatescan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x0000157E2A1F1565, sigsha=b1d4bfa0e3fca8ab799702a7c40c2bd5bce78559, cached=false, source=0, resourceid=0x9723640c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8390134B, sigsha=2a38d0982d7ce1d485cbf8e06ad1d2ba76022e52, cached=false, source=0, resourceid=0x9723640c
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBCA134AE, sigsha=4ef97bb95078f1ebdfe7fa58e34d444ba9eb226c, cached=false, source=0, resourceid=0xb4124f31
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED252391F, sigsha=cf54332356751ee0ef4d758d1d3633544e7d38e6, cached=false, source=0, resourceid=0x9cc6f55f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7613972F, sigsha=29107c2cd590d8fcbdcff703d82e67caaf58392a, cached=false, source=0, resourceid=0xd3cbf888
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6EBF6E74, sigsha=2cd68840fb06648936d31e6431deea57a25bfd34, cached=false, source=0, resourceid=0x06313dde
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0CE8C54C, sigsha=9da2eda987d787aba801d34e17068fc19ff865e8, cached=false, source=0, resourceid=0x06313dde
Internal signature match:subtype=Lowfi, sigseq=0x0000157EADD83950, sigsha=64812731acbc5147b58095d16c2ecb42bda958b0, cached=false, source=0, resourceid=0xf6522ae7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E80A87E5F, sigsha=1e183491c8b128db444b9b47751758ecdd88ad59, cached=false, source=0, resourceid=0xf6522ae7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E2EEC5699, sigsha=b7658bcb5973db1b2c2409226306fb43b991cc00, cached=false, source=0, resourceid=0xbcc178b3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB65F9477, sigsha=87218037858ff0f58f98ef47742d95c800b08e2a, cached=false, source=0, resourceid=0x0e44109d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E5DE0A9F4, sigsha=b0be48e528e9bdbde1e1499e1d4fb54b5f2a7d23, cached=false, source=0, resourceid=0xa80802cd
Internal signature match:subtype=Lowfi, sigseq=0x0000157E96550BA4, sigsha=2cdfe2ad69f0ec1b447e859f09821f3887b66d47, cached=false, source=0, resourceid=0xce08b410
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFEE07FFC, sigsha=a5c029105f5f93af2f9c48c17024f08c2ff0f1b5, cached=false, source=0, resourceid=0xb9e7261a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB4FFAF59, sigsha=3f54dca11321da2b3091e56839ae59c425e546fd, cached=false, source=0, resourceid=0x671ef7e7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0E6D36B0, sigsha=05ab065ef233a5959941b7d1fd5a931b256dea2c, cached=false, source=0, resourceid=0x6b849e21
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7B6B53F9, sigsha=c39a90ed2e8c36037ac27e13e43d00d7831ddf18, cached=false, source=0, resourceid=0x6b849e21
Internal signature match:subtype=Lowfi, sigseq=0x0000157EED97B59B, sigsha=f98bb8b2042f4c308aadb6a020bb05f6ed6c7ba4, cached=false, source=0, resourceid=0xddae17d4
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECDD91E00, sigsha=462f50f79e320d0b4a41514db5ee9db0575032f9, cached=false, source=0, resourceid=0xddae17d4
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB66F9C5A, sigsha=e520dcc80f04af8a1ef85a9cee017f019f07eed0, cached=false, source=0, resourceid=0xddae17d4
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45FA8CCF, sigsha=6b1ec3b2277b9425f1bc05d5e47226e474f44a37, cached=false, source=0, resourceid=0x851bd22e
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFFD01EE2, sigsha=eb9bac5b900f344b6fbb364e75063bbcda662881, cached=false, source=0, resourceid=0xc0c15512
Internal signature match:subtype=Lowfi, sigseq=0x0000157E3BC59A75, sigsha=d77e7a09dbd2352dfe79a01da5e9444706523a3c, cached=false, source=0, resourceid=0xc0c15512
Internal signature match:subtype=Lowfi, sigseq=0x0000157E95EB6C11, sigsha=0025d7ed432e84a93695cb044ab0591c32888ebc, cached=false, source=0, resourceid=0xc0c15512
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB426EB12, sigsha=c07be9ce36b9dccaef4b33da9ceec08f4bfe970d, cached=false, source=0, resourceid=0x97317a98
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7E6B360C, sigsha=d3ce8cb287f9a5c256c1a27b1e1c297bec6ce574, cached=false, source=0, resourceid=0x915d10c1
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF3800EC2, sigsha=fbe55ce2e035227ae790f9bc31257dee5228d81e, cached=false, source=0, resourceid=0x915d10c1
Internal signature match:subtype=Lowfi, sigseq=0x0000157E504F3F20, sigsha=8c20f99b27c690a3bdf9f2c60015dd89568e7096, cached=false, source=0, resourceid=0x4fcfa563
Internal signature match:subtype=Lowfi, sigseq=0x0000157E77C87D63, sigsha=0804f357827c8ef4f53ed4b1857ef52172ea7424, cached=false, source=0, resourceid=0x4fcfa563
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBDB65BFD, sigsha=4b77ffd1bb179078b95f7ec38146552cf106adba, cached=false, source=0, resourceid=0x64306927
Internal signature match:subtype=Lowfi, sigseq=0x0000157E15CB4297, sigsha=3deeadc8295c01dfdcabba4c213d03aaabf89eaa, cached=false, source=0, resourceid=0x64306927
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDF1859DE, sigsha=40c3a759f89e1551f6569dea8bcfb628fcac516b, cached=false, source=0, resourceid=0xe95114cd
Internal signature match:subtype=Lowfi, sigseq=0x0000157E300CD560, sigsha=52f626168fb9d4518762da5a8f42fe69393434ef, cached=false, source=0, resourceid=0xe95114cd
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1861DA5B, sigsha=76249576560cd5ab321af33c62a22bb3fcb7a7aa, cached=false, source=0, resourceid=0xbd4c5b97
Internal signature match:subtype=Lowfi, sigseq=0x0000157E31619201, sigsha=b9467c748ff8389e24df567db7926489410f4a7f, cached=false, source=0, resourceid=0xe8010bd2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E36E6F30E, sigsha=c965363c18a6183f679bbf60b62d4ee15f2b8eb1, cached=false, source=0, resourceid=0xe8010bd2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8D9F916B, sigsha=9edc5491bdca31053e826c52a17ee491b620c077, cached=false, source=0, resourceid=0x6874ff49
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0C4E9B58, sigsha=de997c447f616102b87a98851e54cd5b71b85c2d, cached=false, source=0, resourceid=0xe9912485
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFB2CF037, sigsha=ac7ede13732aa9d95e5fd1b974c8d1fc106831fb, cached=false, source=0, resourceid=0x802168eb
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECA23F707, sigsha=8957c0f87995f3e1aedca7151ceb3d6a66c9bbcb, cached=false, source=0, resourceid=0xe634cbb6
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED7A2B5C6, sigsha=cb44b508fa5918cb908c161a2d83d0ce006445ec, cached=false, source=0, resourceid=0xe95d689d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1FADD701, sigsha=edfebed220167445f52b7a4ee7ae35e4407cf263, cached=false, source=0, resourceid=0xe95d689d
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC47A0ED1, sigsha=808d88b156b83a39f2b285c1d4485bd9fb292adf, cached=false, source=0, resourceid=0xba0c48e8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9607E046, sigsha=ac2c83b4e1fc9c2d3fbdf0a25159e9339baa5820, cached=false, source=0, resourceid=0x9680057e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6C6B5A85, sigsha=5fc5d13d43ca14154d4cd173923a92ddb4770917, cached=false, source=0, resourceid=0xe3b312a7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E54645BFE, sigsha=0e8f25c15a9d07e93a250fca6602de8c875d6827, cached=false, source=0, resourceid=0x93f8b95f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBF0C7B71, sigsha=23a9b9cd3cd596d6987b9083acb607f26b0ca07f, cached=false, source=0, resourceid=0x93f8b95f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E01D1F404, sigsha=5109d3e15063dfdcf46ebd8792ddf2397f3dfbdf, cached=false, source=0, resourceid=0x32467e9a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E2C607C2A, sigsha=2495838352ec93d90c7fb910f7eb11292d1d0a35, cached=false, source=0, resourceid=0x32467e9a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBABF6B6B, sigsha=5e7cafc29da9e7cf4fb47d0f48bd324fe6572af7, cached=false, source=0, resourceid=0x32467e9a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7B79221F, sigsha=a0bfe47c8c35f3ce2923ff89e84270f8d5d2997f, cached=false, source=0, resourceid=0xe5c1199a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E4F80D3C4, sigsha=3675b32e15cbdbbf86f3dfc37306a6791ef71b67, cached=false, source=0, resourceid=0xe5c1199a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE324C7C6, sigsha=845c70a26c55db8c1a85d40d24cfb71689cd711e, cached=false, source=0, resourceid=0x3b7ff202
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9C8408BD, sigsha=a9006c9616a535e97705ab9acfcaccfa2a68d9d4, cached=false, source=0, resourceid=0x3b7ff202
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC64F0990, sigsha=83fbf5f83f1209bc3b08917aacb72c867f5bc626, cached=false, source=0, resourceid=0x0d49fbb9
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8DADEF34, sigsha=3b78bb042c921bec7822b985bfc4ece7a4218507, cached=false, source=0, resourceid=0x3fb959c4
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7C3914CB, sigsha=0e9345700b4997be1c09d6802235906f8eed8af1, cached=false, source=0, resourceid=0x3fb959c4
Internal signature match:subtype=Lowfi, sigseq=0x0000157E3529FA76, sigsha=d4f2d53d0e6870144f40541493f2206f75e6fffe, cached=false, source=0, resourceid=0x8aebd00c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E50F5E787, sigsha=c72a2dabd50d2900062cdd3a989635f154b2be43, cached=false, source=0, resourceid=0xb216bf8d
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF9B52F65, sigsha=5948a68aa6cdef967a8a74ad15f5c68e2148b8be, cached=false, source=0, resourceid=0x8e60bf7d
Internal signature match:subtype=Lowfi, sigseq=0x0000157EAE9CE044, sigsha=bfc112bd0e84e690ead01ee09b2bcfa732921457, cached=false, source=0, resourceid=0x89700454
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBBDCABA6, sigsha=e60d39ce1889903152f9577a5ecf8413eb86d6a3, cached=false, source=0, resourceid=0x3c54d026
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8A65BD9B, sigsha=bf1b0ec75492964ce9de6683215fc4851a0d053d, cached=false, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED4694B36, sigsha=ea32f2782a34807403aefeaa53696ead18dc5a1f, cached=false, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1063B218, sigsha=e152e2dbcf53a0a559e373d1b4f06157e33d215a, cached=false, source=0, resourceid=0xb63e50ce
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE14DBAC1, sigsha=f3fdf442f77c04493938d10184f2c369cfc14e03, cached=false, source=0, resourceid=0xb87824e7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E72DFF324, sigsha=d0414e2ede0e718a47b4ec630b68f3046408692d, cached=false, source=0, resourceid=0x989eddd1
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFECFC92A, sigsha=7b453cffbb5340840a553c82ce1da962a9d89dd8, cached=false, source=0, resourceid=0x4fe75798
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE136EADF, sigsha=2ec7089cb7c5cbcbafbc76661bebdea13d717e49, cached=false, source=0, resourceid=0xf7f25d72
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE00DBBD4, sigsha=a33dd9ee184d03d759c4834b5d80f45af51899c4, cached=false, source=0, resourceid=0xeabb8ef3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E491C304B, sigsha=92df020002d1b5985981453b351af2c12ac04ea7, cached=false, source=0, resourceid=0x0adb907b
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA6A629FE, sigsha=9ea7bc16d137466f1f8ac86dfe068180c87c46b6, cached=false, source=0, resourceid=0xbc26e6a0
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7699BAE7, sigsha=c56efc63c0efed7d951022aa0a9f30ea7446e3ec, cached=false, source=0, resourceid=0xbc26e6a0
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB4A8CCDD, sigsha=3e53e00184fd6042a7f4e4e74424fc89d8dc3930, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E717B3D0D, sigsha=1ecab1ed5f55fce743fd99a004804b3d285127d5, cached=false, source=0, resourceid=0x9b4328c6
Internal signature match:subtype=Lowfi, sigseq=0x0000157E5AC8BA51, sigsha=22e8ba2ed3bead4a57f4ce7aa821216910655a85, cached=false, source=0, resourceid=0x9b4328c6
Internal signature match:subtype=Lowfi, sigseq=0x0000157EEA93D3A5, sigsha=73dc700b8ce266eedfd9a6a2f1c2bfaa5bd059e2, cached=false, source=0, resourceid=0xf3a56d0b
Internal signature match:subtype=Lowfi, sigseq=0x0000157E015C5829, sigsha=40fc7a092e9428695e2707762c328f8324160f20, cached=false, source=0, resourceid=0xf3a56d0b
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECA404F30, sigsha=786e2618d76255efb340cc469e50f5b9f12f2c1c, cached=false, source=0, resourceid=0xf3a56d0b
Internal signature match:subtype=Lowfi, sigseq=0x0000157E94DED2E8, sigsha=99031b1286f829e82d7cb6be9912f78e368d4d1f, cached=false, source=0, resourceid=0x99a4deda
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6F698215, sigsha=11422559a02d4d507e69ab099e3db5a6d8abdae4, cached=false, source=0, resourceid=0x99a4deda
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0E33A2CE, sigsha=e88f10ef8748567e241abf7644608c2548f6046e, cached=false, source=0, resourceid=0x9bd94ac8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E2A92A82D, sigsha=7925237a1fd78f9f1d43da1d7dbf43d85c0cce07, cached=false, source=0, resourceid=0xeecc439b
Internal signature match:subtype=Lowfi, sigseq=0x0000157E19EF72EE, sigsha=80554e5452aa28dd5f631d8a33bc39f5312681e2, cached=false, source=0, resourceid=0xb95c2a2b
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB7845401, sigsha=b1af1768c26a771bcdfb1f6806184ba01ec55776, cached=false, source=0, resourceid=0x137e533a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E802C27F5, sigsha=7212728b1450a196caaf9060f92e492f29840ced, cached=false, source=0, resourceid=0x9baf4033
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8E7C868D, sigsha=06e69f38615b78c45ca21c180b28eaf118ab17e7, cached=false, source=0, resourceid=0x44aad78c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E373595DB, sigsha=7134d1de7c166d5c551e66a45ad5b9d48a4318f5, cached=false, source=0, resourceid=0x4b3d599f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1A6B1298, sigsha=907946ed0e88820e8ecc90b8b92efd7f17588740, cached=false, source=0, resourceid=0x4b3d599f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E27A471C3, sigsha=c699368d1c7dab5e0640adffde320483a20661dc, cached=false, source=0, resourceid=0x0653da7a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB47F9CE5, sigsha=1c7facf1f461c9b7d57e2eec57ff1218af24c228, cached=false, source=0, resourceid=0x0653da7a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F9DB65D, sigsha=ef1d395f28a8508cc4a86db7a6be4c75d4addfe1, cached=false, source=0, resourceid=0x951a9356
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9811E782, sigsha=090007f25b487a8ca5514aea6ac732ec5083041e, cached=false, source=0, resourceid=0xb981b441
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0x3b3b261e
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0x3b3b261e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0xd847c09c
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0xd847c09c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0xb408b576
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0xb408b576
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0xc4fd9959
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0xc4fd9959
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0xfb4d8457
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0xfb4d8457
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0xe9c6c3c0
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0xe9c6c3c0
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED757ABE0, sigsha=52eacf11e585c636264287f53d8eca865fa79583, cached=false, source=0, resourceid=0xb5226e2e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8A9C8C91, sigsha=1015a23cb0334428e4bf76c083c4f80420a97aca, cached=false, source=0, resourceid=0x43ccb6bd
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC7167D96, sigsha=53d1206d7ef8395ad60d2bf25c94bb12592cb92f, cached=false, source=0, resourceid=0xa347a585
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED038E656, sigsha=f7746402adc98d9d2796028e66ad7171d4c07247, cached=false, source=0, resourceid=0x0b203d8c
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC182D033, sigsha=76e6db047ad873bec8039d1173624da52ffbadd0, cached=false, source=0, resourceid=0x0b203d8c
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED69DAE76, sigsha=bfbca77d8b0e5096f21c995d0a25eb8bb876c1a7, cached=false, source=0, resourceid=0x3d2125f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1C3ABF7F, sigsha=6faf72d8664700aae95427952a70f17ac61331b1, cached=false, source=0, resourceid=0xd983ccd5
Internal signature match:subtype=Lowfi, sigseq=0x0000157E73E353E2, sigsha=03719bcf6a17011a0c242d7932894002fbeb92bd, cached=false, source=0, resourceid=0xf4b5697b
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDB29CACD, sigsha=232cce57ecae32ecd4cb0d0e4e05687591c81361, cached=false, source=0, resourceid=0xc6f93443
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7DFED8CD, sigsha=f52adaafc077f9f0ceeab8a536f77ca1c3398ee7, cached=false, source=0, resourceid=0x37b118b2
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDE346197, sigsha=d5649e6a14b2ef3de6c230a584c08ba5a2086cc4, cached=false, source=0, resourceid=0xceda1946
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED1D33DD4, sigsha=5f32b0f06e3d9c53d943db4bf1013c5cbad6da11, cached=false, source=0, resourceid=0x5b2b6412
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9800D9B3, sigsha=af9728f053ed27553dc338688b9af1dbe38ed72f, cached=false, source=0, resourceid=0x8511695e
Internal signature match:subtype=Lowfi, sigseq=0x000005553BC4EF32, sigsha=0401730fab8037328ab58c3806d789c718149a11, cached=false, source=0, resourceid=0xce76ae0a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E58D3D69C, sigsha=7653306ed7e4bb4cbd24f4c56ed07ee9fc494284, cached=false, source=0, resourceid=0x578d689a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE6997222, sigsha=4d13bb30cafc6c8fd4a31fc15b3f3b7ddec16ef0, cached=false, source=0, resourceid=0xcc8ad5a7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E94A3B2C3, sigsha=2f666ca6c2f42d78e59f25290c12e3969b432b9d, cached=false, source=0, resourceid=0xcc8ad5a7
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBFDFD540, sigsha=96e096d9d0454966c2c0f5015bd64b36d6d2c565, cached=false, source=0, resourceid=0xcc8ad5a7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7AD4B722, sigsha=91124c3793d9810eb8ecedf8cadf2a46cb634c5d, cached=false, source=0, resourceid=0xcc8ad5a7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9D492BAF, sigsha=e90ce058789f2b06cf005d56de0b26f57f1c3736, cached=false, source=0, resourceid=0x67452d98
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC73DC711, sigsha=18c63aa1b7401fd94a9cce039a935d3a734826ef, cached=false, source=0, resourceid=0x48f913cb
Internal signature match:subtype=Lowfi, sigseq=0x000005554F5CEA63, sigsha=7c3e66a8ee931fd387af84b97c8a112dbd7a0805, cached=false, source=0, resourceid=0x3549dae9
Internal signature match:subtype=Lowfi, sigseq=0x0000157E373214B2, sigsha=5ad6bdbbab670a35043649daf11c94f93de515ce, cached=false, source=0, resourceid=0x9525267d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E303AD357, sigsha=aa0a589c24b16ecfb3e60b70feb93b386025b722, cached=false, source=0, resourceid=0x9525267d
Engine:
2023-12-18T11:19:08.409Z Triggered AR EMS scan

Engine:
2023-12-18T11:19:08.409Z EMS scan for process: lsass pid: 804, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-18T11:19:08.487Z EMS scan for process: svchost pid: 912, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-18T11:19:08.518Z EMS scan for process: svchost pid: 100, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-18T11:19:08.534Z EMS scan for process: svchost pid: 736, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-18T11:19:08.596Z EMS scan for process: svchost pid: 788, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-18T11:19:08.612Z EMS scan for process: svchost pid: 1064, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-18T11:19:08.643Z EMS scan for process: svchost pid: 1184, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-18T11:19:08.690Z EMS scan for process: svchost pid: 1484, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-18T11:19:08.721Z EMS scan for process: svchost pid: 1580, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-18T11:19:08.737Z EMS scan for process: svchost pid: 1736, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-18T11:19:08.768Z EMS scan for process: svchost pid: 1800, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB4A8CCDD, sigsha=3e53e00184fd6042a7f4e4e74424fc89d8dc3930, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB4A8CCDD, sigsha=3e53e00184fd6042a7f4e4e74424fc89d8dc3930, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB4A8CCDD, sigsha=3e53e00184fd6042a7f4e4e74424fc89d8dc3930, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB4A8CCDD, sigsha=3e53e00184fd6042a7f4e4e74424fc89d8dc3930, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB4A8CCDD, sigsha=3e53e00184fd6042a7f4e4e74424fc89d8dc3930, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB4A8CCDD, sigsha=3e53e00184fd6042a7f4e4e74424fc89d8dc3930, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8A65BD9B, sigsha=bf1b0ec75492964ce9de6683215fc4851a0d053d, cached=false, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED4694B36, sigsha=ea32f2782a34807403aefeaa53696ead18dc5a1f, cached=false, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB4A8CCDD, sigsha=3e53e00184fd6042a7f4e4e74424fc89d8dc3930, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB4A8CCDD, sigsha=3e53e00184fd6042a7f4e4e74424fc89d8dc3930, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB4A8CCDD, sigsha=3e53e00184fd6042a7f4e4e74424fc89d8dc3930, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB4A8CCDD, sigsha=3e53e00184fd6042a7f4e4e74424fc89d8dc3930, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB4A8CCDD, sigsha=3e53e00184fd6042a7f4e4e74424fc89d8dc3930, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB4A8CCDD, sigsha=3e53e00184fd6042a7f4e4e74424fc89d8dc3930, cached=true, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x00000555051EE39F, sigsha=32ed9fa9f09fa8fcc70ac6a257c272ea7d24741f, cached=true, source=0, resourceid=0x39e903de
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=true, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=true, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8D9F916B, sigsha=9edc5491bdca31053e826c52a17ee491b620c077, cached=true, source=0, resourceid=0x6874ff49
Internal signature match:subtype=Lowfi, sigseq=0x000005554F5CEA63, sigsha=7c3e66a8ee931fd387af84b97c8a112dbd7a0805, cached=true, source=0, resourceid=0x3549dae9
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBDB65BFD, sigsha=4b77ffd1bb179078b95f7ec38146552cf106adba, cached=true, source=0, resourceid=0x64306927
Internal signature match:subtype=Lowfi, sigseq=0x0000157E15CB4297, sigsha=3deeadc8295c01dfdcabba4c213d03aaabf89eaa, cached=true, source=0, resourceid=0x64306927
Internal signature match:subtype=Lowfi, sigseq=0x0000157E234F2300, sigsha=2e0525b8514f547c712e02a272adb35d34347222, cached=false, source=0, resourceid=0xe248dba8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F9DB65D, sigsha=ef1d395f28a8508cc4a86db7a6be4c75d4addfe1, cached=true, source=0, resourceid=0x951a9356
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1861DA5B, sigsha=76249576560cd5ab321af33c62a22bb3fcb7a7aa, cached=true, source=0, resourceid=0xbd4c5b97
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8A65BD9B, sigsha=bf1b0ec75492964ce9de6683215fc4851a0d053d, cached=true, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED4694B36, sigsha=ea32f2782a34807403aefeaa53696ead18dc5a1f, cached=true, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E234F2300, sigsha=2e0525b8514f547c712e02a272adb35d34347222, cached=false, source=0, resourceid=0xe248dba8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E96550BA4, sigsha=2cdfe2ad69f0ec1b447e859f09821f3887b66d47, cached=true, source=0, resourceid=0xce08b410
Internal signature match:subtype=Lowfi, sigseq=0x0000157E234F2300, sigsha=2e0525b8514f547c712e02a272adb35d34347222, cached=false, source=0, resourceid=0xe248dba8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E234F2300, sigsha=2e0525b8514f547c712e02a272adb35d34347222, cached=false, source=0, resourceid=0xe248dba8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E98A01513, sigsha=ef7806d4b860b3c08806514cc19b3043411796fa, cached=false, source=0, resourceid=0xbd101bb6
Internal signature match:subtype=Lowfi, sigseq=0x0000157E31B92500, sigsha=77ec830a8a36bfe7b4651e213b11e7b1f7f8a3f1, cached=false, source=0, resourceid=0x78429977
Internal signature match:subtype=Lowfi, sigseq=0x000010808DD9BACA, sigsha=1d2bd2e128afaf92cfadad680073d16f56ff3f37, cached=false, source=0, resourceid=0x650575a3
Internal signature match:subtype=Lowfi, sigseq=0x0000108088DED988, sigsha=07a21b7b56166d151006d9e5b55653d6f067dc6a, cached=false, source=0, resourceid=0x650575a3
Internal signature match:subtype=Lowfi, sigseq=0x000005550A584201, sigsha=612fc2194d8c99efd2ffc513db4deafbcc6a0b91, cached=false, source=0, resourceid=0x650575a3
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECDA0E220, sigsha=1a12f8bea17fe15443a88acb7ca7b2a7e66453ee, cached=false, source=0, resourceid=0x5c196bc9
Internal signature match:subtype=Lowfi, sigseq=0x000010808DD9BACA, sigsha=1d2bd2e128afaf92cfadad680073d16f56ff3f37, cached=false, source=0, resourceid=0xe662e669
Internal signature match:subtype=Lowfi, sigseq=0x0000108088DED988, sigsha=07a21b7b56166d151006d9e5b55653d6f067dc6a, cached=false, source=0, resourceid=0xe662e669
Internal signature match:subtype=Lowfi, sigseq=0x000005550A584201, sigsha=612fc2194d8c99efd2ffc513db4deafbcc6a0b91, cached=false, source=0, resourceid=0xe662e669
Internal signature match:subtype=Lowfi, sigseq=0x0000157E20DE3423, sigsha=5c4ea0dbe9dceab983b51fc585b394502aa4866e, cached=false, source=0, resourceid=0x02ff26fc
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6C239567, sigsha=745875914289cd59add90ad192eee1d9ed5bad64, cached=false, source=0, resourceid=0x02ff26fc
Internal signature match:subtype=Lowfi, sigseq=0x0000157E23F826F2, sigsha=c9087d971869d9092267c1ba38f2133764f74f10, cached=false, source=0, resourceid=0x02ff26fc
Internal signature match:subtype=Lowfi, sigseq=0x0000157E20DE3423, sigsha=5c4ea0dbe9dceab983b51fc585b394502aa4866e, cached=true, source=0, resourceid=0x02ff26fc
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6C239567, sigsha=745875914289cd59add90ad192eee1d9ed5bad64, cached=true, source=0, resourceid=0x02ff26fc
Internal signature match:subtype=Lowfi, sigseq=0x0000157E23F826F2, sigsha=c9087d971869d9092267c1ba38f2133764f74f10, cached=true, source=0, resourceid=0x02ff26fc
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6A8BD63B, sigsha=1f9207f616b7840f85224d979fdcb6418188f6f4, cached=false, source=0, resourceid=0xb2fe7d82
Internal signature match:subtype=Lowfi, sigseq=0x0000E5E711B2AB39, sigsha=81aa596ffe243ce47b78e77b4f9e92c4e075f336, cached=false, source=0, resourceid=0xb49f25b9
2023-12-18T11:19:58.643Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.655Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-18T11:20:19.670Z Service stop requested (ServiceError: 0x0). Calling CleanupMpService ...
2023-12-18T11:20:19.670Z On demand scan closed without completion. Current scan state: 1. ScanSource: 7, Scan flags:0x10050004. NumberOfResources:88. bRemoveFromList:1
2023-12-18T11:20:19.780Z Unloaded module#0 MpComServer.
Microsoft Antimalware (F7F4CD20-7371-4319-B1DB-6FCFC68573EC) Log
Stopped On 12-18-2023 12:20:19 (Exit Code = 0x0)
************************************************************
--------------------------------------------------------------------------------
Microsoft Antimalware (F7F4CD20-7371-4319-B1DB-6FCFC68573EC) Service Log
Started On 12-19-2023 10:14:29
************************************************************
OS install time not retrieved: hr = 0x8007000d
Current time: 12/19/2023 09:14:29.800235000 UTC (8562 ms since boot)
2023-12-19T09:14:29.795Z ProductId: 4, ProductFeature: 0, LaunchedProtected: 0, IsWcos: 0, IsContainerOs: 0
2023-12-19T09:14:29.795Z [WPP] Starting WPP trace with buffersize 4MB, maxfilesize: 16MB, filename: WdoWppTracing-20231219-101429-00000003-ffffffff.bin ...
2023-12-19T09:14:29.795Z [WPP] Trace session started - WdoWppTracing-20231219-101429-00000003-ffffffff.bin
2023-12-19T09:14:29.795Z OS Build/Branch info: 19041.1.amd64fre.vb_release.191206-1406
2023-12-19T09:14:29.795Z [PlatUpd] Service launched successfully from: E:\ProgramData\Microsoft\Windows Defender\Offline Scanner
2023-12-19T09:14:29.795Z Service is asked to be reenabled.
2023-12-19T09:14:29.795Z Task(-EnableService) launched
2023-12-19T09:14:29.811Z Loaded module#0 MpComServer.
2023-12-19T09:14:29.811Z Loading engine...
2023-12-19T09:14:29.936Z UpdateEngine start: Source: 3, szUpdateDirectory: E:\WINDOWS\Microsoft Antimalware\Definition Updates\{7EDA05BF-A4C5-4AC1-957B-ECCC2DCC2008}
2023-12-19T09:14:30.014Z Verifying engine and signature files (source: 0) ...
2023-12-19T09:14:30.045Z Verified [E:\WINDOWS\Microsoft Antimalware\Definition Updates\{AC16D5CA-2423-4711-BBC1-12498DC650C5}\mpengine.dll]
2023-12-19T09:14:30.092Z Verified [E:\WINDOWS\Microsoft Antimalware\Definition Updates\{AC16D5CA-2423-4711-BBC1-12498DC650C5}\mpasbase.vdm]
2023-12-19T09:14:30.108Z Verified [E:\WINDOWS\Microsoft Antimalware\Definition Updates\{AC16D5CA-2423-4711-BBC1-12498DC650C5}\mpasdlta.vdm]
2023-12-19T09:14:30.139Z Verified [E:\WINDOWS\Microsoft Antimalware\Definition Updates\{AC16D5CA-2423-4711-BBC1-12498DC650C5}\mpavbase.vdm]
2023-12-19T09:14:30.139Z Verified [E:\WINDOWS\Microsoft Antimalware\Definition Updates\{AC16D5CA-2423-4711-BBC1-12498DC650C5}\mpavdlta.vdm]
Database:
2023-12-19T09:14:30.170Z Can't find offline cache cache (E:\WINDOWS\Microsoft Antimalware\Scans\mpcache-B105BB91A40F6AD50DF3078C1ABAF9B61F86B27E.bin): 0x00000002IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007bIDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000dIDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d
2023-12-19T09:14:33.185Z [AutoExclusion] Skipped Non-Windows 10+ Server SKUs.
Engine-HIPS:
2023-12-19T09:14:33.201Z Loaded ASR vdm rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-19T09:14:33.201Z Loaded ASR vdm rule "Block credential stealing from the Windows local security authority subsystem (lsass.exe)", State=5, Action=7, Type=1, Duplicates(Interval=144000000000, scope=0x380)
Engine-HIPS:
2023-12-19T09:14:33.201Z Loaded ASR vdm rule "Block Office applications from injecting code into other processes", State=5, Action=2, Type=24, Duplicates(Interval=144000000000, scope=0x380)
Engine-HIPS:
2023-12-19T09:14:33.201Z Loaded ASR vdm rule "Controlled folder access", State=0, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-12-19T09:14:33.201Z Loaded ASR vdm rule "Block untrusted and unsigned processes that run from USB", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-19T09:14:33.201Z Loaded ASR vdm rule "Block Adobe Reader from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-19T09:14:33.201Z Loaded ASR vdm rule "Block Office applications from creating executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-19T09:14:33.201Z Loaded ASR vdm rule "Block Webshell creation for Servers", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-12-19T09:14:33.201Z Loaded ASR vdm rule "Block Office communication application from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-19T09:14:33.201Z Loaded ASR vdm rule "Block Win32 API calls from Office macro", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-19T09:14:33.201Z Loaded ASR vdm rule "Block abuse of in-the-wild exploited vulnerable signed drivers", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-19T09:14:33.201Z Loaded ASR vdm rule "Block all Office applications from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-19T09:14:33.201Z Loaded ASR vdm rule "Use advanced protection against ransomware", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-19T09:14:33.201Z Loaded ASR vdm rule "Block Process Creations originating from PSExec & WMI commands", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-19T09:14:33.201Z Loaded ASR vdm rule "Block Launching of executable content from email attachment", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-19T09:14:33.201Z Loaded ASR vdm rule "Block JavaScript or VBScript from launching downloaded executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-19T09:14:33.201Z Loaded ASR vdm rule "Block persistence through WMI event subscription", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-19T09:14:33.201Z Loaded ASR vdm rule "Aplha Test for ASR in Audit Mode", State=5, Action=1, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-12-19T09:14:33.201Z Loaded ASR vdm rule "Block rebooting machine in Safe Mode", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-19T09:14:33.201Z Loaded ASR vdm rule "Aplha Test for ASR in Block Mode", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-12-19T09:14:33.201Z Loaded ASR vdm rule "Block execution of potentially obfuscated scripts", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
2023-12-19T09:14:33.201Z CSignatureStatus: back to good
2023-12-19T09:14:33.201Z [Engine] Loaded E:\WINDOWS\Microsoft Antimalware\Definition Updates\{AC16D5CA-2423-4711-BBC1-12498DC650C5}
2023-12-19T09:14:33.201Z [Engine] Removing E:\WINDOWS\Microsoft Antimalware\Definition Updates\{3D88EF25-F55A-4C2B-9284-E1399450853E} ...
2023-12-19T09:14:33.201Z [Engine] Removing E:\WINDOWS\Microsoft Antimalware\Definition Updates\{7EDA05BF-A4C5-4AC1-957B-ECCC2DCC2008} ...
2023-12-19T09:14:33.201Z MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0x0
Signature updated via XCopy on 12-19-2023 10:14:33
Product Version: 4.18.1907.16384
Service Version: 4.18.1909.6
Engine Version: 1.1.23110.2
AS Signature Version: 1.403.756.0
AV Signature Version: 1.403.756.0
************************************************************
2023-12-19T09:14:33.201Z UpdateEngine finished with 0x0: Source: 3, szUpdateDirectory: E:\WINDOWS\Microsoft Antimalware\Definition Updates\{7EDA05BF-A4C5-4AC1-957B-ECCC2DCC2008}
2023-12-19T09:14:33.201Z Engine loaded!
2023-12-19T09:14:33.217Z Verifying license file...
2023-12-19T09:14:33.217Z Verified [E:\ProgramData\Microsoft\Windows Defender\Offline Scanner\msmplics.dll]
2023-12-19T09:14:33.217Z MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0x0
Product Version: 4.18.1907.16384
Service Version: 4.18.1909.6
Engine Version: 1.1.23110.2
AS Signature Version: 1.403.756.0
AV Signature Version: 1.403.756.0
************************************************************
2023-12-19T09:14:33.842Z MpManagerEnable: setting DisableAS to 0 ...
2023-12-19T09:14:33.842Z MpManagerEnable: setting DisableAV to 0 ...
2023-12-19T09:14:33.842Z Scheduled scan configured CPU priority: normal (LowCpuPriority: 0)
Internal signature match:subtype=Lowfi, sigseq=0x0000108047104308, sigsha=9996b2d1a9b9239b72ae2ea763b71fb8d30def61, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E72E0FC5F, sigsha=c8ac6bd921e3aaff934d47f169f8fa933c7cd938, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA98ED284, sigsha=198c64dc1fe65d96700b19dab54b073ae7c2e8d8, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E81EA8724, sigsha=53fc5536af205e3504aa3a84b11a6c2bfcd971a6, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF6991F72, sigsha=4dbbc08281551726bd04ba902b894b4067c92230, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA1C87284, sigsha=ae3091c75d855340dcd09032a0b064daabbfb780, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000055584077371, sigsha=847de3f39cfd85a781665ee755bc7e1524def11a, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E75987DD1, sigsha=5203f971207c8794fdb268d1ef6813510570ff51, cached=false, source=0, resourceid=0x061a8663
Internal signature match:subtype=Lowfi, sigseq=0x0000157E373595DB, sigsha=7134d1de7c166d5c551e66a45ad5b9d48a4318f5, cached=false, source=0, resourceid=0x4b3d599f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1A6B1298, sigsha=907946ed0e88820e8ecc90b8b92efd7f17588740, cached=false, source=0, resourceid=0x4b3d599f
Internal signature match:subtype=Lowfi, sigseq=0x0000108038338C70, sigsha=5a0eb526c0a7e4bea625b6d4bde9a287b2be8881, cached=false, source=0, resourceid=0x4eff4ae0
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECF3D6D82, sigsha=b7fea1877430e0f1535794b2e6ac9171ed72103e, cached=false, source=0, resourceid=0x45d944dc
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6CF31ED7, sigsha=16c9ffa2cc2cd082e9533ca744bfde0ae3862163, cached=false, source=0, resourceid=0x45d944dc
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA80D2120, sigsha=b325ffa4c13b81bc63c0ea8d8b5653f8a184d350, cached=false, source=0, resourceid=0x01fe7779
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC3B36C98, sigsha=978f333ac4c8da50a64b989d3dce52a5556ea233, cached=false, source=0, resourceid=0xeea5e8c2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17D80484, sigsha=112401fd3d9456ef10091a40f6dee0e347a921e0, cached=false, source=0, resourceid=0x581327ea
Internal signature match:subtype=Lowfi, sigseq=0x0000157E2FC029CB, sigsha=9692474e8263a14739fbd52975b94fbf24ae9d20, cached=false, source=0, resourceid=0x3a64ab1b
Internal signature match:subtype=Lowfi, sigseq=0x0000157E90573C0C, sigsha=b60c1ad184fbcba8c2a993fe3a6ef0097ac7e37e, cached=false, source=0, resourceid=0x4ad065d3
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECC841817, sigsha=e0711b33d07f7208d418b8403c3a38072fc987ff, cached=false, source=0, resourceid=0x4ad065d3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E63932B80, sigsha=2d53ae41a039f458bf9f8c127e3e53fd412f055b, cached=false, source=0, resourceid=0x4fa8d9f2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E42057F1F, sigsha=5d27ebdaaf11c6a160a56c2c74b09fc2f7d21533, cached=false, source=0, resourceid=0x2c29a686
Internal signature match:subtype=Lowfi, sigseq=0x00000555051EE39F, sigsha=32ed9fa9f09fa8fcc70ac6a257c272ea7d24741f, cached=false, source=0, resourceid=0x39e903de
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9FFF7E88, sigsha=f3ff9e037920266c82e8cd27d13af4bb9bf082d8, cached=false, source=0, resourceid=0x59ff5552
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB57753C6, sigsha=17a3663ab1f1a6646eeb54cd914c4f64477f52e4, cached=false, source=0, resourceid=0x03b5a549
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF504A3A9, sigsha=8818296d48fe68b215bd8183c3c0ae8afb70a38b, cached=false, source=0, resourceid=0x108bbfc7
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF3D28AAC, sigsha=f710c89645f9cae691af57ceaa35f736887e7564, cached=false, source=0, resourceid=0x108bbfc7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E4A7BB2E7, sigsha=e9933cb6c6f750caa0cffffb9311f3c07c4b9c56, cached=false, source=0, resourceid=0x108bbfc7
Internal signature match:subtype=Lowfi, sigseq=0x0000055543D5839C, sigsha=acf86560bd9a1f7114b23fc30df95ef5545c0f94, cached=false, source=0, resourceid=0x1226cea7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E3C2D24A4, sigsha=4b72c4f248c845fc31a403e524501a9251ece9f6, cached=false, source=0, resourceid=0xb60a192f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE70F6EDF, sigsha=9bb47b7f7f92e8a054071075078091aecc68d0e3, cached=false, source=0, resourceid=0xb60a192f
Internal signature match:subtype=Lowfi, sigseq=0x000005556D2204AA, sigsha=017069df02e1a59877c9ed0002348ab264d4fe60, cached=false, source=0, resourceid=0xa2a709fd
Internal signature match:subtype=Lowfi, sigseq=0x0000108047104308, sigsha=9996b2d1a9b9239b72ae2ea763b71fb8d30def61, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF6991F72, sigsha=4dbbc08281551726bd04ba902b894b4067c92230, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA1C87284, sigsha=ae3091c75d855340dcd09032a0b064daabbfb780, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000055584077371, sigsha=847de3f39cfd85a781665ee755bc7e1524def11a, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E75987DD1, sigsha=5203f971207c8794fdb268d1ef6813510570ff51, cached=false, source=0, resourceid=0x061a8663
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE360FF2, sigsha=e65bc491bb0bc0ed271fcd72e0bb399aa91d6939, cached=false, source=0, resourceid=0xdf70f478
Internal signature match:subtype=Lowfi, sigseq=0x0000157E05446831, sigsha=5bb8aa155a43deb5285ae3efeaf65bc6003bffad, cached=false, source=0, resourceid=0xdf70f478
Internal signature match:subtype=Lowfi, sigseq=0x0000157E19881DD0, sigsha=f02cc3fa251dc5c0d58a0f43387f763305b9cdd4, cached=false, source=0, resourceid=0xdf70f478
Internal signature match:subtype=Lowfi, sigseq=0x0000157E07C92DEB, sigsha=bc21176c0efe7ea48c495e45b8ae31bd830288ba, cached=false, source=0, resourceid=0xdf70f478
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1851F6F0, sigsha=347191cc63939eb11174f62ea8cf9ff25e119e4b, cached=false, source=0, resourceid=0x9caced11
Internal signature match:subtype=Lowfi, sigseq=0x0000157E25878D8B, sigsha=86062c71080e37753c3921ca74e99b1c896d5ddf, cached=false, source=0, resourceid=0x9caced11
Internal signature match:subtype=Lowfi, sigseq=0x0000157E21A9C807, sigsha=425dad1a99cb275e076d3f1889503c011cbc8ad0, cached=false, source=0, resourceid=0x9caced11
Internal signature match:subtype=Lowfi, sigseq=0x0000157E50A591FE, sigsha=c26d87d8e9b133cfdfe761581629883738ea8128, cached=false, source=0, resourceid=0xbc8a9aeb
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7C18D1AB, sigsha=37b9385e670e39275ebe9230032ae7df0b35054c, cached=false, source=0, resourceid=0x90410ea5
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7C18D1AB, sigsha=37b9385e670e39275ebe9230032ae7df0b35054c, cached=false, source=0, resourceid=0x2189618e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E611C3203, sigsha=192065e741eabb332688d0c8eef88d40c36c00e8, cached=false, source=0, resourceid=0x786bd6f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE2DAFFDE, sigsha=795ab76c6f26b99ca01999b735330d6ac381946d, cached=false, source=0, resourceid=0xbe0695b2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E081657CF, sigsha=2bee3862ce601f666f825e70ac66eb7f3af29b59, cached=false, source=0, resourceid=0xbe0695b2
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFBE10215, sigsha=157a4fb1e9b45247a7bc8ede893b9c4391485faf, cached=false, source=0, resourceid=0x7f604d08
Internal signature match:subtype=Lowfi, sigseq=0x0000157E52DDCDEA, sigsha=3b93f1803b49ef19e78cdb5b0eb394ac1d5f5f58, cached=false, source=0, resourceid=0x267cc814
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECED57273, sigsha=f96f441e2b6c6c3a6f5452714e2e8120c9f5e1a5, cached=false, source=0, resourceid=0x267cc814
Internal signature match:subtype=Lowfi, sigseq=0x0000157E4CB91A4D, sigsha=d7fd7bd446683d7e47590b9c811ab46b0493ee04, cached=false, source=0, resourceid=0x3bc48288
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC7C05CE6, sigsha=8633861b30ffa01d5c0143c88b07d2786f5f8e02, cached=false, source=0, resourceid=0x48e8e4d3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7EAA2C81, sigsha=3e93e7d69f9a38341b96b412e8fc46226c47faf4, cached=false, source=0, resourceid=0x3f0f3bf1
2023-12-19T09:15:29.813Z Process scan (postsignatureupdatescan) started.
2023-12-19T09:15:29.911Z Process scan (postsignatureupdatescan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x0000157E2A1F1565, sigsha=b1d4bfa0e3fca8ab799702a7c40c2bd5bce78559, cached=false, source=0, resourceid=0x9723640c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8390134B, sigsha=2a38d0982d7ce1d485cbf8e06ad1d2ba76022e52, cached=false, source=0, resourceid=0x9723640c
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBCA134AE, sigsha=4ef97bb95078f1ebdfe7fa58e34d444ba9eb226c, cached=false, source=0, resourceid=0xb4124f31
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED252391F, sigsha=cf54332356751ee0ef4d758d1d3633544e7d38e6, cached=false, source=0, resourceid=0x9cc6f55f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7613972F, sigsha=29107c2cd590d8fcbdcff703d82e67caaf58392a, cached=false, source=0, resourceid=0xd3cbf888
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6EBF6E74, sigsha=2cd68840fb06648936d31e6431deea57a25bfd34, cached=false, source=0, resourceid=0x06313dde
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0CE8C54C, sigsha=9da2eda987d787aba801d34e17068fc19ff865e8, cached=false, source=0, resourceid=0x06313dde
Internal signature match:subtype=Lowfi, sigseq=0x0000157EADD83950, sigsha=64812731acbc5147b58095d16c2ecb42bda958b0, cached=false, source=0, resourceid=0xf6522ae7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E80A87E5F, sigsha=1e183491c8b128db444b9b47751758ecdd88ad59, cached=false, source=0, resourceid=0xf6522ae7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E2EEC5699, sigsha=b7658bcb5973db1b2c2409226306fb43b991cc00, cached=false, source=0, resourceid=0xbcc178b3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB65F9477, sigsha=87218037858ff0f58f98ef47742d95c800b08e2a, cached=false, source=0, resourceid=0x0e44109d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E5DE0A9F4, sigsha=b0be48e528e9bdbde1e1499e1d4fb54b5f2a7d23, cached=false, source=0, resourceid=0xa80802cd
Internal signature match:subtype=Lowfi, sigseq=0x0000157E96550BA4, sigsha=2cdfe2ad69f0ec1b447e859f09821f3887b66d47, cached=false, source=0, resourceid=0xce08b410
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFEE07FFC, sigsha=a5c029105f5f93af2f9c48c17024f08c2ff0f1b5, cached=false, source=0, resourceid=0xb9e7261a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB4FFAF59, sigsha=3f54dca11321da2b3091e56839ae59c425e546fd, cached=false, source=0, resourceid=0x671ef7e7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0E6D36B0, sigsha=05ab065ef233a5959941b7d1fd5a931b256dea2c, cached=false, source=0, resourceid=0x6b849e21
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7B6B53F9, sigsha=c39a90ed2e8c36037ac27e13e43d00d7831ddf18, cached=false, source=0, resourceid=0x6b849e21
Internal signature match:subtype=Lowfi, sigseq=0x0000157EED97B59B, sigsha=f98bb8b2042f4c308aadb6a020bb05f6ed6c7ba4, cached=false, source=0, resourceid=0xddae17d4
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECDD91E00, sigsha=462f50f79e320d0b4a41514db5ee9db0575032f9, cached=false, source=0, resourceid=0xddae17d4
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB66F9C5A, sigsha=e520dcc80f04af8a1ef85a9cee017f019f07eed0, cached=false, source=0, resourceid=0xddae17d4
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45FA8CCF, sigsha=6b1ec3b2277b9425f1bc05d5e47226e474f44a37, cached=false, source=0, resourceid=0x851bd22e
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFFD01EE2, sigsha=eb9bac5b900f344b6fbb364e75063bbcda662881, cached=false, source=0, resourceid=0xc0c15512
Internal signature match:subtype=Lowfi, sigseq=0x0000157E3BC59A75, sigsha=d77e7a09dbd2352dfe79a01da5e9444706523a3c, cached=false, source=0, resourceid=0xc0c15512
Internal signature match:subtype=Lowfi, sigseq=0x0000157E95EB6C11, sigsha=0025d7ed432e84a93695cb044ab0591c32888ebc, cached=false, source=0, resourceid=0xc0c15512
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB426EB12, sigsha=c07be9ce36b9dccaef4b33da9ceec08f4bfe970d, cached=false, source=0, resourceid=0x97317a98
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7E6B360C, sigsha=d3ce8cb287f9a5c256c1a27b1e1c297bec6ce574, cached=false, source=0, resourceid=0x915d10c1
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF3800EC2, sigsha=fbe55ce2e035227ae790f9bc31257dee5228d81e, cached=false, source=0, resourceid=0x915d10c1
Internal signature match:subtype=Lowfi, sigseq=0x0000157E504F3F20, sigsha=8c20f99b27c690a3bdf9f2c60015dd89568e7096, cached=false, source=0, resourceid=0x4fcfa563
Internal signature match:subtype=Lowfi, sigseq=0x0000157E77C87D63, sigsha=0804f357827c8ef4f53ed4b1857ef52172ea7424, cached=false, source=0, resourceid=0x4fcfa563
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBDB65BFD, sigsha=4b77ffd1bb179078b95f7ec38146552cf106adba, cached=false, source=0, resourceid=0x64306927
Internal signature match:subtype=Lowfi, sigseq=0x0000157E15CB4297, sigsha=3deeadc8295c01dfdcabba4c213d03aaabf89eaa, cached=false, source=0, resourceid=0x64306927
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDF1859DE, sigsha=40c3a759f89e1551f6569dea8bcfb628fcac516b, cached=false, source=0, resourceid=0xe95114cd
Internal signature match:subtype=Lowfi, sigseq=0x0000157E300CD560, sigsha=52f626168fb9d4518762da5a8f42fe69393434ef, cached=false, source=0, resourceid=0xe95114cd
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1861DA5B, sigsha=76249576560cd5ab321af33c62a22bb3fcb7a7aa, cached=false, source=0, resourceid=0xbd4c5b97
Internal signature match:subtype=Lowfi, sigseq=0x0000157E31619201, sigsha=b9467c748ff8389e24df567db7926489410f4a7f, cached=false, source=0, resourceid=0xe8010bd2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E36E6F30E, sigsha=c965363c18a6183f679bbf60b62d4ee15f2b8eb1, cached=false, source=0, resourceid=0xe8010bd2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8D9F916B, sigsha=9edc5491bdca31053e826c52a17ee491b620c077, cached=false, source=0, resourceid=0x6874ff49
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0C4E9B58, sigsha=de997c447f616102b87a98851e54cd5b71b85c2d, cached=false, source=0, resourceid=0xe9912485
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFB2CF037, sigsha=ac7ede13732aa9d95e5fd1b974c8d1fc106831fb, cached=false, source=0, resourceid=0x802168eb
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECA23F707, sigsha=8957c0f87995f3e1aedca7151ceb3d6a66c9bbcb, cached=false, source=0, resourceid=0xe634cbb6
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED7A2B5C6, sigsha=cb44b508fa5918cb908c161a2d83d0ce006445ec, cached=false, source=0, resourceid=0xe95d689d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1FADD701, sigsha=edfebed220167445f52b7a4ee7ae35e4407cf263, cached=false, source=0, resourceid=0xe95d689d
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC47A0ED1, sigsha=808d88b156b83a39f2b285c1d4485bd9fb292adf, cached=false, source=0, resourceid=0xba0c48e8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9607E046, sigsha=ac2c83b4e1fc9c2d3fbdf0a25159e9339baa5820, cached=false, source=0, resourceid=0x9680057e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6C6B5A85, sigsha=5fc5d13d43ca14154d4cd173923a92ddb4770917, cached=false, source=0, resourceid=0xe3b312a7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E54645BFE, sigsha=0e8f25c15a9d07e93a250fca6602de8c875d6827, cached=false, source=0, resourceid=0x93f8b95f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBF0C7B71, sigsha=23a9b9cd3cd596d6987b9083acb607f26b0ca07f, cached=false, source=0, resourceid=0x93f8b95f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E01D1F404, sigsha=5109d3e15063dfdcf46ebd8792ddf2397f3dfbdf, cached=false, source=0, resourceid=0x32467e9a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E2C607C2A, sigsha=2495838352ec93d90c7fb910f7eb11292d1d0a35, cached=false, source=0, resourceid=0x32467e9a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBABF6B6B, sigsha=5e7cafc29da9e7cf4fb47d0f48bd324fe6572af7, cached=false, source=0, resourceid=0x32467e9a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7B79221F, sigsha=a0bfe47c8c35f3ce2923ff89e84270f8d5d2997f, cached=false, source=0, resourceid=0xe5c1199a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E4F80D3C4, sigsha=3675b32e15cbdbbf86f3dfc37306a6791ef71b67, cached=false, source=0, resourceid=0xe5c1199a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE324C7C6, sigsha=845c70a26c55db8c1a85d40d24cfb71689cd711e, cached=false, source=0, resourceid=0x3b7ff202
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9C8408BD, sigsha=a9006c9616a535e97705ab9acfcaccfa2a68d9d4, cached=false, source=0, resourceid=0x3b7ff202
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC64F0990, sigsha=83fbf5f83f1209bc3b08917aacb72c867f5bc626, cached=false, source=0, resourceid=0x0d49fbb9
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8DADEF34, sigsha=3b78bb042c921bec7822b985bfc4ece7a4218507, cached=false, source=0, resourceid=0x3fb959c4
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7C3914CB, sigsha=0e9345700b4997be1c09d6802235906f8eed8af1, cached=false, source=0, resourceid=0x3fb959c4
Internal signature match:subtype=Lowfi, sigseq=0x0000157E3529FA76, sigsha=d4f2d53d0e6870144f40541493f2206f75e6fffe, cached=false, source=0, resourceid=0x8aebd00c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E50F5E787, sigsha=c72a2dabd50d2900062cdd3a989635f154b2be43, cached=false, source=0, resourceid=0xb216bf8d
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF9B52F65, sigsha=5948a68aa6cdef967a8a74ad15f5c68e2148b8be, cached=false, source=0, resourceid=0x8e60bf7d
Internal signature match:subtype=Lowfi, sigseq=0x0000157EAE9CE044, sigsha=bfc112bd0e84e690ead01ee09b2bcfa732921457, cached=false, source=0, resourceid=0x89700454
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBBDCABA6, sigsha=e60d39ce1889903152f9577a5ecf8413eb86d6a3, cached=false, source=0, resourceid=0x3c54d026
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8A65BD9B, sigsha=bf1b0ec75492964ce9de6683215fc4851a0d053d, cached=false, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED4694B36, sigsha=ea32f2782a34807403aefeaa53696ead18dc5a1f, cached=false, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1063B218, sigsha=e152e2dbcf53a0a559e373d1b4f06157e33d215a, cached=false, source=0, resourceid=0xb63e50ce
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE14DBAC1, sigsha=f3fdf442f77c04493938d10184f2c369cfc14e03, cached=false, source=0, resourceid=0xb87824e7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E72DFF324, sigsha=d0414e2ede0e718a47b4ec630b68f3046408692d, cached=false, source=0, resourceid=0x989eddd1
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFECFC92A, sigsha=7b453cffbb5340840a553c82ce1da962a9d89dd8, cached=false, source=0, resourceid=0x4fe75798
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE136EADF, sigsha=2ec7089cb7c5cbcbafbc76661bebdea13d717e49, cached=false, source=0, resourceid=0xf7f25d72
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE00DBBD4, sigsha=a33dd9ee184d03d759c4834b5d80f45af51899c4, cached=false, source=0, resourceid=0xeabb8ef3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E491C304B, sigsha=92df020002d1b5985981453b351af2c12ac04ea7, cached=false, source=0, resourceid=0x0adb907b
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA6A629FE, sigsha=9ea7bc16d137466f1f8ac86dfe068180c87c46b6, cached=false, source=0, resourceid=0xbc26e6a0
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7699BAE7, sigsha=c56efc63c0efed7d951022aa0a9f30ea7446e3ec, cached=false, source=0, resourceid=0xbc26e6a0
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB4A8CCDD, sigsha=3e53e00184fd6042a7f4e4e74424fc89d8dc3930, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E717B3D0D, sigsha=1ecab1ed5f55fce743fd99a004804b3d285127d5, cached=false, source=0, resourceid=0x9b4328c6
Internal signature match:subtype=Lowfi, sigseq=0x0000157E5AC8BA51, sigsha=22e8ba2ed3bead4a57f4ce7aa821216910655a85, cached=false, source=0, resourceid=0x9b4328c6
Internal signature match:subtype=Lowfi, sigseq=0x0000157EEA93D3A5, sigsha=73dc700b8ce266eedfd9a6a2f1c2bfaa5bd059e2, cached=false, source=0, resourceid=0xf3a56d0b
Internal signature match:subtype=Lowfi, sigseq=0x0000157E015C5829, sigsha=40fc7a092e9428695e2707762c328f8324160f20, cached=false, source=0, resourceid=0xf3a56d0b
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECA404F30, sigsha=786e2618d76255efb340cc469e50f5b9f12f2c1c, cached=false, source=0, resourceid=0xf3a56d0b
Internal signature match:subtype=Lowfi, sigseq=0x0000157E94DED2E8, sigsha=99031b1286f829e82d7cb6be9912f78e368d4d1f, cached=false, source=0, resourceid=0x99a4deda
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6F698215, sigsha=11422559a02d4d507e69ab099e3db5a6d8abdae4, cached=false, source=0, resourceid=0x99a4deda
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0E33A2CE, sigsha=e88f10ef8748567e241abf7644608c2548f6046e, cached=false, source=0, resourceid=0x9bd94ac8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E2A92A82D, sigsha=7925237a1fd78f9f1d43da1d7dbf43d85c0cce07, cached=false, source=0, resourceid=0xeecc439b
Internal signature match:subtype=Lowfi, sigseq=0x0000157E19EF72EE, sigsha=80554e5452aa28dd5f631d8a33bc39f5312681e2, cached=false, source=0, resourceid=0xb95c2a2b
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB7845401, sigsha=b1af1768c26a771bcdfb1f6806184ba01ec55776, cached=false, source=0, resourceid=0x137e533a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E802C27F5, sigsha=7212728b1450a196caaf9060f92e492f29840ced, cached=false, source=0, resourceid=0x9baf4033
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8E7C868D, sigsha=06e69f38615b78c45ca21c180b28eaf118ab17e7, cached=false, source=0, resourceid=0x44aad78c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E373595DB, sigsha=7134d1de7c166d5c551e66a45ad5b9d48a4318f5, cached=false, source=0, resourceid=0x4b3d599f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1A6B1298, sigsha=907946ed0e88820e8ecc90b8b92efd7f17588740, cached=false, source=0, resourceid=0x4b3d599f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E27A471C3, sigsha=c699368d1c7dab5e0640adffde320483a20661dc, cached=false, source=0, resourceid=0x0653da7a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB47F9CE5, sigsha=1c7facf1f461c9b7d57e2eec57ff1218af24c228, cached=false, source=0, resourceid=0x0653da7a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F9DB65D, sigsha=ef1d395f28a8508cc4a86db7a6be4c75d4addfe1, cached=false, source=0, resourceid=0x951a9356
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9811E782, sigsha=090007f25b487a8ca5514aea6ac732ec5083041e, cached=false, source=0, resourceid=0xb981b441
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0x3b3b261e
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0x3b3b261e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0xd847c09c
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0xd847c09c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0xb408b576
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0xb408b576
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0xc4fd9959
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0xc4fd9959
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0xfb4d8457
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0xfb4d8457
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0xe9c6c3c0
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0xe9c6c3c0
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED757ABE0, sigsha=52eacf11e585c636264287f53d8eca865fa79583, cached=false, source=0, resourceid=0xb5226e2e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8A9C8C91, sigsha=1015a23cb0334428e4bf76c083c4f80420a97aca, cached=false, source=0, resourceid=0x43ccb6bd
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC7167D96, sigsha=53d1206d7ef8395ad60d2bf25c94bb12592cb92f, cached=false, source=0, resourceid=0xa347a585
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED038E656, sigsha=f7746402adc98d9d2796028e66ad7171d4c07247, cached=false, source=0, resourceid=0x0b203d8c
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC182D033, sigsha=76e6db047ad873bec8039d1173624da52ffbadd0, cached=false, source=0, resourceid=0x0b203d8c
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED69DAE76, sigsha=bfbca77d8b0e5096f21c995d0a25eb8bb876c1a7, cached=false, source=0, resourceid=0x3d2125f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1C3ABF7F, sigsha=6faf72d8664700aae95427952a70f17ac61331b1, cached=false, source=0, resourceid=0xd983ccd5
Internal signature match:subtype=Lowfi, sigseq=0x0000157E73E353E2, sigsha=03719bcf6a17011a0c242d7932894002fbeb92bd, cached=false, source=0, resourceid=0xf4b5697b
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDB29CACD, sigsha=232cce57ecae32ecd4cb0d0e4e05687591c81361, cached=false, source=0, resourceid=0xc6f93443
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7DFED8CD, sigsha=f52adaafc077f9f0ceeab8a536f77ca1c3398ee7, cached=false, source=0, resourceid=0x37b118b2
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDE346197, sigsha=d5649e6a14b2ef3de6c230a584c08ba5a2086cc4, cached=false, source=0, resourceid=0xceda1946
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED1D33DD4, sigsha=5f32b0f06e3d9c53d943db4bf1013c5cbad6da11, cached=false, source=0, resourceid=0x5b2b6412
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9800D9B3, sigsha=af9728f053ed27553dc338688b9af1dbe38ed72f, cached=false, source=0, resourceid=0x8511695e
Internal signature match:subtype=Lowfi, sigseq=0x000005553BC4EF32, sigsha=0401730fab8037328ab58c3806d789c718149a11, cached=false, source=0, resourceid=0xce76ae0a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E58D3D69C, sigsha=7653306ed7e4bb4cbd24f4c56ed07ee9fc494284, cached=false, source=0, resourceid=0x578d689a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE6997222, sigsha=4d13bb30cafc6c8fd4a31fc15b3f3b7ddec16ef0, cached=false, source=0, resourceid=0xcc8ad5a7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E94A3B2C3, sigsha=2f666ca6c2f42d78e59f25290c12e3969b432b9d, cached=false, source=0, resourceid=0xcc8ad5a7
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBFDFD540, sigsha=96e096d9d0454966c2c0f5015bd64b36d6d2c565, cached=false, source=0, resourceid=0xcc8ad5a7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7AD4B722, sigsha=91124c3793d9810eb8ecedf8cadf2a46cb634c5d, cached=false, source=0, resourceid=0xcc8ad5a7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9D492BAF, sigsha=e90ce058789f2b06cf005d56de0b26f57f1c3736, cached=false, source=0, resourceid=0x67452d98
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC73DC711, sigsha=18c63aa1b7401fd94a9cce039a935d3a734826ef, cached=false, source=0, resourceid=0x48f913cb
Internal signature match:subtype=Lowfi, sigseq=0x000005554F5CEA63, sigsha=7c3e66a8ee931fd387af84b97c8a112dbd7a0805, cached=false, source=0, resourceid=0x3549dae9
Internal signature match:subtype=Lowfi, sigseq=0x0000157E373214B2, sigsha=5ad6bdbbab670a35043649daf11c94f93de515ce, cached=false, source=0, resourceid=0x9525267d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E303AD357, sigsha=aa0a589c24b16ecfb3e60b70feb93b386025b722, cached=false, source=0, resourceid=0x9525267d
Engine:
2023-12-19T09:16:16.312Z Triggered AR EMS scan

Engine:
2023-12-19T09:16:16.312Z EMS scan for process: lsass pid: 796, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-19T09:16:16.374Z EMS scan for process: svchost pid: 904, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-19T09:16:16.405Z EMS scan for process: svchost pid: 1020, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-19T09:16:16.437Z EMS scan for process: svchost pid: 888, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-19T09:16:16.483Z EMS scan for process: svchost pid: 808, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-19T09:16:16.515Z EMS scan for process: svchost pid: 1044, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-19T09:16:16.546Z EMS scan for process: svchost pid: 1168, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-19T09:16:16.577Z EMS scan for process: svchost pid: 1464, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-19T09:16:16.608Z EMS scan for process: svchost pid: 1560, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-19T09:16:16.640Z EMS scan for process: svchost pid: 1712, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-19T09:16:16.655Z EMS scan for process: svchost pid: 1772, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB4A8CCDD, sigsha=3e53e00184fd6042a7f4e4e74424fc89d8dc3930, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB4A8CCDD, sigsha=3e53e00184fd6042a7f4e4e74424fc89d8dc3930, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB4A8CCDD, sigsha=3e53e00184fd6042a7f4e4e74424fc89d8dc3930, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB4A8CCDD, sigsha=3e53e00184fd6042a7f4e4e74424fc89d8dc3930, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB4A8CCDD, sigsha=3e53e00184fd6042a7f4e4e74424fc89d8dc3930, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB4A8CCDD, sigsha=3e53e00184fd6042a7f4e4e74424fc89d8dc3930, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8A65BD9B, sigsha=bf1b0ec75492964ce9de6683215fc4851a0d053d, cached=false, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED4694B36, sigsha=ea32f2782a34807403aefeaa53696ead18dc5a1f, cached=false, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB4A8CCDD, sigsha=3e53e00184fd6042a7f4e4e74424fc89d8dc3930, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB4A8CCDD, sigsha=3e53e00184fd6042a7f4e4e74424fc89d8dc3930, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB4A8CCDD, sigsha=3e53e00184fd6042a7f4e4e74424fc89d8dc3930, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB4A8CCDD, sigsha=3e53e00184fd6042a7f4e4e74424fc89d8dc3930, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB4A8CCDD, sigsha=3e53e00184fd6042a7f4e4e74424fc89d8dc3930, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB4A8CCDD, sigsha=3e53e00184fd6042a7f4e4e74424fc89d8dc3930, cached=true, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x00000555051EE39F, sigsha=32ed9fa9f09fa8fcc70ac6a257c272ea7d24741f, cached=true, source=0, resourceid=0x39e903de
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=true, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=true, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8D9F916B, sigsha=9edc5491bdca31053e826c52a17ee491b620c077, cached=true, source=0, resourceid=0x6874ff49
Internal signature match:subtype=Lowfi, sigseq=0x000005554F5CEA63, sigsha=7c3e66a8ee931fd387af84b97c8a112dbd7a0805, cached=true, source=0, resourceid=0x3549dae9
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBDB65BFD, sigsha=4b77ffd1bb179078b95f7ec38146552cf106adba, cached=true, source=0, resourceid=0x64306927
Internal signature match:subtype=Lowfi, sigseq=0x0000157E15CB4297, sigsha=3deeadc8295c01dfdcabba4c213d03aaabf89eaa, cached=true, source=0, resourceid=0x64306927
Internal signature match:subtype=Lowfi, sigseq=0x0000157E234F2300, sigsha=2e0525b8514f547c712e02a272adb35d34347222, cached=false, source=0, resourceid=0xe248dba8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F9DB65D, sigsha=ef1d395f28a8508cc4a86db7a6be4c75d4addfe1, cached=true, source=0, resourceid=0x951a9356
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1861DA5B, sigsha=76249576560cd5ab321af33c62a22bb3fcb7a7aa, cached=true, source=0, resourceid=0xbd4c5b97
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8A65BD9B, sigsha=bf1b0ec75492964ce9de6683215fc4851a0d053d, cached=true, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED4694B36, sigsha=ea32f2782a34807403aefeaa53696ead18dc5a1f, cached=true, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E234F2300, sigsha=2e0525b8514f547c712e02a272adb35d34347222, cached=false, source=0, resourceid=0xe248dba8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E96550BA4, sigsha=2cdfe2ad69f0ec1b447e859f09821f3887b66d47, cached=true, source=0, resourceid=0xce08b410
Internal signature match:subtype=Lowfi, sigseq=0x0000157E234F2300, sigsha=2e0525b8514f547c712e02a272adb35d34347222, cached=false, source=0, resourceid=0xe248dba8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E234F2300, sigsha=2e0525b8514f547c712e02a272adb35d34347222, cached=false, source=0, resourceid=0xe248dba8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E98A01513, sigsha=ef7806d4b860b3c08806514cc19b3043411796fa, cached=false, source=0, resourceid=0xbd101bb6
Internal signature match:subtype=Lowfi, sigseq=0x0000157E31B92500, sigsha=77ec830a8a36bfe7b4651e213b11e7b1f7f8a3f1, cached=false, source=0, resourceid=0x78429977
Internal signature match:subtype=Lowfi, sigseq=0x000010808DD9BACA, sigsha=1d2bd2e128afaf92cfadad680073d16f56ff3f37, cached=false, source=0, resourceid=0x650575a3
Internal signature match:subtype=Lowfi, sigseq=0x0000108088DED988, sigsha=07a21b7b56166d151006d9e5b55653d6f067dc6a, cached=false, source=0, resourceid=0x650575a3
Internal signature match:subtype=Lowfi, sigseq=0x000005550A584201, sigsha=612fc2194d8c99efd2ffc513db4deafbcc6a0b91, cached=false, source=0, resourceid=0x650575a3
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECDA0E220, sigsha=1a12f8bea17fe15443a88acb7ca7b2a7e66453ee, cached=false, source=0, resourceid=0x5c196bc9
Internal signature match:subtype=Lowfi, sigseq=0x000010808DD9BACA, sigsha=1d2bd2e128afaf92cfadad680073d16f56ff3f37, cached=false, source=0, resourceid=0xe662e669
Internal signature match:subtype=Lowfi, sigseq=0x0000108088DED988, sigsha=07a21b7b56166d151006d9e5b55653d6f067dc6a, cached=false, source=0, resourceid=0xe662e669
Internal signature match:subtype=Lowfi, sigseq=0x000005550A584201, sigsha=612fc2194d8c99efd2ffc513db4deafbcc6a0b91, cached=false, source=0, resourceid=0xe662e669
Internal signature match:subtype=Lowfi, sigseq=0x0000157E20DE3423, sigsha=5c4ea0dbe9dceab983b51fc585b394502aa4866e, cached=false, source=0, resourceid=0x02ff26fc
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6C239567, sigsha=745875914289cd59add90ad192eee1d9ed5bad64, cached=false, source=0, resourceid=0x02ff26fc
Internal signature match:subtype=Lowfi, sigseq=0x0000157E23F826F2, sigsha=c9087d971869d9092267c1ba38f2133764f74f10, cached=false, source=0, resourceid=0x02ff26fc
Internal signature match:subtype=Lowfi, sigseq=0x0000157E20DE3423, sigsha=5c4ea0dbe9dceab983b51fc585b394502aa4866e, cached=true, source=0, resourceid=0x02ff26fc
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6C239567, sigsha=745875914289cd59add90ad192eee1d9ed5bad64, cached=true, source=0, resourceid=0x02ff26fc
Internal signature match:subtype=Lowfi, sigseq=0x0000157E23F826F2, sigsha=c9087d971869d9092267c1ba38f2133764f74f10, cached=true, source=0, resourceid=0x02ff26fc
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6A8BD63B, sigsha=1f9207f616b7840f85224d979fdcb6418188f6f4, cached=false, source=0, resourceid=0xb2fe7d82
Internal signature match:subtype=Lowfi, sigseq=0x0000E5E711B2AB39, sigsha=81aa596ffe243ce47b78e77b4f9e92c4e075f336, cached=false, source=0, resourceid=0xb49f25b9
2023-12-19T09:17:07.362Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.311Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.311Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.311Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.311Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.311Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.311Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.311Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.311Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.311Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.311Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.311Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.311Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.311Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.311Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.311Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.311Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.311Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.311Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.311Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.311Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.311Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.311Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.311Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.311Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.311Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.311Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.311Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.311Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.311Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.311Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.311Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.327Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.327Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.327Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.327Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.327Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.327Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.327Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.327Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.327Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.327Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.327Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.327Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.327Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.327Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.327Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.327Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.327Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-19T09:17:28.327Z Service stop requested (ServiceError: 0x0). Calling CleanupMpService ...
2023-12-19T09:17:28.420Z Unloaded module#0 MpComServer.
Microsoft Antimalware (F7F4CD20-7371-4319-B1DB-6FCFC68573EC) Log
Stopped On 12-19-2023 10:17:28 (Exit Code = 0x0)
************************************************************
--------------------------------------------------------------------------------
Microsoft Antimalware (F7F4CD20-7371-4319-B1DB-6FCFC68573EC) Service Log
Started On 12-25-2023 08:13:19
************************************************************
OS install time not retrieved: hr = 0x8007000d
Current time: 12/25/2023 07:13:19.665400700 UTC (8421 ms since boot)
2023-12-25T07:13:19.651Z ProductId: 4, ProductFeature: 0, LaunchedProtected: 0, IsWcos: 0, IsContainerOs: 0
2023-12-25T07:13:19.651Z [WPP] Starting WPP trace with buffersize 4MB, maxfilesize: 16MB, filename: WdoWppTracing-20231225-081319-00000003-ffffffff.bin ...
2023-12-25T07:13:19.651Z [WPP] Trace session started - WdoWppTracing-20231225-081319-00000003-ffffffff.bin
2023-12-25T07:13:19.651Z OS Build/Branch info: 19041.1.amd64fre.vb_release.191206-1406
2023-12-25T07:13:19.651Z [PlatUpd] Service launched successfully from: E:\ProgramData\Microsoft\Windows Defender\Offline Scanner
2023-12-25T07:13:19.667Z Service is asked to be reenabled.
2023-12-25T07:13:19.667Z Task(-EnableService) launched
2023-12-25T07:13:19.682Z Loaded module#0 MpComServer.
2023-12-25T07:13:19.682Z Loading engine...
2023-12-25T07:13:19.776Z UpdateEngine start: Source: 3, szUpdateDirectory: E:\WINDOWS\Microsoft Antimalware\Definition Updates\{AE5C31EF-1829-48E8-BA90-8C7ACA1AAD19}
2023-12-25T07:13:19.854Z Verifying engine and signature files (source: 0) ...
2023-12-25T07:13:19.886Z Verified [E:\WINDOWS\Microsoft Antimalware\Definition Updates\{20EA2F05-F7B6-40A4-B5C2-AEB69B76E1D1}\mpengine.dll]
2023-12-25T07:13:19.932Z Verified [E:\WINDOWS\Microsoft Antimalware\Definition Updates\{20EA2F05-F7B6-40A4-B5C2-AEB69B76E1D1}\mpasbase.vdm]
2023-12-25T07:13:19.948Z Verified [E:\WINDOWS\Microsoft Antimalware\Definition Updates\{20EA2F05-F7B6-40A4-B5C2-AEB69B76E1D1}\mpasdlta.vdm]
2023-12-25T07:13:19.979Z Verified [E:\WINDOWS\Microsoft Antimalware\Definition Updates\{20EA2F05-F7B6-40A4-B5C2-AEB69B76E1D1}\mpavbase.vdm]
2023-12-25T07:13:19.979Z Verified [E:\WINDOWS\Microsoft Antimalware\Definition Updates\{20EA2F05-F7B6-40A4-B5C2-AEB69B76E1D1}\mpavdlta.vdm]
Database:
2023-12-25T07:13:20.011Z Can't find offline cache cache (E:\WINDOWS\Microsoft Antimalware\Scans\mpcache-95D6466A080576CABF7861F0DB6F3F829B523478.bin): 0x00000002IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007bIDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000dIDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d
2023-12-25T07:13:23.057Z [AutoExclusion] Skipped Non-Windows 10+ Server SKUs.
Engine-HIPS:
2023-12-25T07:13:23.073Z Loaded ASR vdm rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-25T07:13:23.073Z Loaded ASR vdm rule "Block credential stealing from the Windows local security authority subsystem (lsass.exe)", State=5, Action=7, Type=1, Duplicates(Interval=144000000000, scope=0x380)
Engine-HIPS:
2023-12-25T07:13:23.073Z Loaded ASR vdm rule "Block Office applications from injecting code into other processes", State=5, Action=2, Type=24, Duplicates(Interval=144000000000, scope=0x380)
Engine-HIPS:
2023-12-25T07:13:23.073Z Loaded ASR vdm rule "Controlled folder access", State=0, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-12-25T07:13:23.073Z Loaded ASR vdm rule "Block untrusted and unsigned processes that run from USB", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-25T07:13:23.073Z Loaded ASR vdm rule "Block Adobe Reader from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-25T07:13:23.073Z Loaded ASR vdm rule "Block Office applications from creating executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-25T07:13:23.073Z Loaded ASR vdm rule "Block Webshell creation for Servers", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-12-25T07:13:23.073Z Loaded ASR vdm rule "Block Office communication application from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-25T07:13:23.073Z Loaded ASR vdm rule "Block Win32 API calls from Office macro", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-25T07:13:23.073Z Loaded ASR vdm rule "Block abuse of in-the-wild exploited vulnerable signed drivers", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-25T07:13:23.073Z Loaded ASR vdm rule "Block all Office applications from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-25T07:13:23.073Z Loaded ASR vdm rule "Use advanced protection against ransomware", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-25T07:13:23.073Z Loaded ASR vdm rule "Block Process Creations originating from PSExec & WMI commands", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-25T07:13:23.073Z Loaded ASR vdm rule "Block Launching of executable content from email attachment", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-25T07:13:23.073Z Loaded ASR vdm rule "Block JavaScript or VBScript from launching downloaded executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-25T07:13:23.073Z Loaded ASR vdm rule "Block persistence through WMI event subscription", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-25T07:13:23.073Z Loaded ASR vdm rule "Aplha Test for ASR in Audit Mode", State=5, Action=1, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-12-25T07:13:23.073Z Loaded ASR vdm rule "Block rebooting machine in Safe Mode", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-25T07:13:23.073Z Loaded ASR vdm rule "Aplha Test for ASR in Block Mode", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-12-25T07:13:23.073Z Loaded ASR vdm rule "Block execution of potentially obfuscated scripts", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
2023-12-25T07:13:23.073Z CSignatureStatus: back to good
2023-12-25T07:13:23.073Z [Engine] Loaded E:\WINDOWS\Microsoft Antimalware\Definition Updates\{20EA2F05-F7B6-40A4-B5C2-AEB69B76E1D1}
2023-12-25T07:13:23.073Z [Engine] Removing E:\WINDOWS\Microsoft Antimalware\Definition Updates\{AC16D5CA-2423-4711-BBC1-12498DC650C5} ...
2023-12-25T07:13:23.073Z [Engine] Removing E:\WINDOWS\Microsoft Antimalware\Definition Updates\{AE5C31EF-1829-48E8-BA90-8C7ACA1AAD19} ...
2023-12-25T07:13:23.073Z MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0x0
Signature updated via XCopy on 12-25-2023 08:13:23
Product Version: 4.18.1907.16384
Service Version: 4.18.1909.6
Engine Version: 1.1.23110.2
AS Signature Version: 1.403.1079.0
AV Signature Version: 1.403.1079.0
************************************************************
2023-12-25T07:13:23.073Z UpdateEngine finished with 0x0: Source: 3, szUpdateDirectory: E:\WINDOWS\Microsoft Antimalware\Definition Updates\{AE5C31EF-1829-48E8-BA90-8C7ACA1AAD19}
2023-12-25T07:13:23.073Z Engine loaded!
2023-12-25T07:13:23.073Z Verifying license file...
2023-12-25T07:13:23.088Z Verified [E:\ProgramData\Microsoft\Windows Defender\Offline Scanner\msmplics.dll]
2023-12-25T07:13:23.088Z MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0x0
Product Version: 4.18.1907.16384
Service Version: 4.18.1909.6
Engine Version: 1.1.23110.2
AS Signature Version: 1.403.1079.0
AV Signature Version: 1.403.1079.0
************************************************************
2023-12-25T07:13:23.713Z MpManagerEnable: setting DisableAS to 0 ...
2023-12-25T07:13:23.713Z MpManagerEnable: setting DisableAV to 0 ...
2023-12-25T07:13:23.713Z Scheduled scan configured CPU priority: normal (LowCpuPriority: 0)
Internal signature match:subtype=Lowfi, sigseq=0x0000108047104308, sigsha=9996b2d1a9b9239b72ae2ea763b71fb8d30def61, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E72E0FC5F, sigsha=c8ac6bd921e3aaff934d47f169f8fa933c7cd938, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA98ED284, sigsha=198c64dc1fe65d96700b19dab54b073ae7c2e8d8, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E81EA8724, sigsha=53fc5536af205e3504aa3a84b11a6c2bfcd971a6, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF6991F72, sigsha=4dbbc08281551726bd04ba902b894b4067c92230, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA1C87284, sigsha=ae3091c75d855340dcd09032a0b064daabbfb780, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000055584077371, sigsha=847de3f39cfd85a781665ee755bc7e1524def11a, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E75987DD1, sigsha=5203f971207c8794fdb268d1ef6813510570ff51, cached=false, source=0, resourceid=0x061a8663
Internal signature match:subtype=Lowfi, sigseq=0x0000157E76A6ED41, sigsha=5e1226e2d85860a17f5bdf493b2e1df2e268a840, cached=false, source=0, resourceid=0x84873484
Internal signature match:subtype=Lowfi, sigseq=0x0000157E373595DB, sigsha=7134d1de7c166d5c551e66a45ad5b9d48a4318f5, cached=false, source=0, resourceid=0x4b3d599f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1A6B1298, sigsha=907946ed0e88820e8ecc90b8b92efd7f17588740, cached=false, source=0, resourceid=0x4b3d599f
Internal signature match:subtype=Lowfi, sigseq=0x0000108038338C70, sigsha=5a0eb526c0a7e4bea625b6d4bde9a287b2be8881, cached=false, source=0, resourceid=0x4eff4ae0
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC7F47E26, sigsha=8805264e6b44efcb25474073c658b41113a2de55, cached=false, source=0, resourceid=0x3b04276b
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECF3D6D82, sigsha=b7fea1877430e0f1535794b2e6ac9171ed72103e, cached=false, source=0, resourceid=0x45d944dc
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6CF31ED7, sigsha=16c9ffa2cc2cd082e9533ca744bfde0ae3862163, cached=false, source=0, resourceid=0x45d944dc
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6AAAF905, sigsha=c3008686fe225ea0bb4b42993834db44904aab75, cached=false, source=0, resourceid=0x304c2d6a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF4A10AA3, sigsha=ebc205b1dcf8711a7f4f504cd9a0964d1bdaaa3e, cached=false, source=0, resourceid=0x94b6b781
Internal signature match:subtype=Lowfi, sigseq=0x0000157E10C1C746, sigsha=019f03075a479354e96a31b18ad06502ca1f5fdb, cached=false, source=0, resourceid=0x01fe7779
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA80D2120, sigsha=b325ffa4c13b81bc63c0ea8d8b5653f8a184d350, cached=false, source=0, resourceid=0x01fe7779
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC3B36C98, sigsha=978f333ac4c8da50a64b989d3dce52a5556ea233, cached=false, source=0, resourceid=0xeea5e8c2
Engine:
2023-12-25T07:13:52.417Z Setting original file name "mavinject64.exe" for "\\?\e:\windows\syswow64\mavinject.exe", hr=0x0
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17D80484, sigsha=112401fd3d9456ef10091a40f6dee0e347a921e0, cached=false, source=0, resourceid=0x581327ea
Internal signature match:subtype=Lowfi, sigseq=0x0000157E90573C0C, sigsha=b60c1ad184fbcba8c2a993fe3a6ef0097ac7e37e, cached=false, source=0, resourceid=0x4ad065d3
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECC841817, sigsha=e0711b33d07f7208d418b8403c3a38072fc987ff, cached=false, source=0, resourceid=0x4ad065d3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E63932B80, sigsha=2d53ae41a039f458bf9f8c127e3e53fd412f055b, cached=false, source=0, resourceid=0x4fa8d9f2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E42057F1F, sigsha=5d27ebdaaf11c6a160a56c2c74b09fc2f7d21533, cached=false, source=0, resourceid=0x2c29a686
Internal signature match:subtype=Lowfi, sigseq=0x00001080D57D7425, sigsha=d9defd114ccdff269ad2ac7a0e1ff23d773d1bb5, cached=false, source=0, resourceid=0x9a16eb9c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7B58790A, sigsha=1f77b7c50f47fdac1563861a7754cc8a7fab13d4, cached=false, source=0, resourceid=0xb3da6636
Engine:
2023-12-25T07:14:00.102Z Setting original file name "pcalua.exe" for "\\?\e:\windows\syswow64\pcacli.dll", hr=0x0
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF04C668D, sigsha=312df6799c797662143b39147807bf25b8e50e94, cached=false, source=0, resourceid=0x5fc40294
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA7E2F426, sigsha=e65af26a0ef871646c766f6234925e193496f4f1, cached=false, source=0, resourceid=0xbc1705de
Engine:
2023-12-25T07:14:02.909Z Setting original file name "reg.exe" for "\\?\e:\windows\syswow64\reg.exe", hr=0x0
Internal signature match:subtype=Lowfi, sigseq=0x00000555051EE39F, sigsha=32ed9fa9f09fa8fcc70ac6a257c272ea7d24741f, cached=false, source=0, resourceid=0x39e903de
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9FFF7E88, sigsha=f3ff9e037920266c82e8cd27d13af4bb9bf082d8, cached=false, source=0, resourceid=0x59ff5552
Engine:
2023-12-25T07:14:03.018Z Setting original file name "register-cimprovider2.exe" for "\\?\e:\windows\syswow64\register-cimprovider.exe", hr=0x0
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB57753C6, sigsha=17a3663ab1f1a6646eeb54cd914c4f64477f52e4, cached=false, source=0, resourceid=0x03b5a549
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Engine:
2023-12-25T07:14:03.651Z Setting original file name "rundll32.exe" for "\\?\e:\windows\syswow64\rundll32.exe", hr=0x0
Engine:
2023-12-25T07:14:03.863Z Setting original file name "schtasks.exe" for "\\?\e:\windows\syswow64\schtasks.exe", hr=0x0
Internal signature match:subtype=Lowfi, sigseq=0x0000157E24EB7486, sigsha=6b889191347426627fff191c86ec6f908b23161b, cached=false, source=0, resourceid=0x59285dc6
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF504A3A9, sigsha=8818296d48fe68b215bd8183c3c0ae8afb70a38b, cached=false, source=0, resourceid=0x108bbfc7
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF3D28AAC, sigsha=f710c89645f9cae691af57ceaa35f736887e7564, cached=false, source=0, resourceid=0x108bbfc7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E4A7BB2E7, sigsha=e9933cb6c6f750caa0cffffb9311f3c07c4b9c56, cached=false, source=0, resourceid=0x108bbfc7
Internal signature match:subtype=Lowfi, sigseq=0x0000055535762188, sigsha=a096cfdc0cffaee63d5665ba7fe2661a0d001cd0, cached=false, source=0, resourceid=0x5448cbce
Internal signature match:subtype=Lowfi, sigseq=0x0000055543D5839C, sigsha=acf86560bd9a1f7114b23fc30df95ef5545c0f94, cached=false, source=0, resourceid=0x1226cea7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E3C2D24A4, sigsha=4b72c4f248c845fc31a403e524501a9251ece9f6, cached=false, source=0, resourceid=0xb60a192f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE70F6EDF, sigsha=9bb47b7f7f92e8a054071075078091aecc68d0e3, cached=false, source=0, resourceid=0xb60a192f
Internal signature match:subtype=Lowfi, sigseq=0x000005556D2204AA, sigsha=017069df02e1a59877c9ed0002348ab264d4fe60, cached=false, source=0, resourceid=0xa2a709fd
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFF3A016E, sigsha=6343e5fab400bec5c8ee0b85c6225b5014fba50d, cached=false, source=0, resourceid=0xd4c9ce37
Internal signature match:subtype=Lowfi, sigseq=0x0000157E83964C90, sigsha=8695dc4a0cb44386bc5094e05f65e6b5c9b3123f, cached=false, source=0, resourceid=0x3c030fe0
Internal signature match:subtype=Lowfi, sigseq=0x0000108047104308, sigsha=9996b2d1a9b9239b72ae2ea763b71fb8d30def61, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF6991F72, sigsha=4dbbc08281551726bd04ba902b894b4067c92230, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA1C87284, sigsha=ae3091c75d855340dcd09032a0b064daabbfb780, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000055584077371, sigsha=847de3f39cfd85a781665ee755bc7e1524def11a, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E75987DD1, sigsha=5203f971207c8794fdb268d1ef6813510570ff51, cached=false, source=0, resourceid=0x061a8663
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED04A7AE4, sigsha=30e04fa189403b0548341b5f7cadfeb005c20cf7, cached=false, source=0, resourceid=0x160d077c
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC3BA1CB5, sigsha=d8863d26e259b695ea42ffbd063539eb4f03c352, cached=false, source=0, resourceid=0xd6f484f9
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE0C5FE32, sigsha=453a9437acbf73c95925c5a238b1adb5fdaaa16e, cached=false, source=0, resourceid=0x5cfbb764
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE360FF2, sigsha=e65bc491bb0bc0ed271fcd72e0bb399aa91d6939, cached=false, source=0, resourceid=0xdf70f478
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CE47BA0, sigsha=78948503ea5e04b58b1e9fc7d0f14cfeb94fa3ee, cached=false, source=0, resourceid=0xdf70f478
Internal signature match:subtype=Lowfi, sigseq=0x0000157E05446831, sigsha=5bb8aa155a43deb5285ae3efeaf65bc6003bffad, cached=false, source=0, resourceid=0xdf70f478
Internal signature match:subtype=Lowfi, sigseq=0x0000157E19881DD0, sigsha=f02cc3fa251dc5c0d58a0f43387f763305b9cdd4, cached=false, source=0, resourceid=0xdf70f478
Internal signature match:subtype=Lowfi, sigseq=0x0000157E07C92DEB, sigsha=bc21176c0efe7ea48c495e45b8ae31bd830288ba, cached=false, source=0, resourceid=0xdf70f478
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1851F6F0, sigsha=347191cc63939eb11174f62ea8cf9ff25e119e4b, cached=false, source=0, resourceid=0x9caced11
Internal signature match:subtype=Lowfi, sigseq=0x0000157E25878D8B, sigsha=86062c71080e37753c3921ca74e99b1c896d5ddf, cached=false, source=0, resourceid=0x9caced11
Internal signature match:subtype=Lowfi, sigseq=0x0000157E21A9C807, sigsha=425dad1a99cb275e076d3f1889503c011cbc8ad0, cached=false, source=0, resourceid=0x9caced11
Internal signature match:subtype=Lowfi, sigseq=0x0000157E50A591FE, sigsha=c26d87d8e9b133cfdfe761581629883738ea8128, cached=false, source=0, resourceid=0xbc8a9aeb
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC4FC4E35, sigsha=780fc713e0ea52224f8e480e6af71da30c2d0712, cached=false, source=0, resourceid=0x5fbbc9aa
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7C18D1AB, sigsha=37b9385e670e39275ebe9230032ae7df0b35054c, cached=false, source=0, resourceid=0x90410ea5
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7C18D1AB, sigsha=37b9385e670e39275ebe9230032ae7df0b35054c, cached=false, source=0, resourceid=0x2189618e
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE2DAFFDE, sigsha=795ab76c6f26b99ca01999b735330d6ac381946d, cached=false, source=0, resourceid=0xbe0695b2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E081657CF, sigsha=2bee3862ce601f666f825e70ac66eb7f3af29b59, cached=false, source=0, resourceid=0xbe0695b2
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFBE10215, sigsha=157a4fb1e9b45247a7bc8ede893b9c4391485faf, cached=false, source=0, resourceid=0x7f604d08
2023-12-25T07:14:19.677Z Process scan (postsignatureupdatescan) started.
Internal signature match:subtype=Lowfi, sigseq=0x0000157E52DDCDEA, sigsha=3b93f1803b49ef19e78cdb5b0eb394ac1d5f5f58, cached=false, source=0, resourceid=0x267cc814
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECED57273, sigsha=f96f441e2b6c6c3a6f5452714e2e8120c9f5e1a5, cached=false, source=0, resourceid=0x267cc814
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC585F892, sigsha=36d010877ce912abaced621d81e4ed82d0441069, cached=false, source=0, resourceid=0x3bc48288
Internal signature match:subtype=Lowfi, sigseq=0x0000157E4CB91A4D, sigsha=d7fd7bd446683d7e47590b9c811ab46b0493ee04, cached=false, source=0, resourceid=0x3bc48288
2023-12-25T07:14:19.771Z Process scan (postsignatureupdatescan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDA4B15A0, sigsha=e4b7dc6b70a64b656ee8c47783902b911e2a41fb, cached=false, source=0, resourceid=0xad53dc69
Internal signature match:subtype=Lowfi, sigseq=0x0000157E41022000, sigsha=dd6f915577c609379e5a43322c44830cba22db05, cached=false, source=0, resourceid=0xcfcc4023
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC7C05CE6, sigsha=8633861b30ffa01d5c0143c88b07d2786f5f8e02, cached=false, source=0, resourceid=0x48e8e4d3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E2A1F1565, sigsha=b1d4bfa0e3fca8ab799702a7c40c2bd5bce78559, cached=false, source=0, resourceid=0x9723640c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8390134B, sigsha=2a38d0982d7ce1d485cbf8e06ad1d2ba76022e52, cached=false, source=0, resourceid=0x9723640c
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBCA134AE, sigsha=4ef97bb95078f1ebdfe7fa58e34d444ba9eb226c, cached=false, source=0, resourceid=0xb4124f31
Internal signature match:subtype=Lowfi, sigseq=0x0000157E5B5D193E, sigsha=758ee08a1d4cd63aa1c79b433952f3b5fede1b03, cached=false, source=0, resourceid=0x921aa069
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6C8FBB73, sigsha=4e5449665be53f5d030169f56a21964a27847b5a, cached=false, source=0, resourceid=0x9cc6f55f
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED252391F, sigsha=cf54332356751ee0ef4d758d1d3633544e7d38e6, cached=false, source=0, resourceid=0x9cc6f55f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDCF1F916, sigsha=d3bd9b5c0810fa36babc76add4c96861ded8f4c0, cached=false, source=0, resourceid=0x9bebd375
Internal signature match:subtype=Lowfi, sigseq=0x0000157E29093ED1, sigsha=b1345f389d9dd6d5e7b7131a92d32548ec209dfe, cached=false, source=0, resourceid=0x97e4f5a1
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7613972F, sigsha=29107c2cd590d8fcbdcff703d82e67caaf58392a, cached=false, source=0, resourceid=0xd3cbf888
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6EBF6E74, sigsha=2cd68840fb06648936d31e6431deea57a25bfd34, cached=false, source=0, resourceid=0x06313dde
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0CE8C54C, sigsha=9da2eda987d787aba801d34e17068fc19ff865e8, cached=false, source=0, resourceid=0x06313dde
Internal signature match:subtype=Lowfi, sigseq=0x0000157E2545CFEA, sigsha=cfa4428e86d61ce7f330a2a9c12f0d72a16af17a, cached=false, source=0, resourceid=0xfd6ed15a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E784E8F36, sigsha=9c2c71199eb67daef3217d11c0b3847161516e42, cached=false, source=0, resourceid=0xbcde05a0
Internal signature match:subtype=Lowfi, sigseq=0x0000157EADD83950, sigsha=64812731acbc5147b58095d16c2ecb42bda958b0, cached=false, source=0, resourceid=0xf6522ae7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E80A87E5F, sigsha=1e183491c8b128db444b9b47751758ecdd88ad59, cached=false, source=0, resourceid=0xf6522ae7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E2EEC5699, sigsha=b7658bcb5973db1b2c2409226306fb43b991cc00, cached=false, source=0, resourceid=0xbcc178b3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB65F9477, sigsha=87218037858ff0f58f98ef47742d95c800b08e2a, cached=false, source=0, resourceid=0x0e44109d
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECFA32B71, sigsha=d9939e85fcc1f85f946c88d8bfa63917afaf7a6c, cached=false, source=0, resourceid=0x0e44109d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E96550BA4, sigsha=2cdfe2ad69f0ec1b447e859f09821f3887b66d47, cached=false, source=0, resourceid=0xce08b410
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDB9C234B, sigsha=16888a79a11a522cba52ef773c8291c12be7343b, cached=false, source=0, resourceid=0xb98be9cf
Internal signature match:subtype=Lowfi, sigseq=0x0000157EAFABE74A, sigsha=fd10ca36afc9e6d4399c07dd41dbf09dde1e5236, cached=false, source=0, resourceid=0x6f0f64fd
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB4FFAF59, sigsha=3f54dca11321da2b3091e56839ae59c425e546fd, cached=false, source=0, resourceid=0x671ef7e7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0E6D36B0, sigsha=05ab065ef233a5959941b7d1fd5a931b256dea2c, cached=false, source=0, resourceid=0x6b849e21
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7B6B53F9, sigsha=c39a90ed2e8c36037ac27e13e43d00d7831ddf18, cached=false, source=0, resourceid=0x6b849e21
Internal signature match:subtype=Lowfi, sigseq=0x0000157E36EF3D27, sigsha=38689ccbd37599eebe372762677321fd41b92c2c, cached=false, source=0, resourceid=0x09e176ed
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8EE7E0D6, sigsha=f5f19c4c3eee6f2cd8ac0ab91104113b2c86d875, cached=false, source=0, resourceid=0xddae17d4
Internal signature match:subtype=Lowfi, sigseq=0x0000157EED97B59B, sigsha=f98bb8b2042f4c308aadb6a020bb05f6ed6c7ba4, cached=false, source=0, resourceid=0xddae17d4
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECDD91E00, sigsha=462f50f79e320d0b4a41514db5ee9db0575032f9, cached=false, source=0, resourceid=0xddae17d4
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB66F9C5A, sigsha=e520dcc80f04af8a1ef85a9cee017f019f07eed0, cached=false, source=0, resourceid=0xddae17d4
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45FA8CCF, sigsha=6b1ec3b2277b9425f1bc05d5e47226e474f44a37, cached=false, source=0, resourceid=0x851bd22e
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFFD01EE2, sigsha=eb9bac5b900f344b6fbb364e75063bbcda662881, cached=false, source=0, resourceid=0xc0c15512
Internal signature match:subtype=Lowfi, sigseq=0x0000157E3BC59A75, sigsha=d77e7a09dbd2352dfe79a01da5e9444706523a3c, cached=false, source=0, resourceid=0xc0c15512
Internal signature match:subtype=Lowfi, sigseq=0x0000157E95EB6C11, sigsha=0025d7ed432e84a93695cb044ab0591c32888ebc, cached=false, source=0, resourceid=0xc0c15512
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA6C259FE, sigsha=07a8f4f746018b937b24427b3de46e041ba86214, cached=false, source=0, resourceid=0xebc004c2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6ABE6509, sigsha=850e15aa71b6d5147b3df6c73e981c6ed13c19d1, cached=false, source=0, resourceid=0x79feb6ee
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1F886129, sigsha=2a2f2b83725627095887fafe185252be427b8226, cached=false, source=0, resourceid=0x29dcbabf
Internal signature match:subtype=Lowfi, sigseq=0x0000157E64836C36, sigsha=2a2b956ace7677eb49a904f4a1dc92fcecdd857f, cached=false, source=0, resourceid=0xda270a39
Internal signature match:subtype=Lowfi, sigseq=0x0000157E504F3F20, sigsha=8c20f99b27c690a3bdf9f2c60015dd89568e7096, cached=false, source=0, resourceid=0x4fcfa563
Internal signature match:subtype=Lowfi, sigseq=0x0000157E77C87D63, sigsha=0804f357827c8ef4f53ed4b1857ef52172ea7424, cached=false, source=0, resourceid=0x4fcfa563
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17A2F333, sigsha=197d0bbb032413f1a939ffe82ba5ba476892d09a, cached=false, source=0, resourceid=0x64306927
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBDB65BFD, sigsha=4b77ffd1bb179078b95f7ec38146552cf106adba, cached=false, source=0, resourceid=0x64306927
Internal signature match:subtype=Lowfi, sigseq=0x0000157E15CB4297, sigsha=3deeadc8295c01dfdcabba4c213d03aaabf89eaa, cached=false, source=0, resourceid=0x64306927
Internal signature match:subtype=Lowfi, sigseq=0x000005557C2D48EC, sigsha=78ef4afb6da9ceba3d94e1924d1ce7fea9196cc0, cached=false, source=0, resourceid=0x1c7d0003
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDF1859DE, sigsha=40c3a759f89e1551f6569dea8bcfb628fcac516b, cached=false, source=0, resourceid=0xe95114cd
Internal signature match:subtype=Lowfi, sigseq=0x0000157E300CD560, sigsha=52f626168fb9d4518762da5a8f42fe69393434ef, cached=false, source=0, resourceid=0xe95114cd
Internal signature match:subtype=Lowfi, sigseq=0x0000157E65F6D9BD, sigsha=bf2f62236b7f67ab685ac0594f7bea727c618acb, cached=false, source=0, resourceid=0x04b10d0f
Engine:
2023-12-25T07:14:34.728Z Setting original file name "mavinject64.exe" for "\\?\e:\windows\system32\mavinject.exe", hr=0x0
Internal signature match:subtype=Lowfi, sigseq=0x0000157E24BC0C80, sigsha=48f0ab879fec05e079d6990f6078109326a5ddfb, cached=false, source=0, resourceid=0x0159f2c4
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1861DA5B, sigsha=76249576560cd5ab321af33c62a22bb3fcb7a7aa, cached=false, source=0, resourceid=0xbd4c5b97
Internal signature match:subtype=Lowfi, sigseq=0x0000157E31619201, sigsha=b9467c748ff8389e24df567db7926489410f4a7f, cached=false, source=0, resourceid=0xe8010bd2
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC72B6420, sigsha=3f6da0b4d4d024efc07c6ecba9357f029873a3aa, cached=false, source=0, resourceid=0xe8010bd2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E36E6F30E, sigsha=c965363c18a6183f679bbf60b62d4ee15f2b8eb1, cached=false, source=0, resourceid=0xe8010bd2
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC1966D40, sigsha=a1fc08bf8eff3ca354961a0d8591ea96170f346f, cached=false, source=0, resourceid=0x94cf0285
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDE4AA0A4, sigsha=55f2464f462ae0e05b5263d888cf90e9b88353a2, cached=false, source=0, resourceid=0xabda414e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8D9F916B, sigsha=9edc5491bdca31053e826c52a17ee491b620c077, cached=false, source=0, resourceid=0x6874ff49
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0C4E9B58, sigsha=de997c447f616102b87a98851e54cd5b71b85c2d, cached=false, source=0, resourceid=0xe9912485
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBEDE7A0E, sigsha=336e7f8e1408c508a8fadc5c9403874aaeb4dc03, cached=false, source=0, resourceid=0xe9912485
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED7A2B5C6, sigsha=cb44b508fa5918cb908c161a2d83d0ce006445ec, cached=false, source=0, resourceid=0xe95d689d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1FADD701, sigsha=edfebed220167445f52b7a4ee7ae35e4407cf263, cached=false, source=0, resourceid=0xe95d689d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9607E046, sigsha=ac2c83b4e1fc9c2d3fbdf0a25159e9339baa5820, cached=false, source=0, resourceid=0x9680057e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6C6B5A85, sigsha=5fc5d13d43ca14154d4cd173923a92ddb4770917, cached=false, source=0, resourceid=0xe3b312a7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E54645BFE, sigsha=0e8f25c15a9d07e93a250fca6602de8c875d6827, cached=false, source=0, resourceid=0x93f8b95f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDFC4CCE4, sigsha=b6fe0442434a9c5cd2018c63a70333a710089af3, cached=false, source=0, resourceid=0x93f8b95f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBF0C7B71, sigsha=23a9b9cd3cd596d6987b9083acb607f26b0ca07f, cached=false, source=0, resourceid=0x93f8b95f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E01D1F404, sigsha=5109d3e15063dfdcf46ebd8792ddf2397f3dfbdf, cached=false, source=0, resourceid=0x32467e9a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E2C607C2A, sigsha=2495838352ec93d90c7fb910f7eb11292d1d0a35, cached=false, source=0, resourceid=0x32467e9a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBABF6B6B, sigsha=5e7cafc29da9e7cf4fb47d0f48bd324fe6572af7, cached=false, source=0, resourceid=0x32467e9a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7B79221F, sigsha=a0bfe47c8c35f3ce2923ff89e84270f8d5d2997f, cached=false, source=0, resourceid=0xe5c1199a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E4F80D3C4, sigsha=3675b32e15cbdbbf86f3dfc37306a6791ef71b67, cached=false, source=0, resourceid=0xe5c1199a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EEBE91063, sigsha=83e8f053030253b39c1955d871e6c3e7ebfc69ba, cached=false, source=0, resourceid=0xe5c1199a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA03418DE, sigsha=25df34e10846b31ec4d919da046e69849c4d4cf8, cached=false, source=0, resourceid=0xc0e8e6e2
Engine:
2023-12-25T07:14:43.592Z Setting original file name "pcalua.exe" for "\\?\e:\windows\system32\pcacli.dll", hr=0x0
Engine:
2023-12-25T07:14:43.607Z Setting original file name "pcalua.exe" for "\\?\e:\windows\system32\pcadm.dll", hr=0x0
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE324C7C6, sigsha=845c70a26c55db8c1a85d40d24cfb71689cd711e, cached=false, source=0, resourceid=0x3b7ff202
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9C8408BD, sigsha=a9006c9616a535e97705ab9acfcaccfa2a68d9d4, cached=false, source=0, resourceid=0x3b7ff202
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC64F0990, sigsha=83fbf5f83f1209bc3b08917aacb72c867f5bc626, cached=false, source=0, resourceid=0x0d49fbb9
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8DADEF34, sigsha=3b78bb042c921bec7822b985bfc4ece7a4218507, cached=false, source=0, resourceid=0x3fb959c4
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7C3914CB, sigsha=0e9345700b4997be1c09d6802235906f8eed8af1, cached=false, source=0, resourceid=0x3fb959c4
Internal signature match:subtype=Lowfi, sigseq=0x0000157E50F5E787, sigsha=c72a2dabd50d2900062cdd3a989635f154b2be43, cached=false, source=0, resourceid=0xb216bf8d
Internal signature match:subtype=Lowfi, sigseq=0x0000157EAE9CE044, sigsha=bfc112bd0e84e690ead01ee09b2bcfa732921457, cached=false, source=0, resourceid=0x89700454
Internal signature match:subtype=Lowfi, sigseq=0x0000157E68CCE934, sigsha=90b11ec3b80746e4c4e6be88de043ba3c051fcff, cached=false, source=0, resourceid=0x292e72bf
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBBDCABA6, sigsha=e60d39ce1889903152f9577a5ecf8413eb86d6a3, cached=false, source=0, resourceid=0x3c54d026
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB7911C94, sigsha=4e63109a20f27c1f5740e5d9d42259c226fccd6e, cached=false, source=0, resourceid=0xd93f0580
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8A65BD9B, sigsha=bf1b0ec75492964ce9de6683215fc4851a0d053d, cached=false, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF3876D53, sigsha=9fffeb69876edba74cb0458bbf38d7a692ee00e4, cached=false, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED4694B36, sigsha=ea32f2782a34807403aefeaa53696ead18dc5a1f, cached=false, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECB72A263, sigsha=09b8e7963e285222b7450f7c250ef1b5ef80564d, cached=false, source=0, resourceid=0xca8edb0b
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC9084EC4, sigsha=2990c85733cbbd511c621da8e5d35982b041b21c, cached=false, source=0, resourceid=0x0ab27e26
Engine:
2023-12-25T07:14:46.884Z Setting original file name "reg.exe" for "\\?\e:\windows\system32\reg.exe", hr=0x0
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7EE6B4D0, sigsha=ffbf0d3b6ce00be5d2ec30569e706c368450d5bd, cached=false, source=0, resourceid=0x83854c1f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE14DBAC1, sigsha=f3fdf442f77c04493938d10184f2c369cfc14e03, cached=false, source=0, resourceid=0xb87824e7
Engine:
2023-12-25T07:14:46.946Z Setting original file name "register-cimprovider2.exe" for "\\?\e:\windows\system32\register-cimprovider.exe", hr=0x0
Internal signature match:subtype=Lowfi, sigseq=0x0000157E72DFF324, sigsha=d0414e2ede0e718a47b4ec630b68f3046408692d, cached=false, source=0, resourceid=0x989eddd1
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFECFC92A, sigsha=7b453cffbb5340840a553c82ce1da962a9d89dd8, cached=false, source=0, resourceid=0x4fe75798
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF0723F8A, sigsha=b95f96e1381af73ec53851980a6da344795d5d9a, cached=false, source=0, resourceid=0x4fe75798
Internal signature match:subtype=Lowfi, sigseq=0x0000157E271120E8, sigsha=7fa98c1501da12096ed4926c631dbe2cd232ae0b, cached=false, source=0, resourceid=0xbf96d13f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE00DBBD4, sigsha=a33dd9ee184d03d759c4834b5d80f45af51899c4, cached=false, source=0, resourceid=0xeabb8ef3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E491C304B, sigsha=92df020002d1b5985981453b351af2c12ac04ea7, cached=false, source=0, resourceid=0x0adb907b
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA6A629FE, sigsha=9ea7bc16d137466f1f8ac86dfe068180c87c46b6, cached=false, source=0, resourceid=0xbc26e6a0
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7699BAE7, sigsha=c56efc63c0efed7d951022aa0a9f30ea7446e3ec, cached=false, source=0, resourceid=0xbc26e6a0
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE81028FB, sigsha=e1892e7c1f9811e586c2639f0f322474ecdc9418, cached=false, source=0, resourceid=0x1b64e05e
Engine:
2023-12-25T07:14:47.877Z Setting original file name "rundll32.exe" for "\\?\e:\windows\system32\rundll32.exe", hr=0x0
Internal signature match:subtype=Lowfi, sigseq=0x0000157E717B3D0D, sigsha=1ecab1ed5f55fce743fd99a004804b3d285127d5, cached=false, source=0, resourceid=0x9b4328c6
Internal signature match:subtype=Lowfi, sigseq=0x0000157E5AC8BA51, sigsha=22e8ba2ed3bead4a57f4ce7aa821216910655a85, cached=false, source=0, resourceid=0x9b4328c6
Internal signature match:subtype=Lowfi, sigseq=0x0000157EEA93D3A5, sigsha=73dc700b8ce266eedfd9a6a2f1c2bfaa5bd059e2, cached=false, source=0, resourceid=0xf3a56d0b
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8BB73A51, sigsha=ba56edacec258427c065e816c0b1706d7f29dae8, cached=false, source=0, resourceid=0xf3a56d0b
Internal signature match:subtype=Lowfi, sigseq=0x0000157E015C5829, sigsha=40fc7a092e9428695e2707762c328f8324160f20, cached=false, source=0, resourceid=0xf3a56d0b
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECA404F30, sigsha=786e2618d76255efb340cc469e50f5b9f12f2c1c, cached=false, source=0, resourceid=0xf3a56d0b
Internal signature match:subtype=Lowfi, sigseq=0x0000157E94DED2E8, sigsha=99031b1286f829e82d7cb6be9912f78e368d4d1f, cached=false, source=0, resourceid=0x99a4deda
Engine:
2023-12-25T07:14:48.190Z Setting original file name "schtasks.exe" for "\\?\e:\windows\system32\schtasks.exe", hr=0x0
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6F698215, sigsha=11422559a02d4d507e69ab099e3db5a6d8abdae4, cached=false, source=0, resourceid=0x99a4deda
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0E33A2CE, sigsha=e88f10ef8748567e241abf7644608c2548f6046e, cached=false, source=0, resourceid=0x9bd94ac8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E2A92A82D, sigsha=7925237a1fd78f9f1d43da1d7dbf43d85c0cce07, cached=false, source=0, resourceid=0xeecc439b
Internal signature match:subtype=Lowfi, sigseq=0x0000157E19EF72EE, sigsha=80554e5452aa28dd5f631d8a33bc39f5312681e2, cached=false, source=0, resourceid=0xb95c2a2b
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB7845401, sigsha=b1af1768c26a771bcdfb1f6806184ba01ec55776, cached=false, source=0, resourceid=0x137e533a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E802C27F5, sigsha=7212728b1450a196caaf9060f92e492f29840ced, cached=false, source=0, resourceid=0x9baf4033
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8E7C868D, sigsha=06e69f38615b78c45ca21c180b28eaf118ab17e7, cached=false, source=0, resourceid=0x44aad78c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E868AC6D0, sigsha=685884dada01c46d1351366f4a676fd1d62cc4bf, cached=false, source=0, resourceid=0x44aad78c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E373595DB, sigsha=7134d1de7c166d5c551e66a45ad5b9d48a4318f5, cached=false, source=0, resourceid=0x4b3d599f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1A6B1298, sigsha=907946ed0e88820e8ecc90b8b92efd7f17588740, cached=false, source=0, resourceid=0x4b3d599f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E506CE516, sigsha=dd405d3050821718aa505cb76f4e865d0b5cba3b, cached=false, source=0, resourceid=0x9e6ab5de
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECDCAB20D, sigsha=2a708cccf7b10a25013c0b5951b1bcc086a137c8, cached=false, source=0, resourceid=0xcbca40f4
Internal signature match:subtype=Lowfi, sigseq=0x0000157E27A471C3, sigsha=c699368d1c7dab5e0640adffde320483a20661dc, cached=false, source=0, resourceid=0x0653da7a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB47F9CE5, sigsha=1c7facf1f461c9b7d57e2eec57ff1218af24c228, cached=false, source=0, resourceid=0x0653da7a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E381F8229, sigsha=6b69659e67ee19a6227bb907abbe934e1558dd34, cached=false, source=0, resourceid=0x951a9356
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F9DB65D, sigsha=ef1d395f28a8508cc4a86db7a6be4c75d4addfe1, cached=false, source=0, resourceid=0x951a9356
Internal signature match:subtype=Lowfi, sigseq=0x00000555574674B7, sigsha=796cba459717a994ff7a2b43967c004bdf664ec2, cached=false, source=0, resourceid=0x46f5794e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9811E782, sigsha=090007f25b487a8ca5514aea6ac732ec5083041e, cached=false, source=0, resourceid=0xb981b441
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0x3b3b261e
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0x3b3b261e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0xd847c09c
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0xd847c09c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0xb408b576
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0xb408b576
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0xc4fd9959
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0xc4fd9959
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0xfb4d8457
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0xfb4d8457
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0xe9c6c3c0
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0xe9c6c3c0
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED757ABE0, sigsha=52eacf11e585c636264287f53d8eca865fa79583, cached=false, source=0, resourceid=0xb5226e2e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8A9C8C91, sigsha=1015a23cb0334428e4bf76c083c4f80420a97aca, cached=false, source=0, resourceid=0x43ccb6bd
Internal signature match:subtype=Lowfi, sigseq=0x0000157E20172375, sigsha=6504f6c498382fe884b037442796f59db722aba6, cached=false, source=0, resourceid=0xa347a585
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC7167D96, sigsha=53d1206d7ef8395ad60d2bf25c94bb12592cb92f, cached=false, source=0, resourceid=0xa347a585
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED038E656, sigsha=f7746402adc98d9d2796028e66ad7171d4c07247, cached=false, source=0, resourceid=0x0b203d8c
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC182D033, sigsha=76e6db047ad873bec8039d1173624da52ffbadd0, cached=false, source=0, resourceid=0x0b203d8c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1C3ABF7F, sigsha=6faf72d8664700aae95427952a70f17ac61331b1, cached=false, source=0, resourceid=0xd983ccd5
Internal signature match:subtype=Lowfi, sigseq=0x0000157E73E353E2, sigsha=03719bcf6a17011a0c242d7932894002fbeb92bd, cached=false, source=0, resourceid=0xf4b5697b
Internal signature match:subtype=Lowfi, sigseq=0x0000157E63CF50C1, sigsha=2713767b1b7ab60b52ea371e3d71504169ed7a6d, cached=false, source=0, resourceid=0x4942d3dd
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDB29CACD, sigsha=232cce57ecae32ecd4cb0d0e4e05687591c81361, cached=false, source=0, resourceid=0xc6f93443
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1A7A6B1B, sigsha=7d3fa51a7740a03dab82fd9fde7ea45c590f58a3, cached=false, source=0, resourceid=0xc6f93443
Internal signature match:subtype=Lowfi, sigseq=0x0000157E4B7B97DC, sigsha=2e248bbe23c9c7941fcf2928faa6bb27bdb6232f, cached=false, source=0, resourceid=0x37b118b2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7DFED8CD, sigsha=f52adaafc077f9f0ceeab8a536f77ca1c3398ee7, cached=false, source=0, resourceid=0x37b118b2
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDE346197, sigsha=d5649e6a14b2ef3de6c230a584c08ba5a2086cc4, cached=false, source=0, resourceid=0xceda1946
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB3A15E55, sigsha=d8d1daaca0fc29a9b6dea076c7bf397e422516c3, cached=false, source=0, resourceid=0x5b2b6412
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED1D33DD4, sigsha=5f32b0f06e3d9c53d943db4bf1013c5cbad6da11, cached=false, source=0, resourceid=0x5b2b6412
Internal signature match:subtype=Lowfi, sigseq=0x0000157E85891D9C, sigsha=607d76afcb7ce64bb2484b35c590d3b5dc2a91a5, cached=false, source=0, resourceid=0x5b2b6412
Internal signature match:subtype=Lowfi, sigseq=0x0000157E422503BC, sigsha=c71e0ab130678ecd353deaa32cf1718755e5c921, cached=false, source=0, resourceid=0x069bf971
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBF9115A3, sigsha=11051fb813f6eee7134d7db94c227dca58945899, cached=false, source=0, resourceid=0x2986427c
Engine:
2023-12-25T07:14:56.546Z Setting original file name "vssadmin.exe" for "\\?\e:\windows\system32\vssadmin.exe", hr=0x0
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9800D9B3, sigsha=af9728f053ed27553dc338688b9af1dbe38ed72f, cached=false, source=0, resourceid=0x8511695e
Internal signature match:subtype=Lowfi, sigseq=0x000005553BC4EF32, sigsha=0401730fab8037328ab58c3806d789c718149a11, cached=false, source=0, resourceid=0xce76ae0a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E5F70D5DC, sigsha=4af419c4b5fb2340af03f3d477d6bef984510da4, cached=false, source=0, resourceid=0x578d689a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E58D3D69C, sigsha=7653306ed7e4bb4cbd24f4c56ed07ee9fc494284, cached=false, source=0, resourceid=0x578d689a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE6997222, sigsha=4d13bb30cafc6c8fd4a31fc15b3f3b7ddec16ef0, cached=false, source=0, resourceid=0xcc8ad5a7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E94A3B2C3, sigsha=2f666ca6c2f42d78e59f25290c12e3969b432b9d, cached=false, source=0, resourceid=0xcc8ad5a7
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBFDFD540, sigsha=96e096d9d0454966c2c0f5015bd64b36d6d2c565, cached=false, source=0, resourceid=0xcc8ad5a7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7AD4B722, sigsha=91124c3793d9810eb8ecedf8cadf2a46cb634c5d, cached=false, source=0, resourceid=0xcc8ad5a7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9D492BAF, sigsha=e90ce058789f2b06cf005d56de0b26f57f1c3736, cached=false, source=0, resourceid=0x67452d98
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC7F47E26, sigsha=8805264e6b44efcb25474073c658b41113a2de55, cached=false, source=0, resourceid=0x7ee3beb1
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9D96D663, sigsha=3dbab31835b3cf72c1c6e4547174f517d457c255, cached=false, source=0, resourceid=0x71df9057
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC73DC711, sigsha=18c63aa1b7401fd94a9cce039a935d3a734826ef, cached=false, source=0, resourceid=0x48f913cb
Internal signature match:subtype=Lowfi, sigseq=0x000005554F5CEA63, sigsha=7c3e66a8ee931fd387af84b97c8a112dbd7a0805, cached=false, source=0, resourceid=0x3549dae9
Internal signature match:subtype=Lowfi, sigseq=0x0000157E373214B2, sigsha=5ad6bdbbab670a35043649daf11c94f93de515ce, cached=false, source=0, resourceid=0x9525267d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E303AD357, sigsha=aa0a589c24b16ecfb3e60b70feb93b386025b722, cached=false, source=0, resourceid=0x9525267d
Engine:
2023-12-25T07:15:06.791Z Triggered AR EMS scan

Engine:
2023-12-25T07:15:06.791Z EMS scan for process: lsass pid: 796, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-25T07:15:06.869Z EMS scan for process: svchost pid: 904, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-25T07:15:06.900Z EMS scan for process: svchost pid: 1016, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-25T07:15:06.916Z EMS scan for process: svchost pid: 888, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-25T07:15:06.963Z EMS scan for process: svchost pid: 780, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-25T07:15:06.994Z EMS scan for process: svchost pid: 1048, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-25T07:15:07.025Z EMS scan for process: svchost pid: 1176, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-25T07:15:07.056Z EMS scan for process: svchost pid: 1480, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-25T07:15:07.103Z EMS scan for process: svchost pid: 1576, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-25T07:15:07.119Z EMS scan for process: svchost pid: 1728, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-25T07:15:07.134Z EMS scan for process: svchost pid: 1792, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE81028FB, sigsha=e1892e7c1f9811e586c2639f0f322474ecdc9418, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE81028FB, sigsha=e1892e7c1f9811e586c2639f0f322474ecdc9418, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE81028FB, sigsha=e1892e7c1f9811e586c2639f0f322474ecdc9418, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE81028FB, sigsha=e1892e7c1f9811e586c2639f0f322474ecdc9418, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE81028FB, sigsha=e1892e7c1f9811e586c2639f0f322474ecdc9418, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E784E8F36, sigsha=9c2c71199eb67daef3217d11c0b3847161516e42, cached=false, source=0, resourceid=0xbcde05a0
Internal signature match:subtype=Lowfi, sigseq=0x0000157E784E8F36, sigsha=9c2c71199eb67daef3217d11c0b3847161516e42, cached=false, source=0, resourceid=0xbcde05a0
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE81028FB, sigsha=e1892e7c1f9811e586c2639f0f322474ecdc9418, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8A65BD9B, sigsha=bf1b0ec75492964ce9de6683215fc4851a0d053d, cached=false, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF3876D53, sigsha=9fffeb69876edba74cb0458bbf38d7a692ee00e4, cached=false, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED4694B36, sigsha=ea32f2782a34807403aefeaa53696ead18dc5a1f, cached=false, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE81028FB, sigsha=e1892e7c1f9811e586c2639f0f322474ecdc9418, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECDCAB20D, sigsha=2a708cccf7b10a25013c0b5951b1bcc086a137c8, cached=false, source=0, resourceid=0xcbca40f4
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECDCAB20D, sigsha=2a708cccf7b10a25013c0b5951b1bcc086a137c8, cached=false, source=0, resourceid=0xcbca40f4
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE81028FB, sigsha=e1892e7c1f9811e586c2639f0f322474ecdc9418, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE81028FB, sigsha=e1892e7c1f9811e586c2639f0f322474ecdc9418, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE81028FB, sigsha=e1892e7c1f9811e586c2639f0f322474ecdc9418, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE81028FB, sigsha=e1892e7c1f9811e586c2639f0f322474ecdc9418, cached=false, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE81028FB, sigsha=e1892e7c1f9811e586c2639f0f322474ecdc9418, cached=true, source=0, resourceid=0x1b64e05e
Internal signature match:subtype=Lowfi, sigseq=0x00000555051EE39F, sigsha=32ed9fa9f09fa8fcc70ac6a257c272ea7d24741f, cached=true, source=0, resourceid=0x39e903de
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=true, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=true, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8D9F916B, sigsha=9edc5491bdca31053e826c52a17ee491b620c077, cached=true, source=0, resourceid=0x6874ff49
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFF66D8B3, sigsha=b18ac04960b00615dd23a091347ebae4802b598c, cached=false, source=0, resourceid=0x4821cd50
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFF66D8B3, sigsha=b18ac04960b00615dd23a091347ebae4802b598c, cached=false, source=0, resourceid=0xa5e5ce73
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECB72A263, sigsha=09b8e7963e285222b7450f7c250ef1b5ef80564d, cached=true, source=0, resourceid=0xca8edb0b
Internal signature match:subtype=Lowfi, sigseq=0x000005554F5CEA63, sigsha=7c3e66a8ee931fd387af84b97c8a112dbd7a0805, cached=true, source=0, resourceid=0x3549dae9
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17A2F333, sigsha=197d0bbb032413f1a939ffe82ba5ba476892d09a, cached=true, source=0, resourceid=0x64306927
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBDB65BFD, sigsha=4b77ffd1bb179078b95f7ec38146552cf106adba, cached=true, source=0, resourceid=0x64306927
Internal signature match:subtype=Lowfi, sigseq=0x0000157E15CB4297, sigsha=3deeadc8295c01dfdcabba4c213d03aaabf89eaa, cached=true, source=0, resourceid=0x64306927
Internal signature match:subtype=Lowfi, sigseq=0x0000157E234F2300, sigsha=2e0525b8514f547c712e02a272adb35d34347222, cached=false, source=0, resourceid=0xe248dba8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E381F8229, sigsha=6b69659e67ee19a6227bb907abbe934e1558dd34, cached=true, source=0, resourceid=0x951a9356
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F9DB65D, sigsha=ef1d395f28a8508cc4a86db7a6be4c75d4addfe1, cached=true, source=0, resourceid=0x951a9356
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1861DA5B, sigsha=76249576560cd5ab321af33c62a22bb3fcb7a7aa, cached=true, source=0, resourceid=0xbd4c5b97
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8A65BD9B, sigsha=bf1b0ec75492964ce9de6683215fc4851a0d053d, cached=true, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF3876D53, sigsha=9fffeb69876edba74cb0458bbf38d7a692ee00e4, cached=true, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED4694B36, sigsha=ea32f2782a34807403aefeaa53696ead18dc5a1f, cached=true, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E234F2300, sigsha=2e0525b8514f547c712e02a272adb35d34347222, cached=false, source=0, resourceid=0xe248dba8
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC4FC4E35, sigsha=780fc713e0ea52224f8e480e6af71da30c2d0712, cached=true, source=0, resourceid=0x5fbbc9aa
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6A0AA170, sigsha=01870a328d90d0a14a72d4a70eaf848bfb74cc34, cached=false, source=0, resourceid=0x92245a84
Internal signature match:subtype=Lowfi, sigseq=0x0000157E96550BA4, sigsha=2cdfe2ad69f0ec1b447e859f09821f3887b66d47, cached=true, source=0, resourceid=0xce08b410
Internal signature match:subtype=Lowfi, sigseq=0x0000157E234F2300, sigsha=2e0525b8514f547c712e02a272adb35d34347222, cached=false, source=0, resourceid=0xe248dba8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E24EB7486, sigsha=6b889191347426627fff191c86ec6f908b23161b, cached=true, source=0, resourceid=0x59285dc6
Internal signature match:subtype=Lowfi, sigseq=0x0000157E234F2300, sigsha=2e0525b8514f547c712e02a272adb35d34347222, cached=false, source=0, resourceid=0xe248dba8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E98A01513, sigsha=ef7806d4b860b3c08806514cc19b3043411796fa, cached=false, source=0, resourceid=0xbd101bb6
Internal signature match:subtype=Lowfi, sigseq=0x0000157E87546BA4, sigsha=0cb9573acf126a103242ad7bc4492189a92a3875, cached=false, source=0, resourceid=0x1a2d6575
Internal signature match:subtype=Lowfi, sigseq=0x0000157E87546BA4, sigsha=0cb9573acf126a103242ad7bc4492189a92a3875, cached=false, source=0, resourceid=0x1a2d6575
Internal signature match:subtype=Lowfi, sigseq=0x0000157E31B92500, sigsha=77ec830a8a36bfe7b4651e213b11e7b1f7f8a3f1, cached=false, source=0, resourceid=0x78429977
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECDA0E220, sigsha=1a12f8bea17fe15443a88acb7ca7b2a7e66453ee, cached=false, source=0, resourceid=0x5c196bc9
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECC6552E1, sigsha=1e8a84109bcde56ebeecccf74c8d042db25ba22e, cached=false, source=0, resourceid=0x02ff26fc
Engine:
2023-12-25T07:15:32.304Z Setting original file name "powershell.exe" for "\\?\e:\windows\syswow64\windowspowershell\v1.0\powershell.exe", hr=0x0
Internal signature match:subtype=Lowfi, sigseq=0x0000157E20DE3423, sigsha=5c4ea0dbe9dceab983b51fc585b394502aa4866e, cached=false, source=0, resourceid=0x02ff26fc
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6C239567, sigsha=745875914289cd59add90ad192eee1d9ed5bad64, cached=false, source=0, resourceid=0x02ff26fc
Internal signature match:subtype=Lowfi, sigseq=0x0000157E23F826F2, sigsha=c9087d971869d9092267c1ba38f2133764f74f10, cached=false, source=0, resourceid=0x02ff26fc
Engine:
2023-12-25T07:15:32.319Z Setting original file name "powershell.exe" for "\\?\e:\windows\system32\windowspowershell\v1.0\powershell.exe", hr=0x0
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6A8BD63B, sigsha=1f9207f616b7840f85224d979fdcb6418188f6f4, cached=false, source=0, resourceid=0xb2fe7d82
Internal signature match:subtype=Lowfi, sigseq=0x0000157E680674BC, sigsha=e6f877f6dbc26267ff8ca3e8f3b50841b0944fdd, cached=false, source=0, resourceid=0x943bc92e
Internal signature match:subtype=Lowfi, sigseq=0x0000E5E711B2AB39, sigsha=81aa596ffe243ce47b78e77b4f9e92c4e075f336, cached=false, source=0, resourceid=0xb49f25b9
2023-12-25T07:15:58.013Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.436Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.451Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-25T07:16:19.467Z Service stop requested (ServiceError: 0x0). Calling CleanupMpService ...
2023-12-25T07:16:19.467Z On demand scan closed without completion. Current scan state: 1. ScanSource: 7, Scan flags:0x10050004. NumberOfResources:126. bRemoveFromList:1
2023-12-25T07:16:19.561Z Unloaded module#0 MpComServer.
Microsoft Antimalware (F7F4CD20-7371-4319-B1DB-6FCFC68573EC) Log
Stopped On 12-25-2023 08:16:19 (Exit Code = 0x0)
************************************************************
--------------------------------------------------------------------------------
Microsoft Antimalware (F7F4CD20-7371-4319-B1DB-6FCFC68573EC) Service Log
Started On 12-26-2023 10:55:30
************************************************************
OS install time not retrieved: hr = 0x8007000d
Current time: 12/26/2023 09:55:30.17098100 UTC (8765 ms since boot)
2023-12-26T09:55:30.008Z ProductId: 4, ProductFeature: 0, LaunchedProtected: 0, IsWcos: 0, IsContainerOs: 0
2023-12-26T09:55:30.008Z [WPP] Starting WPP trace with buffersize 4MB, maxfilesize: 16MB, filename: WdoWppTracing-20231226-105530-00000003-ffffffff.bin ...
2023-12-26T09:55:30.008Z [WPP] Trace session started - WdoWppTracing-20231226-105530-00000003-ffffffff.bin
2023-12-26T09:55:30.008Z OS Build/Branch info: 19041.1.amd64fre.vb_release.191206-1406
2023-12-26T09:55:30.008Z [PlatUpd] Service launched successfully from: E:\ProgramData\Microsoft\Windows Defender\Offline Scanner
2023-12-26T09:55:30.008Z Service is asked to be reenabled.
2023-12-26T09:55:30.008Z Task(-EnableService) launched
2023-12-26T09:55:30.024Z Loaded module#0 MpComServer.
2023-12-26T09:55:30.024Z Loading engine...
2023-12-26T09:55:30.133Z UpdateEngine start: Source: 3, szUpdateDirectory: E:\WINDOWS\Microsoft Antimalware\Definition Updates\{B452F22A-D355-4FEC-A899-D734814C6656}
2023-12-26T09:55:30.195Z Verifying engine and signature files (source: 0) ...
2023-12-26T09:55:30.227Z Verified [E:\WINDOWS\Microsoft Antimalware\Definition Updates\{108A9481-9B74-43CD-A37B-2C78869DD0B4}\mpengine.dll]
2023-12-26T09:55:30.274Z Verified [E:\WINDOWS\Microsoft Antimalware\Definition Updates\{108A9481-9B74-43CD-A37B-2C78869DD0B4}\mpasbase.vdm]
2023-12-26T09:55:30.289Z Verified [E:\WINDOWS\Microsoft Antimalware\Definition Updates\{108A9481-9B74-43CD-A37B-2C78869DD0B4}\mpasdlta.vdm]
2023-12-26T09:55:30.320Z Verified [E:\WINDOWS\Microsoft Antimalware\Definition Updates\{108A9481-9B74-43CD-A37B-2C78869DD0B4}\mpavbase.vdm]
2023-12-26T09:55:30.320Z Verified [E:\WINDOWS\Microsoft Antimalware\Definition Updates\{108A9481-9B74-43CD-A37B-2C78869DD0B4}\mpavdlta.vdm]
Database:
2023-12-26T09:55:30.367Z Can't find offline cache cache (E:\WINDOWS\Microsoft Antimalware\Scans\mpcache-4906B113ABA20E78101925AA57FFFBD065737AE8.bin): 0x00000002IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007bIDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000dIDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d
2023-12-26T09:55:33.367Z [AutoExclusion] Skipped Non-Windows 10+ Server SKUs.
Engine-HIPS:
2023-12-26T09:55:33.382Z Loaded ASR vdm rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-26T09:55:33.382Z Loaded ASR vdm rule "Block credential stealing from the Windows local security authority subsystem (lsass.exe)", State=5, Action=7, Type=1, Duplicates(Interval=144000000000, scope=0x380)
Engine-HIPS:
2023-12-26T09:55:33.382Z Loaded ASR vdm rule "Block Office applications from injecting code into other processes", State=5, Action=2, Type=24, Duplicates(Interval=144000000000, scope=0x380)
Engine-HIPS:
2023-12-26T09:55:33.382Z Loaded ASR vdm rule "Controlled folder access", State=0, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-12-26T09:55:33.382Z Loaded ASR vdm rule "Block untrusted and unsigned processes that run from USB", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-26T09:55:33.382Z Loaded ASR vdm rule "Block Adobe Reader from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-26T09:55:33.382Z Loaded ASR vdm rule "Block Office applications from creating executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-26T09:55:33.382Z Loaded ASR vdm rule "Block Webshell creation for Servers", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-12-26T09:55:33.382Z Loaded ASR vdm rule "Block Office communication application from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-26T09:55:33.382Z Loaded ASR vdm rule "Block Win32 API calls from Office macro", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-26T09:55:33.382Z Loaded ASR vdm rule "Block abuse of in-the-wild exploited vulnerable signed drivers", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-26T09:55:33.382Z Loaded ASR vdm rule "Block all Office applications from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-26T09:55:33.382Z Loaded ASR vdm rule "Use advanced protection against ransomware", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-26T09:55:33.382Z Loaded ASR vdm rule "Block Process Creations originating from PSExec & WMI commands", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-26T09:55:33.382Z Loaded ASR vdm rule "Block Launching of executable content from email attachment", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-26T09:55:33.382Z Loaded ASR vdm rule "Block JavaScript or VBScript from launching downloaded executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-26T09:55:33.382Z Loaded ASR vdm rule "Block persistence through WMI event subscription", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-26T09:55:33.382Z Loaded ASR vdm rule "Aplha Test for ASR in Audit Mode", State=5, Action=1, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-12-26T09:55:33.382Z Loaded ASR vdm rule "Block rebooting machine in Safe Mode", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2023-12-26T09:55:33.382Z Loaded ASR vdm rule "Aplha Test for ASR in Block Mode", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2023-12-26T09:55:33.382Z Loaded ASR vdm rule "Block execution of potentially obfuscated scripts", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
2023-12-26T09:55:33.382Z CSignatureStatus: back to good
2023-12-26T09:55:33.382Z [Engine] Loaded E:\WINDOWS\Microsoft Antimalware\Definition Updates\{108A9481-9B74-43CD-A37B-2C78869DD0B4}
2023-12-26T09:55:33.382Z [Engine] Removing E:\WINDOWS\Microsoft Antimalware\Definition Updates\{20EA2F05-F7B6-40A4-B5C2-AEB69B76E1D1} ...
2023-12-26T09:55:33.382Z [Engine] Removing E:\WINDOWS\Microsoft Antimalware\Definition Updates\{B452F22A-D355-4FEC-A899-D734814C6656} ...
2023-12-26T09:55:33.382Z MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0x0
Signature updated via XCopy on 12-26-2023 10:55:33
Product Version: 4.18.1907.16384
Service Version: 4.18.1909.6
Engine Version: 1.1.23110.2
AS Signature Version: 1.403.1143.0
AV Signature Version: 1.403.1143.0
************************************************************
2023-12-26T09:55:33.382Z UpdateEngine finished with 0x0: Source: 3, szUpdateDirectory: E:\WINDOWS\Microsoft Antimalware\Definition Updates\{B452F22A-D355-4FEC-A899-D734814C6656}
2023-12-26T09:55:33.398Z Engine loaded!
2023-12-26T09:55:33.398Z Verifying license file...
2023-12-26T09:55:33.398Z Verified [E:\ProgramData\Microsoft\Windows Defender\Offline Scanner\msmplics.dll]
2023-12-26T09:55:33.398Z MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0x0
Product Version: 4.18.1907.16384
Service Version: 4.18.1909.6
Engine Version: 1.1.23110.2
AS Signature Version: 1.403.1143.0
AV Signature Version: 1.403.1143.0
************************************************************
2023-12-26T09:55:34.055Z MpManagerEnable: setting DisableAS to 0 ...
2023-12-26T09:55:34.055Z MpManagerEnable: setting DisableAV to 0 ...
2023-12-26T09:55:34.055Z Scheduled scan configured CPU priority: normal (LowCpuPriority: 0)
Internal signature match:subtype=Lowfi, sigseq=0x0000108047104308, sigsha=9996b2d1a9b9239b72ae2ea763b71fb8d30def61, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E72E0FC5F, sigsha=c8ac6bd921e3aaff934d47f169f8fa933c7cd938, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA98ED284, sigsha=198c64dc1fe65d96700b19dab54b073ae7c2e8d8, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E81EA8724, sigsha=53fc5536af205e3504aa3a84b11a6c2bfcd971a6, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF6991F72, sigsha=4dbbc08281551726bd04ba902b894b4067c92230, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA1C87284, sigsha=ae3091c75d855340dcd09032a0b064daabbfb780, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000055584077371, sigsha=847de3f39cfd85a781665ee755bc7e1524def11a, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E75987DD1, sigsha=5203f971207c8794fdb268d1ef6813510570ff51, cached=false, source=0, resourceid=0x061a8663
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7F5F1E53, sigsha=32586275d8ea3e90767f14fc3098f076489b4460, cached=false, source=0, resourceid=0x061a8663
Internal signature match:subtype=Lowfi, sigseq=0x0000157EAA256900, sigsha=8c85e2d3e3a4512ae29fe872162b098ad3a940e9, cached=false, source=0, resourceid=0x47d9f1ac
Internal signature match:subtype=Lowfi, sigseq=0x0000157E373595DB, sigsha=7134d1de7c166d5c551e66a45ad5b9d48a4318f5, cached=false, source=0, resourceid=0x4b3d599f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1A6B1298, sigsha=907946ed0e88820e8ecc90b8b92efd7f17588740, cached=false, source=0, resourceid=0x4b3d599f
Internal signature match:subtype=Lowfi, sigseq=0x0000108038338C70, sigsha=5a0eb526c0a7e4bea625b6d4bde9a287b2be8881, cached=false, source=0, resourceid=0x4eff4ae0
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1823B40D, sigsha=f8a55a57db867ed0643b729a92bd32560349fdc6, cached=false, source=0, resourceid=0x19bd67c1
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECF3D6D82, sigsha=b7fea1877430e0f1535794b2e6ac9171ed72103e, cached=false, source=0, resourceid=0x45d944dc
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6CF31ED7, sigsha=16c9ffa2cc2cd082e9533ca744bfde0ae3862163, cached=false, source=0, resourceid=0x45d944dc
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6AAAF905, sigsha=c3008686fe225ea0bb4b42993834db44904aab75, cached=false, source=0, resourceid=0x304c2d6a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF39321D8, sigsha=afb744b2069eb23fedcb0869d921483594978dd1, cached=false, source=0, resourceid=0x2b69d229
Internal signature match:subtype=Lowfi, sigseq=0x0000157EAA256900, sigsha=8c85e2d3e3a4512ae29fe872162b098ad3a940e9, cached=false, source=0, resourceid=0xbbd29c6b
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF4A10AA3, sigsha=ebc205b1dcf8711a7f4f504cd9a0964d1bdaaa3e, cached=false, source=0, resourceid=0x94b6b781
Internal signature match:subtype=Lowfi, sigseq=0x0000157E10C1C746, sigsha=019f03075a479354e96a31b18ad06502ca1f5fdb, cached=false, source=0, resourceid=0x01fe7779
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA80D2120, sigsha=b325ffa4c13b81bc63c0ea8d8b5653f8a184d350, cached=false, source=0, resourceid=0x01fe7779
Internal signature match:subtype=Lowfi, sigseq=0x0000157E28CB2F9C, sigsha=af5a1ecfc8c830029a447082ac851971adc12ef2, cached=false, source=0, resourceid=0x3b77cfaf
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC3B36C98, sigsha=978f333ac4c8da50a64b989d3dce52a5556ea233, cached=false, source=0, resourceid=0xeea5e8c2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17D80484, sigsha=112401fd3d9456ef10091a40f6dee0e347a921e0, cached=false, source=0, resourceid=0x581327ea
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7F21CFF6, sigsha=6c96e7216c7f1c4a5c9a561f96ae969f4e3c9db9, cached=false, source=0, resourceid=0x2aced492
Internal signature match:subtype=Lowfi, sigseq=0x0000157E90573C0C, sigsha=b60c1ad184fbcba8c2a993fe3a6ef0097ac7e37e, cached=false, source=0, resourceid=0x4ad065d3
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECC841817, sigsha=e0711b33d07f7208d418b8403c3a38072fc987ff, cached=false, source=0, resourceid=0x4ad065d3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E63932B80, sigsha=2d53ae41a039f458bf9f8c127e3e53fd412f055b, cached=false, source=0, resourceid=0x4fa8d9f2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E42057F1F, sigsha=5d27ebdaaf11c6a160a56c2c74b09fc2f7d21533, cached=false, source=0, resourceid=0x2c29a686
Internal signature match:subtype=Lowfi, sigseq=0x00001080D57D7425, sigsha=d9defd114ccdff269ad2ac7a0e1ff23d773d1bb5, cached=false, source=0, resourceid=0x9a16eb9c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7B58790A, sigsha=1f77b7c50f47fdac1563861a7754cc8a7fab13d4, cached=false, source=0, resourceid=0xb3da6636
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF04C668D, sigsha=312df6799c797662143b39147807bf25b8e50e94, cached=false, source=0, resourceid=0x5fc40294
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA7E2F426, sigsha=e65af26a0ef871646c766f6234925e193496f4f1, cached=false, source=0, resourceid=0xbc1705de
Internal signature match:subtype=Lowfi, sigseq=0x00000555051EE39F, sigsha=32ed9fa9f09fa8fcc70ac6a257c272ea7d24741f, cached=false, source=0, resourceid=0x39e903de
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9FFF7E88, sigsha=f3ff9e037920266c82e8cd27d13af4bb9bf082d8, cached=false, source=0, resourceid=0x59ff5552
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB57753C6, sigsha=17a3663ab1f1a6646eeb54cd914c4f64477f52e4, cached=false, source=0, resourceid=0x03b5a549
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7021DCD9, sigsha=c77355234b33cd3f6903e22be66fe9eccd47bd5d, cached=false, source=0, resourceid=0x45f2c86b
Internal signature match:subtype=Lowfi, sigseq=0x0000157E818FBA92, sigsha=2a8e494e41239377fad0997ef169c3e5fc039681, cached=false, source=0, resourceid=0x3c1028bb
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8C699E5A, sigsha=0eadd334b61db98a714ae7988da91c50ef919ba6, cached=false, source=0, resourceid=0x4016ae46
Internal signature match:subtype=Lowfi, sigseq=0x0000157E19157510, sigsha=d5f33c4825ced992acd4de32341b20155c26826a, cached=false, source=0, resourceid=0xa52da639
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE2535440, sigsha=9e8272d15166f1ac6bd0d7d17a48f62b9d9754c0, cached=false, source=0, resourceid=0xbbaa1503
Internal signature match:subtype=Lowfi, sigseq=0x0000157E24EB7486, sigsha=6b889191347426627fff191c86ec6f908b23161b, cached=false, source=0, resourceid=0x59285dc6
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF504A3A9, sigsha=8818296d48fe68b215bd8183c3c0ae8afb70a38b, cached=false, source=0, resourceid=0x108bbfc7
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF3D28AAC, sigsha=f710c89645f9cae691af57ceaa35f736887e7564, cached=false, source=0, resourceid=0x108bbfc7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E4A7BB2E7, sigsha=e9933cb6c6f750caa0cffffb9311f3c07c4b9c56, cached=false, source=0, resourceid=0x108bbfc7
Internal signature match:subtype=Lowfi, sigseq=0x0000055535762188, sigsha=a096cfdc0cffaee63d5665ba7fe2661a0d001cd0, cached=false, source=0, resourceid=0x5448cbce
Internal signature match:subtype=Lowfi, sigseq=0x0000055543D5839C, sigsha=acf86560bd9a1f7114b23fc30df95ef5545c0f94, cached=false, source=0, resourceid=0x1226cea7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E3C2D24A4, sigsha=4b72c4f248c845fc31a403e524501a9251ece9f6, cached=false, source=0, resourceid=0xb60a192f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE70F6EDF, sigsha=9bb47b7f7f92e8a054071075078091aecc68d0e3, cached=false, source=0, resourceid=0xb60a192f
Internal signature match:subtype=Lowfi, sigseq=0x000005556D2204AA, sigsha=017069df02e1a59877c9ed0002348ab264d4fe60, cached=false, source=0, resourceid=0xa2a709fd
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFF3A016E, sigsha=6343e5fab400bec5c8ee0b85c6225b5014fba50d, cached=false, source=0, resourceid=0xd4c9ce37
Internal signature match:subtype=Lowfi, sigseq=0x0000108047104308, sigsha=9996b2d1a9b9239b72ae2ea763b71fb8d30def61, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF6991F72, sigsha=4dbbc08281551726bd04ba902b894b4067c92230, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA1C87284, sigsha=ae3091c75d855340dcd09032a0b064daabbfb780, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000055584077371, sigsha=847de3f39cfd85a781665ee755bc7e1524def11a, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1579F408, sigsha=56687528b0453cf81c24cd472191333b40d699d3, cached=false, source=0, resourceid=0x9983ec63
Internal signature match:subtype=Lowfi, sigseq=0x0000157E75987DD1, sigsha=5203f971207c8794fdb268d1ef6813510570ff51, cached=false, source=0, resourceid=0x061a8663
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7F5F1E53, sigsha=32586275d8ea3e90767f14fc3098f076489b4460, cached=false, source=0, resourceid=0x061a8663
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC3BA1CB5, sigsha=d8863d26e259b695ea42ffbd063539eb4f03c352, cached=false, source=0, resourceid=0xd6f484f9
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF1452904, sigsha=d3e5e75dd5cd020b11274b5aa085ee7f2f16260e, cached=false, source=0, resourceid=0xd6f484f9
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE360FF2, sigsha=e65bc491bb0bc0ed271fcd72e0bb399aa91d6939, cached=false, source=0, resourceid=0xdf70f478
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CE47BA0, sigsha=78948503ea5e04b58b1e9fc7d0f14cfeb94fa3ee, cached=false, source=0, resourceid=0xdf70f478
Internal signature match:subtype=Lowfi, sigseq=0x0000157E05446831, sigsha=5bb8aa155a43deb5285ae3efeaf65bc6003bffad, cached=false, source=0, resourceid=0xdf70f478
Internal signature match:subtype=Lowfi, sigseq=0x0000157E19881DD0, sigsha=f02cc3fa251dc5c0d58a0f43387f763305b9cdd4, cached=false, source=0, resourceid=0xdf70f478
Internal signature match:subtype=Lowfi, sigseq=0x0000157E07C92DEB, sigsha=bc21176c0efe7ea48c495e45b8ae31bd830288ba, cached=false, source=0, resourceid=0xdf70f478
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1851F6F0, sigsha=347191cc63939eb11174f62ea8cf9ff25e119e4b, cached=false, source=0, resourceid=0x9caced11
Internal signature match:subtype=Lowfi, sigseq=0x0000157E25878D8B, sigsha=86062c71080e37753c3921ca74e99b1c896d5ddf, cached=false, source=0, resourceid=0x9caced11
Internal signature match:subtype=Lowfi, sigseq=0x0000157E21A9C807, sigsha=425dad1a99cb275e076d3f1889503c011cbc8ad0, cached=false, source=0, resourceid=0x9caced11
Internal signature match:subtype=Lowfi, sigseq=0x0000157E53985E94, sigsha=62109f448d77cdceadad40b1f1bfc44170ffbe34, cached=false, source=0, resourceid=0x89f0fe41
Internal signature match:subtype=Lowfi, sigseq=0x0000157E50A591FE, sigsha=c26d87d8e9b133cfdfe761581629883738ea8128, cached=false, source=0, resourceid=0xbc8a9aeb
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC4FC4E35, sigsha=780fc713e0ea52224f8e480e6af71da30c2d0712, cached=false, source=0, resourceid=0x5fbbc9aa
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7C18D1AB, sigsha=37b9385e670e39275ebe9230032ae7df0b35054c, cached=false, source=0, resourceid=0x90410ea5
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7C18D1AB, sigsha=37b9385e670e39275ebe9230032ae7df0b35054c, cached=false, source=0, resourceid=0x2189618e
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE2DAFFDE, sigsha=795ab76c6f26b99ca01999b735330d6ac381946d, cached=false, source=0, resourceid=0xbe0695b2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E081657CF, sigsha=2bee3862ce601f666f825e70ac66eb7f3af29b59, cached=false, source=0, resourceid=0xbe0695b2
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFBE10215, sigsha=157a4fb1e9b45247a7bc8ede893b9c4391485faf, cached=false, source=0, resourceid=0x7f604d08
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1000E17, sigsha=8f6d8fbdf991962cf3774f437df054d8a7aa0083, cached=false, source=0, resourceid=0x602f17a4
Internal signature match:subtype=Lowfi, sigseq=0x0000157E52DDCDEA, sigsha=3b93f1803b49ef19e78cdb5b0eb394ac1d5f5f58, cached=false, source=0, resourceid=0x267cc814
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECED57273, sigsha=f96f441e2b6c6c3a6f5452714e2e8120c9f5e1a5, cached=false, source=0, resourceid=0x267cc814
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC585F892, sigsha=36d010877ce912abaced621d81e4ed82d0441069, cached=false, source=0, resourceid=0x3bc48288
Internal signature match:subtype=Lowfi, sigseq=0x0000157E4CB91A4D, sigsha=d7fd7bd446683d7e47590b9c811ab46b0493ee04, cached=false, source=0, resourceid=0x3bc48288
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDA4B15A0, sigsha=e4b7dc6b70a64b656ee8c47783902b911e2a41fb, cached=false, source=0, resourceid=0xad53dc69
Internal signature match:subtype=Lowfi, sigseq=0x0000157E41022000, sigsha=dd6f915577c609379e5a43322c44830cba22db05, cached=false, source=0, resourceid=0xcfcc4023
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC7C05CE6, sigsha=8633861b30ffa01d5c0143c88b07d2786f5f8e02, cached=false, source=0, resourceid=0x48e8e4d3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF5E1236E, sigsha=a615184d2a51ef4c793a55d4236b775907df7ba5, cached=false, source=0, resourceid=0x092d3402
Internal signature match:subtype=Lowfi, sigseq=0x0000157E2A1F1565, sigsha=b1d4bfa0e3fca8ab799702a7c40c2bd5bce78559, cached=false, source=0, resourceid=0x9723640c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8390134B, sigsha=2a38d0982d7ce1d485cbf8e06ad1d2ba76022e52, cached=false, source=0, resourceid=0x9723640c
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBCA134AE, sigsha=4ef97bb95078f1ebdfe7fa58e34d444ba9eb226c, cached=false, source=0, resourceid=0xb4124f31
2023-12-26T09:56:30.012Z Process scan (postsignatureupdatescan) started.
2023-12-26T09:56:30.106Z Process scan (postsignatureupdatescan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x0000157E5B5D193E, sigsha=758ee08a1d4cd63aa1c79b433952f3b5fede1b03, cached=false, source=0, resourceid=0x921aa069
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6C8FBB73, sigsha=4e5449665be53f5d030169f56a21964a27847b5a, cached=false, source=0, resourceid=0x9cc6f55f
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED252391F, sigsha=cf54332356751ee0ef4d758d1d3633544e7d38e6, cached=false, source=0, resourceid=0x9cc6f55f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDCF1F916, sigsha=d3bd9b5c0810fa36babc76add4c96861ded8f4c0, cached=false, source=0, resourceid=0x9bebd375
Internal signature match:subtype=Lowfi, sigseq=0x0000157E29093ED1, sigsha=b1345f389d9dd6d5e7b7131a92d32548ec209dfe, cached=false, source=0, resourceid=0x97e4f5a1
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7613972F, sigsha=29107c2cd590d8fcbdcff703d82e67caaf58392a, cached=false, source=0, resourceid=0xd3cbf888
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6EBF6E74, sigsha=2cd68840fb06648936d31e6431deea57a25bfd34, cached=false, source=0, resourceid=0x06313dde
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0CE8C54C, sigsha=9da2eda987d787aba801d34e17068fc19ff865e8, cached=false, source=0, resourceid=0x06313dde
Internal signature match:subtype=Lowfi, sigseq=0x0000157E2545CFEA, sigsha=cfa4428e86d61ce7f330a2a9c12f0d72a16af17a, cached=false, source=0, resourceid=0xfd6ed15a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EEC3031B1, sigsha=484ff45b062a05fdfd2aed0ab50162f3c2f98bea, cached=false, source=0, resourceid=0x37222bc5
Internal signature match:subtype=Lowfi, sigseq=0x0000157E3C6316A9, sigsha=2892c42e2d6a3ecc1c0167aecf12ffbc0b41a89f, cached=false, source=0, resourceid=0x5cd19f7a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E784E8F36, sigsha=9c2c71199eb67daef3217d11c0b3847161516e42, cached=false, source=0, resourceid=0xbcde05a0
Internal signature match:subtype=Lowfi, sigseq=0x0000157EADD83950, sigsha=64812731acbc5147b58095d16c2ecb42bda958b0, cached=false, source=0, resourceid=0xf6522ae7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E80A87E5F, sigsha=1e183491c8b128db444b9b47751758ecdd88ad59, cached=false, source=0, resourceid=0xf6522ae7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E2EEC5699, sigsha=b7658bcb5973db1b2c2409226306fb43b991cc00, cached=false, source=0, resourceid=0xbcc178b3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF67812C2, sigsha=62a88aae4f5d71b5ece2555c32bd4446ba61e332, cached=false, source=0, resourceid=0xbd67c249
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB65F9477, sigsha=87218037858ff0f58f98ef47742d95c800b08e2a, cached=false, source=0, resourceid=0x0e44109d
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECFA32B71, sigsha=d9939e85fcc1f85f946c88d8bfa63917afaf7a6c, cached=false, source=0, resourceid=0x0e44109d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E99E3BA31, sigsha=49685e05d32c810e922d4a4fd098ae13f536b38a, cached=false, source=0, resourceid=0x4b5c44ca
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8C53DA0B, sigsha=7242748e36528e6a9ff399a0bee5659ce323c08e, cached=false, source=0, resourceid=0x01d48c94
Internal signature match:subtype=Lowfi, sigseq=0x0000157E96550BA4, sigsha=2cdfe2ad69f0ec1b447e859f09821f3887b66d47, cached=false, source=0, resourceid=0xce08b410
Internal signature match:subtype=Lowfi, sigseq=0x0000157E52B66EE9, sigsha=dab5c574feea4f65263233e32d78c4bc7aa8ac30, cached=false, source=0, resourceid=0x529eb125
Internal signature match:subtype=Lowfi, sigseq=0x0000157E77CC48D3, sigsha=9ac199d9586d1ee62005d79004d87b0c5f53a89b, cached=false, source=0, resourceid=0x7a75acb4
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED3D80F25, sigsha=6c378478f60c04ce21270d3b83b51a622efcf8cf, cached=false, source=0, resourceid=0x48e6d72c
Internal signature match:subtype=Lowfi, sigseq=0x0000157EAFABE74A, sigsha=fd10ca36afc9e6d4399c07dd41dbf09dde1e5236, cached=false, source=0, resourceid=0x6f0f64fd
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB4FFAF59, sigsha=3f54dca11321da2b3091e56839ae59c425e546fd, cached=false, source=0, resourceid=0x671ef7e7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0E6D36B0, sigsha=05ab065ef233a5959941b7d1fd5a931b256dea2c, cached=false, source=0, resourceid=0x6b849e21
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7B6B53F9, sigsha=c39a90ed2e8c36037ac27e13e43d00d7831ddf18, cached=false, source=0, resourceid=0x6b849e21
Internal signature match:subtype=Lowfi, sigseq=0x0000157E36EF3D27, sigsha=38689ccbd37599eebe372762677321fd41b92c2c, cached=false, source=0, resourceid=0x09e176ed
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8EE7E0D6, sigsha=f5f19c4c3eee6f2cd8ac0ab91104113b2c86d875, cached=false, source=0, resourceid=0xddae17d4
Internal signature match:subtype=Lowfi, sigseq=0x0000157EED97B59B, sigsha=f98bb8b2042f4c308aadb6a020bb05f6ed6c7ba4, cached=false, source=0, resourceid=0xddae17d4
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECDD91E00, sigsha=462f50f79e320d0b4a41514db5ee9db0575032f9, cached=false, source=0, resourceid=0xddae17d4
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB66F9C5A, sigsha=e520dcc80f04af8a1ef85a9cee017f019f07eed0, cached=false, source=0, resourceid=0xddae17d4
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBB555217, sigsha=4941dea67859c78948a13f18043245dc5af7d4ec, cached=false, source=0, resourceid=0x9cfd085c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45FA8CCF, sigsha=6b1ec3b2277b9425f1bc05d5e47226e474f44a37, cached=false, source=0, resourceid=0x851bd22e
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFFD01EE2, sigsha=eb9bac5b900f344b6fbb364e75063bbcda662881, cached=false, source=0, resourceid=0xc0c15512
Internal signature match:subtype=Lowfi, sigseq=0x0000157E3BC59A75, sigsha=d77e7a09dbd2352dfe79a01da5e9444706523a3c, cached=false, source=0, resourceid=0xc0c15512
Internal signature match:subtype=Lowfi, sigseq=0x0000157E95EB6C11, sigsha=0025d7ed432e84a93695cb044ab0591c32888ebc, cached=false, source=0, resourceid=0xc0c15512
Internal signature match:subtype=Lowfi, sigseq=0x0000157E448CC829, sigsha=a10bca41f8c18e9126949189f40362dcc673e933, cached=false, source=0, resourceid=0xc0c15512
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA6C259FE, sigsha=07a8f4f746018b937b24427b3de46e041ba86214, cached=false, source=0, resourceid=0xebc004c2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6ABE6509, sigsha=850e15aa71b6d5147b3df6c73e981c6ed13c19d1, cached=false, source=0, resourceid=0x79feb6ee
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1F886129, sigsha=2a2f2b83725627095887fafe185252be427b8226, cached=false, source=0, resourceid=0x29dcbabf
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8A052AAD, sigsha=6964409e734f6ba5c267cbb057b75b183a52cd03, cached=false, source=0, resourceid=0x9663dd4f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E64836C36, sigsha=2a2b956ace7677eb49a904f4a1dc92fcecdd857f, cached=false, source=0, resourceid=0xda270a39
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6D2C3632, sigsha=bc336a0ba4dacf81d5ec3f04e1f03bedaf561566, cached=false, source=0, resourceid=0x5c0667ef
Internal signature match:subtype=Lowfi, sigseq=0x0000157E504F3F20, sigsha=8c20f99b27c690a3bdf9f2c60015dd89568e7096, cached=false, source=0, resourceid=0x4fcfa563
Internal signature match:subtype=Lowfi, sigseq=0x0000157E77C87D63, sigsha=0804f357827c8ef4f53ed4b1857ef52172ea7424, cached=false, source=0, resourceid=0x4fcfa563
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17A2F333, sigsha=197d0bbb032413f1a939ffe82ba5ba476892d09a, cached=false, source=0, resourceid=0x64306927
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBDB65BFD, sigsha=4b77ffd1bb179078b95f7ec38146552cf106adba, cached=false, source=0, resourceid=0x64306927
Internal signature match:subtype=Lowfi, sigseq=0x0000157E15CB4297, sigsha=3deeadc8295c01dfdcabba4c213d03aaabf89eaa, cached=false, source=0, resourceid=0x64306927
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF8F62633, sigsha=3a78373c34600aa8ce79bc30c660ca7c991006f6, cached=false, source=0, resourceid=0xd6920f71
Internal signature match:subtype=Lowfi, sigseq=0x000005557C2D48EC, sigsha=78ef4afb6da9ceba3d94e1924d1ce7fea9196cc0, cached=false, source=0, resourceid=0x1c7d0003
Internal signature match:subtype=Lowfi, sigseq=0x0000157E4FCA60FD, sigsha=100d3ab52fb496b7368a160dd4e5384269416a46, cached=false, source=0, resourceid=0x1c7d0003
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB81A8B9C, sigsha=dd61d97fe04e69f02406e046d5f1ec4d3fb4c986, cached=false, source=0, resourceid=0x1c7d0003
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDF1859DE, sigsha=40c3a759f89e1551f6569dea8bcfb628fcac516b, cached=false, source=0, resourceid=0xe95114cd
Internal signature match:subtype=Lowfi, sigseq=0x0000157E300CD560, sigsha=52f626168fb9d4518762da5a8f42fe69393434ef, cached=false, source=0, resourceid=0xe95114cd
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1861DA5B, sigsha=76249576560cd5ab321af33c62a22bb3fcb7a7aa, cached=false, source=0, resourceid=0xbd4c5b97
Internal signature match:subtype=Lowfi, sigseq=0x0000157E31619201, sigsha=b9467c748ff8389e24df567db7926489410f4a7f, cached=false, source=0, resourceid=0xe8010bd2
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC72B6420, sigsha=3f6da0b4d4d024efc07c6ecba9357f029873a3aa, cached=false, source=0, resourceid=0xe8010bd2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E36E6F30E, sigsha=c965363c18a6183f679bbf60b62d4ee15f2b8eb1, cached=false, source=0, resourceid=0xe8010bd2
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC1966D40, sigsha=a1fc08bf8eff3ca354961a0d8591ea96170f346f, cached=false, source=0, resourceid=0x94cf0285
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDE4AA0A4, sigsha=55f2464f462ae0e05b5263d888cf90e9b88353a2, cached=false, source=0, resourceid=0xabda414e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8D9F916B, sigsha=9edc5491bdca31053e826c52a17ee491b620c077, cached=false, source=0, resourceid=0x6874ff49
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0C4E9B58, sigsha=de997c447f616102b87a98851e54cd5b71b85c2d, cached=false, source=0, resourceid=0xe9912485
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBEDE7A0E, sigsha=336e7f8e1408c508a8fadc5c9403874aaeb4dc03, cached=false, source=0, resourceid=0xe9912485
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED7A2B5C6, sigsha=cb44b508fa5918cb908c161a2d83d0ce006445ec, cached=false, source=0, resourceid=0xe95d689d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1FADD701, sigsha=edfebed220167445f52b7a4ee7ae35e4407cf263, cached=false, source=0, resourceid=0xe95d689d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0860CE5A, sigsha=21c30290072702f4f4fd32e7f7a5a31f6d816e1d, cached=false, source=0, resourceid=0x8e95a493
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9607E046, sigsha=ac2c83b4e1fc9c2d3fbdf0a25159e9339baa5820, cached=false, source=0, resourceid=0x9680057e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6C6B5A85, sigsha=5fc5d13d43ca14154d4cd173923a92ddb4770917, cached=false, source=0, resourceid=0xe3b312a7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E80539659, sigsha=940421ffc9d137e8d36126ce64c2a11b2a0054b7, cached=false, source=0, resourceid=0x93f8b95f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E54645BFE, sigsha=0e8f25c15a9d07e93a250fca6602de8c875d6827, cached=false, source=0, resourceid=0x93f8b95f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDFC4CCE4, sigsha=b6fe0442434a9c5cd2018c63a70333a710089af3, cached=false, source=0, resourceid=0x93f8b95f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBF0C7B71, sigsha=23a9b9cd3cd596d6987b9083acb607f26b0ca07f, cached=false, source=0, resourceid=0x93f8b95f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E01D1F404, sigsha=5109d3e15063dfdcf46ebd8792ddf2397f3dfbdf, cached=false, source=0, resourceid=0x32467e9a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E2C607C2A, sigsha=2495838352ec93d90c7fb910f7eb11292d1d0a35, cached=false, source=0, resourceid=0x32467e9a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBABF6B6B, sigsha=5e7cafc29da9e7cf4fb47d0f48bd324fe6572af7, cached=false, source=0, resourceid=0x32467e9a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7B79221F, sigsha=a0bfe47c8c35f3ce2923ff89e84270f8d5d2997f, cached=false, source=0, resourceid=0xe5c1199a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E4F80D3C4, sigsha=3675b32e15cbdbbf86f3dfc37306a6791ef71b67, cached=false, source=0, resourceid=0xe5c1199a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EEBE91063, sigsha=83e8f053030253b39c1955d871e6c3e7ebfc69ba, cached=false, source=0, resourceid=0xe5c1199a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA03418DE, sigsha=25df34e10846b31ec4d919da046e69849c4d4cf8, cached=false, source=0, resourceid=0xc0e8e6e2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E23440CDD, sigsha=4b30dcea1ef596d4290683cdb070ea93f9e8585f, cached=false, source=0, resourceid=0xc0e8e6e2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E50CBF294, sigsha=d29c2b6df47ec3bb15e20663b4eaefc029b10df2, cached=false, source=0, resourceid=0x3b7ff202
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE324C7C6, sigsha=845c70a26c55db8c1a85d40d24cfb71689cd711e, cached=false, source=0, resourceid=0x3b7ff202
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9C8408BD, sigsha=a9006c9616a535e97705ab9acfcaccfa2a68d9d4, cached=false, source=0, resourceid=0x3b7ff202
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC64F0990, sigsha=83fbf5f83f1209bc3b08917aacb72c867f5bc626, cached=false, source=0, resourceid=0x0d49fbb9
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8DADEF34, sigsha=3b78bb042c921bec7822b985bfc4ece7a4218507, cached=false, source=0, resourceid=0x3fb959c4
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7C3914CB, sigsha=0e9345700b4997be1c09d6802235906f8eed8af1, cached=false, source=0, resourceid=0x3fb959c4
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED5EDF236, sigsha=68fef7deb0759454251e8eb0ba62facb238e1df8, cached=false, source=0, resourceid=0x3fb959c4
Internal signature match:subtype=Lowfi, sigseq=0x0000157E40EA99B8, sigsha=41e227281c456c39f5605dad01ba4c6521b8e935, cached=false, source=0, resourceid=0x8aebd00c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E50F5E787, sigsha=c72a2dabd50d2900062cdd3a989635f154b2be43, cached=false, source=0, resourceid=0xb216bf8d
Internal signature match:subtype=Lowfi, sigseq=0x0000157EAE9CE044, sigsha=bfc112bd0e84e690ead01ee09b2bcfa732921457, cached=false, source=0, resourceid=0x89700454
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1D7AAAC3, sigsha=7adebcfd5966025550a9642ade7ca2f8d92c8d81, cached=false, source=0, resourceid=0x568d9245
Internal signature match:subtype=Lowfi, sigseq=0x0000157E68CCE934, sigsha=90b11ec3b80746e4c4e6be88de043ba3c051fcff, cached=false, source=0, resourceid=0x292e72bf
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBBDCABA6, sigsha=e60d39ce1889903152f9577a5ecf8413eb86d6a3, cached=false, source=0, resourceid=0x3c54d026
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB7911C94, sigsha=4e63109a20f27c1f5740e5d9d42259c226fccd6e, cached=false, source=0, resourceid=0xd93f0580
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8FA78A5B, sigsha=d30728dc715f058180ede16e41ae845ccb284899, cached=false, source=0, resourceid=0xa7731802
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8A65BD9B, sigsha=bf1b0ec75492964ce9de6683215fc4851a0d053d, cached=false, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF3876D53, sigsha=9fffeb69876edba74cb0458bbf38d7a692ee00e4, cached=false, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED4694B36, sigsha=ea32f2782a34807403aefeaa53696ead18dc5a1f, cached=false, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECB72A263, sigsha=09b8e7963e285222b7450f7c250ef1b5ef80564d, cached=false, source=0, resourceid=0xca8edb0b
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC9084EC4, sigsha=2990c85733cbbd511c621da8e5d35982b041b21c, cached=false, source=0, resourceid=0x0ab27e26
Internal signature match:subtype=Lowfi, sigseq=0x0000157E3F069102, sigsha=6ad108220fc1bc3b436774f93d8c9f15dc51d235, cached=false, source=0, resourceid=0xf78a5123
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE14DBAC1, sigsha=f3fdf442f77c04493938d10184f2c369cfc14e03, cached=false, source=0, resourceid=0xb87824e7
Internal signature match:subtype=Lowfi, sigseq=0x0000157EEA98343F, sigsha=9293941b8a9a7f2c1d31d32dd9b2abe121621d75, cached=false, source=0, resourceid=0xb87824e7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E72DFF324, sigsha=d0414e2ede0e718a47b4ec630b68f3046408692d, cached=false, source=0, resourceid=0x989eddd1
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFECFC92A, sigsha=7b453cffbb5340840a553c82ce1da962a9d89dd8, cached=false, source=0, resourceid=0x4fe75798
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF0723F8A, sigsha=b95f96e1381af73ec53851980a6da344795d5d9a, cached=false, source=0, resourceid=0x4fe75798
Internal signature match:subtype=Lowfi, sigseq=0x0000157E271120E8, sigsha=7fa98c1501da12096ed4926c631dbe2cd232ae0b, cached=false, source=0, resourceid=0xbf96d13f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE00DBBD4, sigsha=a33dd9ee184d03d759c4834b5d80f45af51899c4, cached=false, source=0, resourceid=0xeabb8ef3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E491C304B, sigsha=92df020002d1b5985981453b351af2c12ac04ea7, cached=false, source=0, resourceid=0x0adb907b
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA6A629FE, sigsha=9ea7bc16d137466f1f8ac86dfe068180c87c46b6, cached=false, source=0, resourceid=0xbc26e6a0
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7699BAE7, sigsha=c56efc63c0efed7d951022aa0a9f30ea7446e3ec, cached=false, source=0, resourceid=0xbc26e6a0
Internal signature match:subtype=Lowfi, sigseq=0x0000157E717B3D0D, sigsha=1ecab1ed5f55fce743fd99a004804b3d285127d5, cached=false, source=0, resourceid=0x9b4328c6
Internal signature match:subtype=Lowfi, sigseq=0x0000157E5AC8BA51, sigsha=22e8ba2ed3bead4a57f4ce7aa821216910655a85, cached=false, source=0, resourceid=0x9b4328c6
Internal signature match:subtype=Lowfi, sigseq=0x0000157EEA93D3A5, sigsha=73dc700b8ce266eedfd9a6a2f1c2bfaa5bd059e2, cached=false, source=0, resourceid=0xf3a56d0b
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8BB73A51, sigsha=ba56edacec258427c065e816c0b1706d7f29dae8, cached=false, source=0, resourceid=0xf3a56d0b
Internal signature match:subtype=Lowfi, sigseq=0x0000157E015C5829, sigsha=40fc7a092e9428695e2707762c328f8324160f20, cached=false, source=0, resourceid=0xf3a56d0b
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECA404F30, sigsha=786e2618d76255efb340cc469e50f5b9f12f2c1c, cached=false, source=0, resourceid=0xf3a56d0b
Internal signature match:subtype=Lowfi, sigseq=0x0000157E94DED2E8, sigsha=99031b1286f829e82d7cb6be9912f78e368d4d1f, cached=false, source=0, resourceid=0x99a4deda
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6F698215, sigsha=11422559a02d4d507e69ab099e3db5a6d8abdae4, cached=false, source=0, resourceid=0x99a4deda
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0E33A2CE, sigsha=e88f10ef8748567e241abf7644608c2548f6046e, cached=false, source=0, resourceid=0x9bd94ac8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E2A92A82D, sigsha=7925237a1fd78f9f1d43da1d7dbf43d85c0cce07, cached=false, source=0, resourceid=0xeecc439b
Internal signature match:subtype=Lowfi, sigseq=0x0000157E19EF72EE, sigsha=80554e5452aa28dd5f631d8a33bc39f5312681e2, cached=false, source=0, resourceid=0xb95c2a2b
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC295BC64, sigsha=1e0a68fa4f8a019ab47ecac6ce2c81e4acd63da9, cached=false, source=0, resourceid=0xa2542260
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB7845401, sigsha=b1af1768c26a771bcdfb1f6806184ba01ec55776, cached=false, source=0, resourceid=0x137e533a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E5BD04216, sigsha=a4b75c8974bbc09235256789ad314ac674ab08b7, cached=false, source=0, resourceid=0x9baf4033
Internal signature match:subtype=Lowfi, sigseq=0x0000157E802C27F5, sigsha=7212728b1450a196caaf9060f92e492f29840ced, cached=false, source=0, resourceid=0x9baf4033
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8E7C868D, sigsha=06e69f38615b78c45ca21c180b28eaf118ab17e7, cached=false, source=0, resourceid=0x44aad78c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E868AC6D0, sigsha=685884dada01c46d1351366f4a676fd1d62cc4bf, cached=false, source=0, resourceid=0x44aad78c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E373595DB, sigsha=7134d1de7c166d5c551e66a45ad5b9d48a4318f5, cached=false, source=0, resourceid=0x4b3d599f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1A6B1298, sigsha=907946ed0e88820e8ecc90b8b92efd7f17588740, cached=false, source=0, resourceid=0x4b3d599f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E506CE516, sigsha=dd405d3050821718aa505cb76f4e865d0b5cba3b, cached=false, source=0, resourceid=0x9e6ab5de
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECDCAB20D, sigsha=2a708cccf7b10a25013c0b5951b1bcc086a137c8, cached=false, source=0, resourceid=0xcbca40f4
Internal signature match:subtype=Lowfi, sigseq=0x0000157E27A471C3, sigsha=c699368d1c7dab5e0640adffde320483a20661dc, cached=false, source=0, resourceid=0x0653da7a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB47F9CE5, sigsha=1c7facf1f461c9b7d57e2eec57ff1218af24c228, cached=false, source=0, resourceid=0x0653da7a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E381F8229, sigsha=6b69659e67ee19a6227bb907abbe934e1558dd34, cached=false, source=0, resourceid=0x951a9356
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F9DB65D, sigsha=ef1d395f28a8508cc4a86db7a6be4c75d4addfe1, cached=false, source=0, resourceid=0x951a9356
Internal signature match:subtype=Lowfi, sigseq=0x00000555574674B7, sigsha=796cba459717a994ff7a2b43967c004bdf664ec2, cached=false, source=0, resourceid=0x46f5794e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9811E782, sigsha=090007f25b487a8ca5514aea6ac732ec5083041e, cached=false, source=0, resourceid=0xb981b441
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0x3b3b261e
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0x3b3b261e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E005DA543, sigsha=3e2e34675cc074d01560f8991095334b8538353b, cached=false, source=0, resourceid=0x3b3b261e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0xd847c09c
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0xd847c09c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E005DA543, sigsha=3e2e34675cc074d01560f8991095334b8538353b, cached=false, source=0, resourceid=0xd847c09c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0xb408b576
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0xb408b576
Internal signature match:subtype=Lowfi, sigseq=0x0000157E005DA543, sigsha=3e2e34675cc074d01560f8991095334b8538353b, cached=false, source=0, resourceid=0xb408b576
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0xc4fd9959
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0xc4fd9959
Internal signature match:subtype=Lowfi, sigseq=0x0000157E005DA543, sigsha=3e2e34675cc074d01560f8991095334b8538353b, cached=false, source=0, resourceid=0xc4fd9959
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0xfb4d8457
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0xfb4d8457
Internal signature match:subtype=Lowfi, sigseq=0x0000157E005DA543, sigsha=3e2e34675cc074d01560f8991095334b8538353b, cached=false, source=0, resourceid=0xfb4d8457
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1DCEA0FA, sigsha=39f5a4dcdb880071367349b1af26e3b426375df2, cached=false, source=0, resourceid=0xe9c6c3c0
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFE48DBC3, sigsha=911645be181c539754c16eeac1a7f0e206424e13, cached=false, source=0, resourceid=0xe9c6c3c0
Internal signature match:subtype=Lowfi, sigseq=0x0000157E005DA543, sigsha=3e2e34675cc074d01560f8991095334b8538353b, cached=false, source=0, resourceid=0xe9c6c3c0
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED757ABE0, sigsha=52eacf11e585c636264287f53d8eca865fa79583, cached=false, source=0, resourceid=0xb5226e2e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8A9C8C91, sigsha=1015a23cb0334428e4bf76c083c4f80420a97aca, cached=false, source=0, resourceid=0x43ccb6bd
Internal signature match:subtype=Lowfi, sigseq=0x0000157E20172375, sigsha=6504f6c498382fe884b037442796f59db722aba6, cached=false, source=0, resourceid=0xa347a585
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC7167D96, sigsha=53d1206d7ef8395ad60d2bf25c94bb12592cb92f, cached=false, source=0, resourceid=0xa347a585
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED038E656, sigsha=f7746402adc98d9d2796028e66ad7171d4c07247, cached=false, source=0, resourceid=0x0b203d8c
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC182D033, sigsha=76e6db047ad873bec8039d1173624da52ffbadd0, cached=false, source=0, resourceid=0x0b203d8c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1C3ABF7F, sigsha=6faf72d8664700aae95427952a70f17ac61331b1, cached=false, source=0, resourceid=0xd983ccd5
Internal signature match:subtype=Lowfi, sigseq=0x0000157E73E353E2, sigsha=03719bcf6a17011a0c242d7932894002fbeb92bd, cached=false, source=0, resourceid=0xf4b5697b
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6D2C3632, sigsha=bc336a0ba4dacf81d5ec3f04e1f03bedaf561566, cached=false, source=0, resourceid=0x6d509adc
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED76B77E0, sigsha=7156f78c6f3cb08ad40944a0a1d8f63e60371673, cached=false, source=0, resourceid=0xacbd9e16
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDB29CACD, sigsha=232cce57ecae32ecd4cb0d0e4e05687591c81361, cached=false, source=0, resourceid=0xc6f93443
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1A7A6B1B, sigsha=7d3fa51a7740a03dab82fd9fde7ea45c590f58a3, cached=false, source=0, resourceid=0xc6f93443
Internal signature match:subtype=Lowfi, sigseq=0x0000157E4B7B97DC, sigsha=2e248bbe23c9c7941fcf2928faa6bb27bdb6232f, cached=false, source=0, resourceid=0x37b118b2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7DFED8CD, sigsha=f52adaafc077f9f0ceeab8a536f77ca1c3398ee7, cached=false, source=0, resourceid=0x37b118b2
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDE346197, sigsha=d5649e6a14b2ef3de6c230a584c08ba5a2086cc4, cached=false, source=0, resourceid=0xceda1946
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB3A15E55, sigsha=d8d1daaca0fc29a9b6dea076c7bf397e422516c3, cached=false, source=0, resourceid=0x5b2b6412
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED1D33DD4, sigsha=5f32b0f06e3d9c53d943db4bf1013c5cbad6da11, cached=false, source=0, resourceid=0x5b2b6412
Internal signature match:subtype=Lowfi, sigseq=0x0000157E85891D9C, sigsha=607d76afcb7ce64bb2484b35c590d3b5dc2a91a5, cached=false, source=0, resourceid=0x5b2b6412
Internal signature match:subtype=Lowfi, sigseq=0x0000157E4B000BD4, sigsha=ebf8e2d32f3522308bf32183288af69999daf171, cached=false, source=0, resourceid=0x09b96c35
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1597E661, sigsha=70b9c8962bce538b51ff59f8ebc7043a23a71b7c, cached=false, source=0, resourceid=0x09b96c35
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBF9115A3, sigsha=11051fb813f6eee7134d7db94c227dca58945899, cached=false, source=0, resourceid=0x2986427c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9800D9B3, sigsha=af9728f053ed27553dc338688b9af1dbe38ed72f, cached=false, source=0, resourceid=0x8511695e
Internal signature match:subtype=Lowfi, sigseq=0x000005553BC4EF32, sigsha=0401730fab8037328ab58c3806d789c718149a11, cached=false, source=0, resourceid=0xce76ae0a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0C05EAC3, sigsha=844d316c749b3faa3f306934f62aa8d8b33e9325, cached=false, source=0, resourceid=0x6c541d26
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDA18F39C, sigsha=df02db3253134fdc4e94f532a166ebe2fc9b7000, cached=false, source=0, resourceid=0x578d689a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E58D3D69C, sigsha=7653306ed7e4bb4cbd24f4c56ed07ee9fc494284, cached=false, source=0, resourceid=0x578d689a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1000E17, sigsha=8f6d8fbdf991962cf3774f437df054d8a7aa0083, cached=false, source=0, resourceid=0x8cea8a4e
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE6997222, sigsha=4d13bb30cafc6c8fd4a31fc15b3f3b7ddec16ef0, cached=false, source=0, resourceid=0xcc8ad5a7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E94A3B2C3, sigsha=2f666ca6c2f42d78e59f25290c12e3969b432b9d, cached=false, source=0, resourceid=0xcc8ad5a7
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBFDFD540, sigsha=96e096d9d0454966c2c0f5015bd64b36d6d2c565, cached=false, source=0, resourceid=0xcc8ad5a7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7AD4B722, sigsha=91124c3793d9810eb8ecedf8cadf2a46cb634c5d, cached=false, source=0, resourceid=0xcc8ad5a7
Internal signature match:subtype=Lowfi, sigseq=0x0000157E9D492BAF, sigsha=e90ce058789f2b06cf005d56de0b26f57f1c3736, cached=false, source=0, resourceid=0x67452d98
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBFD63A3C, sigsha=da228b5bfa62c193892de11371a67df767c015a4, cached=false, source=0, resourceid=0xa51d6dbe
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC73DC711, sigsha=18c63aa1b7401fd94a9cce039a935d3a734826ef, cached=false, source=0, resourceid=0x48f913cb
Internal signature match:subtype=Lowfi, sigseq=0x000005554F5CEA63, sigsha=7c3e66a8ee931fd387af84b97c8a112dbd7a0805, cached=false, source=0, resourceid=0x3549dae9
Internal signature match:subtype=Lowfi, sigseq=0x0000157E373214B2, sigsha=5ad6bdbbab670a35043649daf11c94f93de515ce, cached=false, source=0, resourceid=0x9525267d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E303AD357, sigsha=aa0a589c24b16ecfb3e60b70feb93b386025b722, cached=false, source=0, resourceid=0x9525267d
Engine:
2023-12-26T09:57:16.796Z Triggered AR EMS scan

Engine:
2023-12-26T09:57:16.796Z EMS scan for process: lsass pid: 792, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-26T09:57:16.874Z EMS scan for process: svchost pid: 900, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-26T09:57:16.905Z EMS scan for process: svchost pid: 1012, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-26T09:57:16.921Z EMS scan for process: svchost pid: 848, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-26T09:57:16.968Z EMS scan for process: svchost pid: 816, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-26T09:57:16.999Z EMS scan for process: svchost pid: 1044, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-26T09:57:17.030Z EMS scan for process: svchost pid: 1172, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-26T09:57:17.062Z EMS scan for process: svchost pid: 1468, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-26T09:57:17.108Z EMS scan for process: svchost pid: 1564, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-26T09:57:17.124Z EMS scan for process: svchost pid: 1720, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2023-12-26T09:57:17.140Z EMS scan for process: svchost pid: 1784, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1579F408, sigsha=56687528b0453cf81c24cd472191333b40d699d3, cached=false, source=0, resourceid=0x9983ec63
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1579F408, sigsha=56687528b0453cf81c24cd472191333b40d699d3, cached=false, source=0, resourceid=0x9983ec63
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1579F408, sigsha=56687528b0453cf81c24cd472191333b40d699d3, cached=false, source=0, resourceid=0x9983ec63
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1579F408, sigsha=56687528b0453cf81c24cd472191333b40d699d3, cached=false, source=0, resourceid=0x9983ec63
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EEC3031B1, sigsha=484ff45b062a05fdfd2aed0ab50162f3c2f98bea, cached=false, source=0, resourceid=0x37222bc5
Internal signature match:subtype=Lowfi, sigseq=0x0000157E784E8F36, sigsha=9c2c71199eb67daef3217d11c0b3847161516e42, cached=false, source=0, resourceid=0xbcde05a0
Internal signature match:subtype=Lowfi, sigseq=0x0000157E784E8F36, sigsha=9c2c71199eb67daef3217d11c0b3847161516e42, cached=false, source=0, resourceid=0xbcde05a0
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8A65BD9B, sigsha=bf1b0ec75492964ce9de6683215fc4851a0d053d, cached=false, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF3876D53, sigsha=9fffeb69876edba74cb0458bbf38d7a692ee00e4, cached=false, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED4694B36, sigsha=ea32f2782a34807403aefeaa53696ead18dc5a1f, cached=false, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECDCAB20D, sigsha=2a708cccf7b10a25013c0b5951b1bcc086a137c8, cached=false, source=0, resourceid=0xcbca40f4
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECDCAB20D, sigsha=2a708cccf7b10a25013c0b5951b1bcc086a137c8, cached=false, source=0, resourceid=0xcbca40f4
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157EEC3031B1, sigsha=484ff45b062a05fdfd2aed0ab50162f3c2f98bea, cached=false, source=0, resourceid=0x37222bc5
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=false, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x00000555051EE39F, sigsha=32ed9fa9f09fa8fcc70ac6a257c272ea7d24741f, cached=true, source=0, resourceid=0x39e903de
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8CA6AD84, sigsha=32402dd2956604b4597d1dcfa21b6c0a574b1838, cached=true, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17193CA9, sigsha=87ece7ab29c637fea21b8349427e96d2c4ce2e3f, cached=true, source=0, resourceid=0xc73480f3
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8D9F916B, sigsha=9edc5491bdca31053e826c52a17ee491b620c077, cached=true, source=0, resourceid=0x6874ff49
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA4126BB5, sigsha=56e1e18d9592c50c7b1d1fdb6474ccb1de774a76, cached=false, source=0, resourceid=0x5c0a320a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFF66D8B3, sigsha=b18ac04960b00615dd23a091347ebae4802b598c, cached=false, source=0, resourceid=0x4821cd50
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFF66D8B3, sigsha=b18ac04960b00615dd23a091347ebae4802b598c, cached=false, source=0, resourceid=0xa5e5ce73
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECB72A263, sigsha=09b8e7963e285222b7450f7c250ef1b5ef80564d, cached=true, source=0, resourceid=0xca8edb0b
Internal signature match:subtype=Lowfi, sigseq=0x000005554F5CEA63, sigsha=7c3e66a8ee931fd387af84b97c8a112dbd7a0805, cached=true, source=0, resourceid=0x3549dae9
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17A2F333, sigsha=197d0bbb032413f1a939ffe82ba5ba476892d09a, cached=true, source=0, resourceid=0x64306927
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBDB65BFD, sigsha=4b77ffd1bb179078b95f7ec38146552cf106adba, cached=true, source=0, resourceid=0x64306927
Internal signature match:subtype=Lowfi, sigseq=0x0000157E15CB4297, sigsha=3deeadc8295c01dfdcabba4c213d03aaabf89eaa, cached=true, source=0, resourceid=0x64306927
Internal signature match:subtype=Lowfi, sigseq=0x0000157E234F2300, sigsha=2e0525b8514f547c712e02a272adb35d34347222, cached=false, source=0, resourceid=0xe248dba8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E381F8229, sigsha=6b69659e67ee19a6227bb907abbe934e1558dd34, cached=true, source=0, resourceid=0x951a9356
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F9DB65D, sigsha=ef1d395f28a8508cc4a86db7a6be4c75d4addfe1, cached=true, source=0, resourceid=0x951a9356
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1861DA5B, sigsha=76249576560cd5ab321af33c62a22bb3fcb7a7aa, cached=true, source=0, resourceid=0xbd4c5b97
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8A65BD9B, sigsha=bf1b0ec75492964ce9de6683215fc4851a0d053d, cached=true, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF3876D53, sigsha=9fffeb69876edba74cb0458bbf38d7a692ee00e4, cached=true, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED4694B36, sigsha=ea32f2782a34807403aefeaa53696ead18dc5a1f, cached=true, source=0, resourceid=0x682bf4f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E234F2300, sigsha=2e0525b8514f547c712e02a272adb35d34347222, cached=false, source=0, resourceid=0xe248dba8
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC4FC4E35, sigsha=780fc713e0ea52224f8e480e6af71da30c2d0712, cached=true, source=0, resourceid=0x5fbbc9aa
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1000E17, sigsha=8f6d8fbdf991962cf3774f437df054d8a7aa0083, cached=true, source=0, resourceid=0x8cea8a4e
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBFD63A3C, sigsha=da228b5bfa62c193892de11371a67df767c015a4, cached=true, source=0, resourceid=0xa51d6dbe
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFB98DDAE, sigsha=25e56677100929d556ed4d3210a59bf84ce1bb2d, cached=false, source=0, resourceid=0xb8ad7cdb
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6A0AA170, sigsha=01870a328d90d0a14a72d4a70eaf848bfb74cc34, cached=false, source=0, resourceid=0x92245a84
Internal signature match:subtype=Lowfi, sigseq=0x0000157E96550BA4, sigsha=2cdfe2ad69f0ec1b447e859f09821f3887b66d47, cached=true, source=0, resourceid=0xce08b410
Internal signature match:subtype=Lowfi, sigseq=0x0000157E234F2300, sigsha=2e0525b8514f547c712e02a272adb35d34347222, cached=false, source=0, resourceid=0xe248dba8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E24EB7486, sigsha=6b889191347426627fff191c86ec6f908b23161b, cached=true, source=0, resourceid=0x59285dc6
Internal signature match:subtype=Lowfi, sigseq=0x0000157E234F2300, sigsha=2e0525b8514f547c712e02a272adb35d34347222, cached=false, source=0, resourceid=0xe248dba8
Internal signature match:subtype=Lowfi, sigseq=0x0000157E98A01513, sigsha=ef7806d4b860b3c08806514cc19b3043411796fa, cached=false, source=0, resourceid=0xbd101bb6
Internal signature match:subtype=Lowfi, sigseq=0x0000157E87546BA4, sigsha=0cb9573acf126a103242ad7bc4492189a92a3875, cached=false, source=0, resourceid=0x1a2d6575
Internal signature match:subtype=Lowfi, sigseq=0x0000157E87546BA4, sigsha=0cb9573acf126a103242ad7bc4492189a92a3875, cached=false, source=0, resourceid=0x1a2d6575
Internal signature match:subtype=Lowfi, sigseq=0x0000157E31B92500, sigsha=77ec830a8a36bfe7b4651e213b11e7b1f7f8a3f1, cached=false, source=0, resourceid=0x78429977
Internal signature match:subtype=Lowfi, sigseq=0x0000157E2F2EA153, sigsha=092ac970af467fbeb1aef0c9239be799ed86f992, cached=false, source=0, resourceid=0xbeba801f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E283CA571, sigsha=38ef408e7316fbd1b21a429f3ab288785321356f, cached=false, source=0, resourceid=0xfff9e2f8
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECDA0E220, sigsha=1a12f8bea17fe15443a88acb7ca7b2a7e66453ee, cached=false, source=0, resourceid=0x5c196bc9
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECC6552E1, sigsha=1e8a84109bcde56ebeecccf74c8d042db25ba22e, cached=false, source=0, resourceid=0x02ff26fc
Internal signature match:subtype=Lowfi, sigseq=0x0000157E20DE3423, sigsha=5c4ea0dbe9dceab983b51fc585b394502aa4866e, cached=false, source=0, resourceid=0x02ff26fc
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6C239567, sigsha=745875914289cd59add90ad192eee1d9ed5bad64, cached=false, source=0, resourceid=0x02ff26fc
Internal signature match:subtype=Lowfi, sigseq=0x0000157E23F826F2, sigsha=c9087d971869d9092267c1ba38f2133764f74f10, cached=false, source=0, resourceid=0x02ff26fc
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6A8BD63B, sigsha=1f9207f616b7840f85224d979fdcb6418188f6f4, cached=false, source=0, resourceid=0xb2fe7d82
Internal signature match:subtype=Lowfi, sigseq=0x0000157E680674BC, sigsha=e6f877f6dbc26267ff8ca3e8f3b50841b0944fdd, cached=false, source=0, resourceid=0x943bc92e
Internal signature match:subtype=Lowfi, sigseq=0x0000E5E711B2AB39, sigsha=81aa596ffe243ce47b78e77b4f9e92c4e075f336, cached=false, source=0, resourceid=0xb49f25b9
2023-12-26T09:58:07.493Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.652Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.668Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.668Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.668Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.668Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.668Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.668Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.668Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.668Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.668Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.668Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.668Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.668Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.668Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.668Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.668Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.668Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.668Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.668Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.668Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.668Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.668Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.668Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.668Z [Cloud] Engine is requesting config to do cloud query [regular network].
2023-12-26T09:58:28.668Z Service stop requested (ServiceError: 0x0). Calling CleanupMpService ...
2023-12-26T09:58:28.761Z Unloaded module#0 MpComServer.
Microsoft Antimalware (F7F4CD20-7371-4319-B1DB-6FCFC68573EC) Log
Stopped On 12-26-2023 10:58:28 (Exit Code = 0x0)
************************************************************
--------------------------------------------------------------------------------
Microsoft Antimalware (F7F4CD20-7371-4319-B1DB-6FCFC68573EC) Service Log
Started On 01-06-2024 17:52:57
************************************************************
OS install time not retrieved: hr = 0x8007000d
Current time: 01/06/2024 16:52:57.91044300 UTC (11843 ms since boot)
2024-01-06T16:52:57.083Z ProductId: 4, ProductFeature: 0, LaunchedProtected: 0, IsWcos: 0, IsContainerOs: 0
2024-01-06T16:52:57.083Z [WPP] Starting WPP trace with buffersize 4MB, maxfilesize: 16MB, filename: WdoWppTracing-20240106-175257-00000003-ffffffff.bin ...
2024-01-06T16:52:57.083Z [WPP] Trace session started - WdoWppTracing-20240106-175257-00000003-ffffffff.bin
2024-01-06T16:52:57.083Z OS Build/Branch info: 19041.1.amd64fre.vb_release.191206-1406
2024-01-06T16:52:57.083Z [PlatUpd] Service launched successfully from: E:\ProgramData\Microsoft\Windows Defender\Offline Scanner
2024-01-06T16:52:57.083Z Service is asked to be reenabled.
2024-01-06T16:52:57.083Z Task(-EnableService) launched
2024-01-06T16:52:57.098Z Loaded module#0 MpComServer.
2024-01-06T16:52:57.098Z Loading engine...
2024-01-06T16:52:57.208Z UpdateEngine start: Source: 3, szUpdateDirectory: E:\WINDOWS\Microsoft Antimalware\Definition Updates\{13F31D4A-7612-4E87-B42B-ADB64B01F920}
2024-01-06T16:52:57.270Z Verifying engine and signature files (source: 0) ...
2024-01-06T16:52:57.301Z Verified [E:\WINDOWS\Microsoft Antimalware\Definition Updates\{21F84BFB-F456-49D8-A9AB-F07A4C55E7B1}\mpengine.dll]
2024-01-06T16:52:57.348Z Verified [E:\WINDOWS\Microsoft Antimalware\Definition Updates\{21F84BFB-F456-49D8-A9AB-F07A4C55E7B1}\mpasbase.vdm]
2024-01-06T16:52:57.364Z Verified [E:\WINDOWS\Microsoft Antimalware\Definition Updates\{21F84BFB-F456-49D8-A9AB-F07A4C55E7B1}\mpasdlta.vdm]
2024-01-06T16:52:57.395Z Verified [E:\WINDOWS\Microsoft Antimalware\Definition Updates\{21F84BFB-F456-49D8-A9AB-F07A4C55E7B1}\mpavbase.vdm]
2024-01-06T16:52:57.395Z Verified [E:\WINDOWS\Microsoft Antimalware\Definition Updates\{21F84BFB-F456-49D8-A9AB-F07A4C55E7B1}\mpavdlta.vdm]
Database:
2024-01-06T16:52:57.442Z Can't find offline cache cache (E:\WINDOWS\Microsoft Antimalware\Scans\mpcache-2AF880F03971EB4669B54693DBB8CD71718871D2.bin): 0x00000002IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007bIDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000dIDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d
2024-01-06T16:53:00.473Z [AutoExclusion] Skipped Non-Windows 10+ Server SKUs.
Engine-HIPS:
2024-01-06T16:53:00.488Z Loaded ASR vdm rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2024-01-06T16:53:00.488Z Loaded ASR vdm rule "Block credential stealing from the Windows local security authority subsystem (lsass.exe)", State=5, Action=7, Type=1, Duplicates(Interval=144000000000, scope=0x380)
Engine-HIPS:
2024-01-06T16:53:00.488Z Loaded ASR vdm rule "Block Office applications from injecting code into other processes", State=5, Action=2, Type=24, Duplicates(Interval=144000000000, scope=0x380)
Engine-HIPS:
2024-01-06T16:53:00.488Z Loaded ASR vdm rule "Controlled folder access", State=0, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2024-01-06T16:53:00.488Z Loaded ASR vdm rule "Block untrusted and unsigned processes that run from USB", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2024-01-06T16:53:00.488Z Loaded ASR vdm rule "Block Adobe Reader from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2024-01-06T16:53:00.488Z Loaded ASR vdm rule "Block Office applications from creating executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2024-01-06T16:53:00.488Z Loaded ASR vdm rule "Block Webshell creation for Servers", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2024-01-06T16:53:00.488Z Loaded ASR vdm rule "Block Office communication application from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2024-01-06T16:53:00.488Z Loaded ASR vdm rule "Block Win32 API calls from Office macro", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2024-01-06T16:53:00.488Z Loaded ASR vdm rule "Block abuse of in-the-wild exploited vulnerable signed drivers", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2024-01-06T16:53:00.488Z Loaded ASR vdm rule "Block all Office applications from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2024-01-06T16:53:00.488Z Loaded ASR vdm rule "Use advanced protection against ransomware", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2024-01-06T16:53:00.488Z Loaded ASR vdm rule "Block Process Creations originating from PSExec & WMI commands", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2024-01-06T16:53:00.488Z Loaded ASR vdm rule "Block Launching of executable content from email attachment", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2024-01-06T16:53:00.488Z Loaded ASR vdm rule "Block JavaScript or VBScript from launching downloaded executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2024-01-06T16:53:00.488Z Loaded ASR vdm rule "Block persistence through WMI event subscription", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2024-01-06T16:53:00.488Z Loaded ASR vdm rule "Aplha Test for ASR in Audit Mode", State=5, Action=1, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2024-01-06T16:53:00.488Z Loaded ASR vdm rule "Block rebooting machine in Safe Mode", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100)
Engine-HIPS:
2024-01-06T16:53:00.488Z Loaded ASR vdm rule "Aplha Test for ASR in Block Mode", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0)
Engine-HIPS:
2024-01-06T16:53:00.488Z Loaded ASR vdm rule "Block execution of potentially obfuscated scripts", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100)
2024-01-06T16:53:00.488Z CSignatureStatus: back to good
2024-01-06T16:53:00.488Z [Engine] Loaded E:\WINDOWS\Microsoft Antimalware\Definition Updates\{21F84BFB-F456-49D8-A9AB-F07A4C55E7B1}
2024-01-06T16:53:00.488Z [Engine] Removing E:\WINDOWS\Microsoft Antimalware\Definition Updates\{108A9481-9B74-43CD-A37B-2C78869DD0B4} ...
2024-01-06T16:53:00.488Z [Engine] Removing E:\WINDOWS\Microsoft Antimalware\Definition Updates\{13F31D4A-7612-4E87-B42B-ADB64B01F920} ...
2024-01-06T16:53:00.488Z MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0x0
Signature updated via XCopy on 01-06-2024 17:53:00
Product Version: 4.18.1907.16384
Service Version: 4.18.1909.6
Engine Version: 1.1.23110.2
AS Signature Version: 1.403.1737.0
AV Signature Version: 1.403.1737.0
************************************************************
2024-01-06T16:53:00.488Z UpdateEngine finished with 0x0: Source: 3, szUpdateDirectory: E:\WINDOWS\Microsoft Antimalware\Definition Updates\{13F31D4A-7612-4E87-B42B-ADB64B01F920}
2024-01-06T16:53:00.488Z Engine loaded!
2024-01-06T16:53:00.488Z Verifying license file...
2024-01-06T16:53:00.488Z Verified [E:\ProgramData\Microsoft\Windows Defender\Offline Scanner\msmplics.dll]
2024-01-06T16:53:00.488Z MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0x0
Product Version: 4.18.1907.16384
Service Version: 4.18.1909.6
Engine Version: 1.1.23110.2
AS Signature Version: 1.403.1737.0
AV Signature Version: 1.403.1737.0
************************************************************
2024-01-06T16:53:01.129Z MpManagerEnable: setting DisableAS to 0 ...
2024-01-06T16:53:01.129Z MpManagerEnable: setting DisableAV to 0 ...
2024-01-06T16:53:01.129Z Scheduled scan configured CPU priority: normal (LowCpuPriority: 0)
Internal signature match:subtype=Lowfi, sigseq=0x0000055584077371, sigsha=847de3f39cfd85a781665ee755bc7e1524def11a, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7F5F1E53, sigsha=32586275d8ea3e90767f14fc3098f076489b4460, cached=false, source=0, resourceid=0x061a8663
Internal signature match:subtype=Lowfi, sigseq=0x0000157EAA256900, sigsha=8c85e2d3e3a4512ae29fe872162b098ad3a940e9, cached=false, source=0, resourceid=0x47d9f1ac
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBBD8456E, sigsha=907390fae3f31f6020f33863beeb8a557c8ff07c, cached=false, source=0, resourceid=0x7d0c3630
Internal signature match:subtype=Lowfi, sigseq=0x0000157E17F4F34D, sigsha=179de9a6f7b4403e4807f71b8e2d5964fff0ac4a, cached=false, source=0, resourceid=0x7d0c3630
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45009C10, sigsha=dc2ec5f2450737891699a3742641345b25587a6f, cached=false, source=0, resourceid=0xa71b31da
Internal signature match:subtype=Lowfi, sigseq=0x0000108004963EFB, sigsha=5a9ac20d326dfafb5e3fe58d4db750cf03d47ea1, cached=false, source=0, resourceid=0x8a4b52bb
Internal signature match:subtype=Lowfi, sigseq=0x0000157E280584E9, sigsha=c9830f635de68f0927a676858786b0250f526104, cached=false, source=0, resourceid=0x8a4b52bb
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1823B40D, sigsha=f8a55a57db867ed0643b729a92bd32560349fdc6, cached=false, source=0, resourceid=0x19bd67c1
Internal signature match:subtype=Lowfi, sigseq=0x0000108035953D44, sigsha=a07e1d85bba64859b28ea448247b9435ec5ad26b, cached=false, source=0, resourceid=0xcb2af114
Internal signature match:subtype=Lowfi, sigseq=0x0000055520AA15B7, sigsha=1111ca3580322de85dfeeeb52177df9819ae53e4, cached=false, source=0, resourceid=0x6ac7fede
Internal signature match:subtype=Lowfi, sigseq=0x000010809EDDD7B7, sigsha=40f994fac54b54698ec5b0d95958a49137f9c93a, cached=false, source=0, resourceid=0x81bfc121
Internal signature match:subtype=Lowfi, sigseq=0x00001080977971A6, sigsha=321b2bb2b27d2b25fa46074d8487ce06473307ec, cached=false, source=0, resourceid=0x7ca16bc9
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6AAAF905, sigsha=c3008686fe225ea0bb4b42993834db44904aab75, cached=false, source=0, resourceid=0x304c2d6a
Internal signature match:subtype=Lowfi, sigseq=0x00001080A2DBABE8, sigsha=d885d58d833372c47ec2ddaa2edd1012b80462fe, cached=false, source=0, resourceid=0x68a39203
Internal signature match:subtype=Lowfi, sigseq=0x00000555428DAFCD, sigsha=c39c952e4001f5bee07c576c626b2936f8d205ba, cached=false, source=0, resourceid=0x61d7bc5f
Internal signature match:subtype=Lowfi, sigseq=0x000010805E9D93D6, sigsha=fd32ac144ee7f5800ade21e9819df7a6bdbcfca0, cached=false, source=0, resourceid=0xd3126654
Internal signature match:subtype=Lowfi, sigseq=0x0000108052B1B1C4, sigsha=ad97cd26656bb68cc486bfd7acc56c1860ec1755, cached=false, source=0, resourceid=0x843be86b
Internal signature match:subtype=Lowfi, sigseq=0x0000157E337D1786, sigsha=c143e9f9de753208930352141b473ad812636849, cached=false, source=0, resourceid=0x76f3c417
Internal signature match:subtype=Lowfi, sigseq=0x000010809A5E3D9D, sigsha=dd37b80e009d780c8ba527ceb98688b9649320c5, cached=false, source=0, resourceid=0x43de2b8a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EAA256900, sigsha=8c85e2d3e3a4512ae29fe872162b098ad3a940e9, cached=false, source=0, resourceid=0xbbd29c6b
Internal signature match:subtype=Lowfi, sigseq=0x000010805E36EA69, sigsha=d2e11c3b04aafc8c093d1aca46544900aad23985, cached=false, source=0, resourceid=0xa587eb61
Internal signature match:subtype=Lowfi, sigseq=0x000010802D9EC47D, sigsha=46c27d02f384bf01a37e0255802d7087830a8b2f, cached=false, source=0, resourceid=0x095b1a3f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF4A10AA3, sigsha=ebc205b1dcf8711a7f4f504cd9a0964d1bdaaa3e, cached=false, source=0, resourceid=0x94b6b781
Internal signature match:subtype=Lowfi, sigseq=0x00001080C74477B6, sigsha=689fde91f0acd7a8553ff5d2350b4366cafc836f, cached=false, source=0, resourceid=0x1ca6f707
Internal signature match:subtype=Lowfi, sigseq=0x000010803A908293, sigsha=6ec0150984c97e99b4b7afbce099c9ba4b474990, cached=false, source=0, resourceid=0xfcfc419f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E10C1C746, sigsha=019f03075a479354e96a31b18ad06502ca1f5fdb, cached=false, source=0, resourceid=0x01fe7779
Internal signature match:subtype=Lowfi, sigseq=0x00001080FE64D824, sigsha=55e3940a72a1269d1494ff96430925c844c173f9, cached=false, source=0, resourceid=0xb97a9abe
Internal signature match:subtype=Lowfi, sigseq=0x0000108066FF7F91, sigsha=aa7bc19e40d4f4b4d03a82f561170ab8acf76339, cached=false, source=0, resourceid=0x35ec015e
Internal signature match:subtype=Lowfi, sigseq=0x0000108015483B16, sigsha=9354b7e4dc1aa4183eed448a6f0cfe9668a0ea6f, cached=false, source=0, resourceid=0xc390da37
Internal signature match:subtype=Lowfi, sigseq=0x00001080ABC5BEBA, sigsha=aa081adac166b2e49306bbd5113b80b43488ca31, cached=false, source=0, resourceid=0x2f0d9f4f
Internal signature match:subtype=Lowfi, sigseq=0x00001080C954F315, sigsha=c3bd32481b929eca5aef9c2269aba40501c802bc, cached=false, source=0, resourceid=0x62f40942
Internal signature match:subtype=Lowfi, sigseq=0x0000108032E164A8, sigsha=56f4bb178f09bbc8da4dfdcf494d508c1274cac2, cached=false, source=0, resourceid=0xcd922a6d
Internal signature match:subtype=Lowfi, sigseq=0x00001080F0E3F999, sigsha=3c74775343abcd38b84bcc336606c62a608566f2, cached=false, source=0, resourceid=0x43fe6f44
Internal signature match:subtype=Lowfi, sigseq=0x00001080981B87ED, sigsha=8e67d27541f25cfeb991eef1a0958350611552a1, cached=false, source=0, resourceid=0x9def9dd9
Internal signature match:subtype=Lowfi, sigseq=0x00001080159061C1, sigsha=0b69528b6bcf55b25c666119c69f7133e5d694d5, cached=false, source=0, resourceid=0x5ce63056
Internal signature match:subtype=Lowfi, sigseq=0x00001080732EBB5A, sigsha=2b8abf213b7f8dfc866549feeb405ea5d864b4d2, cached=false, source=0, resourceid=0xa0d16c5c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7F21CFF6, sigsha=6c96e7216c7f1c4a5c9a561f96ae969f4e3c9db9, cached=false, source=0, resourceid=0x2aced492
Internal signature match:subtype=Lowfi, sigseq=0x000010808C16923F, sigsha=fe887c59b5293882813a534af3f595428ff86730, cached=false, source=0, resourceid=0x4ad065d3
Internal signature match:subtype=Lowfi, sigseq=0x0000108018F22738, sigsha=936a04275694cc45d0cae71012d9e3faab4f4a95, cached=false, source=0, resourceid=0x4fa8d9f2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E970E5685, sigsha=369f0d5dbd2914c0513e9279556756ab29ae6585, cached=false, source=0, resourceid=0x2c29a686
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7B58790A, sigsha=1f77b7c50f47fdac1563861a7754cc8a7fab13d4, cached=false, source=0, resourceid=0xb3da6636
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF04C668D, sigsha=312df6799c797662143b39147807bf25b8e50e94, cached=false, source=0, resourceid=0x5fc40294
Internal signature match:subtype=Lowfi, sigseq=0x000010805EE99FD9, sigsha=d4d3e6b3f2b6b1eb82f0dbc8c1cc23217780da04, cached=false, source=0, resourceid=0xbc1705de
Internal signature match:subtype=Lowfi, sigseq=0x00001080B15C6A9F, sigsha=4ded9170c5634c3f66f79280def92716c5bbc715, cached=false, source=0, resourceid=0x10b2d0ab
Internal signature match:subtype=Lowfi, sigseq=0x0000157E2F58EBC0, sigsha=9490a31a4ac2a9fb597040fec12c663ed081e836, cached=false, source=0, resourceid=0x4d570afc
Internal signature match:subtype=Lowfi, sigseq=0x00001080273FF21E, sigsha=f8901555784d8965fc22bde0b654bc681be7c566, cached=false, source=0, resourceid=0x59ff5552
Internal signature match:subtype=Lowfi, sigseq=0x00000555E8E9DB43, sigsha=657b2847ff1e81848c6eb45b97a70724a920d76b, cached=false, source=0, resourceid=0x59ff5552
Internal signature match:subtype=Lowfi, sigseq=0x00000555D187A788, sigsha=15824ebe6a9eec6912a8d627dc052a48308818bd, cached=false, source=0, resourceid=0xe64f9c64
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDC6727B9, sigsha=622e116c690550fbc3614501d24a6dd3efba2351, cached=false, source=0, resourceid=0xe87fe185
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7021DCD9, sigsha=c77355234b33cd3f6903e22be66fe9eccd47bd5d, cached=false, source=0, resourceid=0x45f2c86b
Internal signature match:subtype=Lowfi, sigseq=0x0000157E818FBA92, sigsha=2a8e494e41239377fad0997ef169c3e5fc039681, cached=false, source=0, resourceid=0x3c1028bb
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8C699E5A, sigsha=0eadd334b61db98a714ae7988da91c50ef919ba6, cached=false, source=0, resourceid=0x4016ae46
Internal signature match:subtype=Lowfi, sigseq=0x0000157EE2535440, sigsha=9e8272d15166f1ac6bd0d7d17a48f62b9d9754c0, cached=false, source=0, resourceid=0xbbaa1503
Internal signature match:subtype=Lowfi, sigseq=0x000010804BE78735, sigsha=26d4184d248f1b26b8f2bf72e0d2a241e9d04cc9, cached=false, source=0, resourceid=0x6c4c2272
Internal signature match:subtype=Lowfi, sigseq=0x0000157E24EB7486, sigsha=6b889191347426627fff191c86ec6f908b23161b, cached=false, source=0, resourceid=0x59285dc6
Internal signature match:subtype=Lowfi, sigseq=0x00001080DCCA4B2C, sigsha=fbb092a0a7cafad836780162a3b2c9ff3f4975af, cached=false, source=0, resourceid=0x7ae90447
Internal signature match:subtype=Lowfi, sigseq=0x0000108028231473, sigsha=84646618c27133862ff18371b419dcfccdd6f4e6, cached=false, source=0, resourceid=0xb2af7b33
Internal signature match:subtype=Lowfi, sigseq=0x00001080DFAF2D8C, sigsha=2c39ef499895f2dfb75e8211cb274daec90d9617, cached=false, source=0, resourceid=0x1fddc1a2
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFF3A016E, sigsha=6343e5fab400bec5c8ee0b85c6225b5014fba50d, cached=false, source=0, resourceid=0xd4c9ce37
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF7F7E582, sigsha=ec7f161a73e68d6287570f00d144314bcbebf47b, cached=false, source=0, resourceid=0xe05b18ad
Internal signature match:subtype=Lowfi, sigseq=0x0000055500AF1F78, sigsha=1b4635d663d6e658c8ada079e41b2c710cc8b032, cached=false, source=0, resourceid=0xb3d75904
Internal signature match:subtype=Lowfi, sigseq=0x0000055584077371, sigsha=847de3f39cfd85a781665ee755bc7e1524def11a, cached=false, source=0, resourceid=0x3656a30f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1579F408, sigsha=56687528b0453cf81c24cd472191333b40d699d3, cached=false, source=0, resourceid=0x9983ec63
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDC59D83A, sigsha=ee1df39ff6b386ce2ae933d54c329ac7589c7db1, cached=false, source=0, resourceid=0x2f6e1a20
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7F5F1E53, sigsha=32586275d8ea3e90767f14fc3098f076489b4460, cached=false, source=0, resourceid=0x061a8663
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC3BA1CB5, sigsha=d8863d26e259b695ea42ffbd063539eb4f03c352, cached=false, source=0, resourceid=0xd6f484f9
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF1452904, sigsha=d3e5e75dd5cd020b11274b5aa085ee7f2f16260e, cached=false, source=0, resourceid=0xd6f484f9
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC4FC4E35, sigsha=780fc713e0ea52224f8e480e6af71da30c2d0712, cached=false, source=0, resourceid=0x5fbbc9aa
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1000E17, sigsha=8f6d8fbdf991962cf3774f437df054d8a7aa0083, cached=false, source=0, resourceid=0x602f17a4
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDA4B15A0, sigsha=e4b7dc6b70a64b656ee8c47783902b911e2a41fb, cached=false, source=0, resourceid=0xad53dc69
Internal signature match:subtype=Lowfi, sigseq=0x0000157E41022000, sigsha=dd6f915577c609379e5a43322c44830cba22db05, cached=false, source=0, resourceid=0xcfcc4023
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF5E1236E, sigsha=a615184d2a51ef4c793a55d4236b775907df7ba5, cached=false, source=0, resourceid=0x092d3402
2024-01-06T16:53:57.092Z Process scan (postsignatureupdatescan) started.
2024-01-06T16:53:57.186Z Process scan (postsignatureupdatescan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x0000157E5B5D193E, sigsha=758ee08a1d4cd63aa1c79b433952f3b5fede1b03, cached=false, source=0, resourceid=0x921aa069
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6C8FBB73, sigsha=4e5449665be53f5d030169f56a21964a27847b5a, cached=false, source=0, resourceid=0x9cc6f55f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDCF1F916, sigsha=d3bd9b5c0810fa36babc76add4c96861ded8f4c0, cached=false, source=0, resourceid=0x9bebd375
Internal signature match:subtype=Lowfi, sigseq=0x0000157E29093ED1, sigsha=b1345f389d9dd6d5e7b7131a92d32548ec209dfe, cached=false, source=0, resourceid=0x97e4f5a1
Internal signature match:subtype=Lowfi, sigseq=0x0000157E7CA430B1, sigsha=56c2b6e584fff8d3ed941379541b67ca34e79cea, cached=false, source=0, resourceid=0x9774b5a2
Internal signature match:subtype=Lowfi, sigseq=0x00000555733BB94A, sigsha=ac9a186689a7670cc64f3507007d53a5c4083938, cached=false, source=0, resourceid=0x06313dde
Internal signature match:subtype=Lowfi, sigseq=0x0000157E2545CFEA, sigsha=cfa4428e86d61ce7f330a2a9c12f0d72a16af17a, cached=false, source=0, resourceid=0xfd6ed15a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EEC3031B1, sigsha=484ff45b062a05fdfd2aed0ab50162f3c2f98bea, cached=false, source=0, resourceid=0x37222bc5
Internal signature match:subtype=Lowfi, sigseq=0x0000157E3C6316A9, sigsha=2892c42e2d6a3ecc1c0167aecf12ffbc0b41a89f, cached=false, source=0, resourceid=0x5cd19f7a
Internal signature match:subtype=Lowfi, sigseq=0x0000157E784E8F36, sigsha=9c2c71199eb67daef3217d11c0b3847161516e42, cached=false, source=0, resourceid=0xbcde05a0
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF67812C2, sigsha=62a88aae4f5d71b5ece2555c32bd4446ba61e332, cached=false, source=0, resourceid=0xbd67c249
Internal signature match:subtype=Lowfi, sigseq=0x0000157E52B66EE9, sigsha=dab5c574feea4f65263233e32d78c4bc7aa8ac30, cached=false, source=0, resourceid=0x529eb125
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFBBE309C, sigsha=8223710f4e34b0a1aba68f71fbe05f917c5a84d3, cached=false, source=0, resourceid=0x7a75acb4
Internal signature match:subtype=Lowfi, sigseq=0x0000157E77CC48D3, sigsha=9ac199d9586d1ee62005d79004d87b0c5f53a89b, cached=false, source=0, resourceid=0x7a75acb4
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED3D80F25, sigsha=6c378478f60c04ce21270d3b83b51a622efcf8cf, cached=false, source=0, resourceid=0x48e6d72c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E36EF3D27, sigsha=38689ccbd37599eebe372762677321fd41b92c2c, cached=false, source=0, resourceid=0x09e176ed
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8EE7E0D6, sigsha=f5f19c4c3eee6f2cd8ac0ab91104113b2c86d875, cached=false, source=0, resourceid=0xddae17d4
Internal signature match:subtype=Lowfi, sigseq=0x00000555B3E0AE94, sigsha=bcceeea8aa08e834626837b23fabf1241e6875da, cached=false, source=0, resourceid=0xc0c15512
Internal signature match:subtype=Lowfi, sigseq=0x0000157E448CC829, sigsha=a10bca41f8c18e9126949189f40362dcc673e933, cached=false, source=0, resourceid=0xc0c15512
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA6C259FE, sigsha=07a8f4f746018b937b24427b3de46e041ba86214, cached=false, source=0, resourceid=0xebc004c2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6ABE6509, sigsha=850e15aa71b6d5147b3df6c73e981c6ed13c19d1, cached=false, source=0, resourceid=0x79feb6ee
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1F886129, sigsha=2a2f2b83725627095887fafe185252be427b8226, cached=false, source=0, resourceid=0x29dcbabf
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8A052AAD, sigsha=6964409e734f6ba5c267cbb057b75b183a52cd03, cached=false, source=0, resourceid=0x9663dd4f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E64836C36, sigsha=2a2b956ace7677eb49a904f4a1dc92fcecdd857f, cached=false, source=0, resourceid=0xda270a39
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6D2C3632, sigsha=bc336a0ba4dacf81d5ec3f04e1f03bedaf561566, cached=false, source=0, resourceid=0x5c0667ef
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF8F62633, sigsha=3a78373c34600aa8ce79bc30c660ca7c991006f6, cached=false, source=0, resourceid=0xd6920f71
Internal signature match:subtype=Lowfi, sigseq=0x0000157E4FCA60FD, sigsha=100d3ab52fb496b7368a160dd4e5384269416a46, cached=false, source=0, resourceid=0x1c7d0003
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB81A8B9C, sigsha=dd61d97fe04e69f02406e046d5f1ec4d3fb4c986, cached=false, source=0, resourceid=0x1c7d0003
Internal signature match:subtype=Lowfi, sigseq=0x00001080F5A11CD2, sigsha=02555e8530eb0f750d4247c43f76b243b3884514, cached=false, source=0, resourceid=0xe559800c
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC1966D40, sigsha=a1fc08bf8eff3ca354961a0d8591ea96170f346f, cached=false, source=0, resourceid=0x94cf0285
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45009C10, sigsha=dc2ec5f2450737891699a3742641345b25587a6f, cached=false, source=0, resourceid=0xa71b31da
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDE4AA0A4, sigsha=55f2464f462ae0e05b5263d888cf90e9b88353a2, cached=false, source=0, resourceid=0xabda414e
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBEDE7A0E, sigsha=336e7f8e1408c508a8fadc5c9403874aaeb4dc03, cached=false, source=0, resourceid=0xe9912485
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF647FAC3, sigsha=8ccac6a066bf89c990704682922abe6e55d889b5, cached=false, source=0, resourceid=0xe634cbb6
Internal signature match:subtype=Lowfi, sigseq=0x0000157E5E5286BF, sigsha=1ef35f054e28f9a84039647c9655540aef43c93d, cached=false, source=0, resourceid=0x669ebc7e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E80539659, sigsha=940421ffc9d137e8d36126ce64c2a11b2a0054b7, cached=false, source=0, resourceid=0x93f8b95f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDFC4CCE4, sigsha=b6fe0442434a9c5cd2018c63a70333a710089af3, cached=false, source=0, resourceid=0x93f8b95f
Internal signature match:subtype=Lowfi, sigseq=0x0000157EEBE91063, sigsha=83e8f053030253b39c1955d871e6c3e7ebfc69ba, cached=false, source=0, resourceid=0xe5c1199a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EA03418DE, sigsha=25df34e10846b31ec4d919da046e69849c4d4cf8, cached=false, source=0, resourceid=0xc0e8e6e2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E23440CDD, sigsha=4b30dcea1ef596d4290683cdb070ea93f9e8585f, cached=false, source=0, resourceid=0xc0e8e6e2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E50CBF294, sigsha=d29c2b6df47ec3bb15e20663b4eaefc029b10df2, cached=false, source=0, resourceid=0x3b7ff202
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED5EDF236, sigsha=68fef7deb0759454251e8eb0ba62facb238e1df8, cached=false, source=0, resourceid=0x3fb959c4
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1D7AAAC3, sigsha=7adebcfd5966025550a9642ade7ca2f8d92c8d81, cached=false, source=0, resourceid=0x568d9245
Internal signature match:subtype=Lowfi, sigseq=0x0000157E68CCE934, sigsha=90b11ec3b80746e4c4e6be88de043ba3c051fcff, cached=false, source=0, resourceid=0x292e72bf
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB7911C94, sigsha=4e63109a20f27c1f5740e5d9d42259c226fccd6e, cached=false, source=0, resourceid=0xd93f0580
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8FA78A5B, sigsha=d30728dc715f058180ede16e41ae845ccb284899, cached=false, source=0, resourceid=0xa7731802
Internal signature match:subtype=Lowfi, sigseq=0x000005559FAD4704, sigsha=e926c3238f5b902a87e91dd3228568f7ab6ec0ac, cached=false, source=0, resourceid=0x6b2c27b4
Internal signature match:subtype=Lowfi, sigseq=0x000005559FAD4704, sigsha=e926c3238f5b902a87e91dd3228568f7ab6ec0ac, cached=false, source=0, resourceid=0x879080c1
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECB72A263, sigsha=09b8e7963e285222b7450f7c250ef1b5ef80564d, cached=false, source=0, resourceid=0xca8edb0b
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC9084EC4, sigsha=2990c85733cbbd511c621da8e5d35982b041b21c, cached=false, source=0, resourceid=0x0ab27e26
Internal signature match:subtype=Lowfi, sigseq=0x0000157EEA98343F, sigsha=9293941b8a9a7f2c1d31d32dd9b2abe121621d75, cached=false, source=0, resourceid=0xb87824e7
Internal signature match:subtype=Lowfi, sigseq=0x0000157EF0723F8A, sigsha=b95f96e1381af73ec53851980a6da344795d5d9a, cached=false, source=0, resourceid=0x4fe75798
Internal signature match:subtype=Lowfi, sigseq=0x0000157E271120E8, sigsha=7fa98c1501da12096ed4926c631dbe2cd232ae0b, cached=false, source=0, resourceid=0xbf96d13f
Internal signature match:subtype=Lowfi, sigseq=0x0000157E8BB73A51, sigsha=ba56edacec258427c065e816c0b1706d7f29dae8, cached=false, source=0, resourceid=0xf3a56d0b
Internal signature match:subtype=Lowfi, sigseq=0x00000555B5F32F78, sigsha=cafbca13531110bde1eb1d4b0250eddf98e6df71, cached=false, source=0, resourceid=0x1ebd1283
Internal signature match:subtype=Lowfi, sigseq=0x0000157E81691939, sigsha=47e5b696a6040fbd4586076c8e1676afede2ab84, cached=false, source=0, resourceid=0xe7cd7583
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC295BC64, sigsha=1e0a68fa4f8a019ab47ecac6ce2c81e4acd63da9, cached=false, source=0, resourceid=0xa2542260
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECDCAB20D, sigsha=2a708cccf7b10a25013c0b5951b1bcc086a137c8, cached=false, source=0, resourceid=0xcbca40f4
Internal signature match:subtype=Lowfi, sigseq=0x0000157EEA786CA8, sigsha=a2fc528fee7ddb3c88277c46b47c22b503e76414, cached=false, source=0, resourceid=0x8c7f4ecf
Internal signature match:subtype=Lowfi, sigseq=0x0000108076915C8A, sigsha=19c0880f05c9c258691a93ba46d597b853738b18, cached=false, source=0, resourceid=0xb01c42df
Internal signature match:subtype=Lowfi, sigseq=0x0000157E381F8229, sigsha=6b69659e67ee19a6227bb907abbe934e1558dd34, cached=false, source=0, resourceid=0x951a9356
Internal signature match:subtype=Lowfi, sigseq=0x0000157E005DA543, sigsha=3e2e34675cc074d01560f8991095334b8538353b, cached=false, source=0, resourceid=0x3b3b261e
Internal signature match:subtype=Lowfi, sigseq=0x0000157E005DA543, sigsha=3e2e34675cc074d01560f8991095334b8538353b, cached=false, source=0, resourceid=0xd847c09c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E005DA543, sigsha=3e2e34675cc074d01560f8991095334b8538353b, cached=false, source=0, resourceid=0xb408b576
Internal signature match:subtype=Lowfi, sigseq=0x0000157E005DA543, sigsha=3e2e34675cc074d01560f8991095334b8538353b, cached=false, source=0, resourceid=0xc4fd9959
Internal signature match:subtype=Lowfi, sigseq=0x0000157E005DA543, sigsha=3e2e34675cc074d01560f8991095334b8538353b, cached=false, source=0, resourceid=0xfb4d8457
Internal signature match:subtype=Lowfi, sigseq=0x0000157E005DA543, sigsha=3e2e34675cc074d01560f8991095334b8538353b, cached=false, source=0, resourceid=0xe9c6c3c0
Internal signature match:subtype=Lowfi, sigseq=0x00000555C5D393A5, sigsha=79585350f0b74c3d52cf5176f254d408375fa985, cached=false, source=0, resourceid=0xf73a83de
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6D2C3632, sigsha=bc336a0ba4dacf81d5ec3f04e1f03bedaf561566, cached=false, source=0, resourceid=0x6d509adc
Internal signature match:subtype=Lowfi, sigseq=0x0000157ED76B77E0, sigsha=7156f78c6f3cb08ad40944a0a1d8f63e60371673, cached=false, source=0, resourceid=0xacbd9e16
Internal signature match:subtype=Lowfi, sigseq=0x0000108064A94050, sigsha=cb161bcd19d25571622abd754c1170caab9c4ed7, cached=false, source=0, resourceid=0xcaeda5fe
Internal signature match:subtype=Lowfi, sigseq=0x0000157E4B7B97DC, sigsha=2e248bbe23c9c7941fcf2928faa6bb27bdb6232f, cached=false, source=0, resourceid=0x37b118b2
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB3A15E55, sigsha=d8d1daaca0fc29a9b6dea076c7bf397e422516c3, cached=false, source=0, resourceid=0x5b2b6412
Internal signature match:subtype=Lowfi, sigseq=0x0000157E4B000BD4, sigsha=ebf8e2d32f3522308bf32183288af69999daf171, cached=false, source=0, resourceid=0x09b96c35
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBF9115A3, sigsha=11051fb813f6eee7134d7db94c227dca58945899, cached=false, source=0, resourceid=0x2986427c
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0C05EAC3, sigsha=844d316c749b3faa3f306934f62aa8d8b33e9325, cached=false, source=0, resourceid=0x6c541d26
Internal signature match:subtype=Lowfi, sigseq=0x0000157EDA18F39C, sigsha=df02db3253134fdc4e94f532a166ebe2fc9b7000, cached=false, source=0, resourceid=0x578d689a
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1000E17, sigsha=8f6d8fbdf991962cf3774f437df054d8a7aa0083, cached=false, source=0, resourceid=0x8cea8a4e
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBFD63A3C, sigsha=da228b5bfa62c193892de11371a67df767c015a4, cached=false, source=0, resourceid=0xa51d6dbe
Engine:
2024-01-06T16:54:42.825Z Triggered AR EMS scan

Engine:
2024-01-06T16:54:42.825Z EMS scan for process: lsass pid: 800, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2024-01-06T16:54:42.887Z EMS scan for process: svchost pid: 908, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2024-01-06T16:54:42.934Z EMS scan for process: svchost pid: 1012, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2024-01-06T16:54:42.950Z EMS scan for process: svchost pid: 812, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2024-01-06T16:54:42.997Z EMS scan for process: svchost pid: 732, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2024-01-06T16:54:43.028Z EMS scan for process: svchost pid: 1056, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2024-01-06T16:54:43.059Z EMS scan for process: svchost pid: 1176, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2024-01-06T16:54:43.091Z EMS scan for process: svchost pid: 1480, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2024-01-06T16:54:43.137Z EMS scan for process: svchost pid: 1576, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2024-01-06T16:54:43.153Z EMS scan for process: svchost pid: 1740, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Engine:
2024-01-06T16:54:43.169Z EMS scan for process: svchost pid: 1804, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1579F408, sigsha=56687528b0453cf81c24cd472191333b40d699d3, cached=false, source=0, resourceid=0x9983ec63
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1579F408, sigsha=56687528b0453cf81c24cd472191333b40d699d3, cached=false, source=0, resourceid=0x9983ec63
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1579F408, sigsha=56687528b0453cf81c24cd472191333b40d699d3, cached=false, source=0, resourceid=0x9983ec63
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1579F408, sigsha=56687528b0453cf81c24cd472191333b40d699d3, cached=false, source=0, resourceid=0x9983ec63
Internal signature match:subtype=Lowfi, sigseq=0x0000157EEC3031B1, sigsha=484ff45b062a05fdfd2aed0ab50162f3c2f98bea, cached=false, source=0, resourceid=0x37222bc5
Internal signature match:subtype=Lowfi, sigseq=0x0000157E784E8F36, sigsha=9c2c71199eb67daef3217d11c0b3847161516e42, cached=false, source=0, resourceid=0xbcde05a0
Internal signature match:subtype=Lowfi, sigseq=0x0000157E784E8F36, sigsha=9c2c71199eb67daef3217d11c0b3847161516e42, cached=false, source=0, resourceid=0xbcde05a0
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECC6552E1, sigsha=1e8a84109bcde56ebeecccf74c8d042db25ba22e, cached=false, source=0, resourceid=0x02ff26fc
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECDCAB20D, sigsha=2a708cccf7b10a25013c0b5951b1bcc086a137c8, cached=false, source=0, resourceid=0xcbca40f4
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECDCAB20D, sigsha=2a708cccf7b10a25013c0b5951b1bcc086a137c8, cached=false, source=0, resourceid=0xcbca40f4
Internal signature match:subtype=Lowfi, sigseq=0x0000157EEC3031B1, sigsha=484ff45b062a05fdfd2aed0ab50162f3c2f98bea, cached=false, source=0, resourceid=0x37222bc5
Internal signature match:subtype=Lowfi, sigseq=0x0000157EEA786CA8, sigsha=a2fc528fee7ddb3c88277c46b47c22b503e76414, cached=false, source=0, resourceid=0x8c7f4ecf
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFF66D8B3, sigsha=b18ac04960b00615dd23a091347ebae4802b598c, cached=false, source=0, resourceid=0x4821cd50
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFF66D8B3, sigsha=b18ac04960b00615dd23a091347ebae4802b598c, cached=false, source=0, resourceid=0xa5e5ce73
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECB72A263, sigsha=09b8e7963e285222b7450f7c250ef1b5ef80564d, cached=true, source=0, resourceid=0xca8edb0b
Internal signature match:subtype=Lowfi, sigseq=0x0000157E381F8229, sigsha=6b69659e67ee19a6227bb907abbe934e1558dd34, cached=true, source=0, resourceid=0x951a9356
Internal signature match:subtype=Lowfi, sigseq=0x0000157EC4FC4E35, sigsha=780fc713e0ea52224f8e480e6af71da30c2d0712, cached=true, source=0, resourceid=0x5fbbc9aa
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1000E17, sigsha=8f6d8fbdf991962cf3774f437df054d8a7aa0083, cached=true, source=0, resourceid=0x8cea8a4e
Internal signature match:subtype=Lowfi, sigseq=0x0000157EBFD63A3C, sigsha=da228b5bfa62c193892de11371a67df767c015a4, cached=true, source=0, resourceid=0xa51d6dbe
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6A0AA170, sigsha=01870a328d90d0a14a72d4a70eaf848bfb74cc34, cached=false, source=0, resourceid=0x92245a84
Internal signature match:subtype=Lowfi, sigseq=0x0000157E24EB7486, sigsha=6b889191347426627fff191c86ec6f908b23161b, cached=true, source=0, resourceid=0x59285dc6
Internal signature match:subtype=Lowfi, sigseq=0x0000157E98A01513, sigsha=ef7806d4b860b3c08806514cc19b3043411796fa, cached=false, source=0, resourceid=0xbd101bb6
Internal signature match:subtype=Lowfi, sigseq=0x0000157E87546BA4, sigsha=0cb9573acf126a103242ad7bc4492189a92a3875, cached=false, source=0, resourceid=0x1a2d6575
Internal signature match:subtype=Lowfi, sigseq=0x0000157E87546BA4, sigsha=0cb9573acf126a103242ad7bc4492189a92a3875, cached=false, source=0, resourceid=0x1a2d6575
Internal signature match:subtype=Lowfi, sigseq=0x0000157E31B92500, sigsha=77ec830a8a36bfe7b4651e213b11e7b1f7f8a3f1, cached=false, source=0, resourceid=0x78429977
Internal signature match:subtype=Lowfi, sigseq=0x0000157E37B37A21, sigsha=be3dc383bc974813a010dd2b2bed69ce983af6e3, cached=false, source=0, resourceid=0xbeba801f
Internal signature match:subtype=Lowfi, sigseq=0x00001080D01FBA5A, sigsha=e6c2accdafd5734e314e80f77f16c5a5cbeae60b, cached=false, source=0, resourceid=0x084edc95
Internal signature match:subtype=Lowfi, sigseq=0x00001080E4857F5C, sigsha=787f0d722106e7f7a782d4a2c1bcb7dd9304ff74, cached=false, source=0, resourceid=0x01b14488
Internal signature match:subtype=Lowfi, sigseq=0x0000157E680674BC, sigsha=e6f877f6dbc26267ff8ca3e8f3b50841b0944fdd, cached=false, source=0, resourceid=0x943bc92e
Internal signature match:subtype=Lowfi, sigseq=0x0000E5E711B2AB39, sigsha=81aa596ffe243ce47b78e77b4f9e92c4e075f336, cached=false, source=0, resourceid=0xb49f25b9
2024-01-06T16:55:33.251Z [Cloud] Engine is requesting config to do cloud query [regular network].
Internal signature match:subtype=Lowfi, sigseq=0x0000157E592232A9, sigsha=633e65d2536ea439f8ee7e3aa0bd4277d47b9b29, cached=false, source=0, resourceid=0xe6043ca1
2024-01-06T16:55:36.220Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.880Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.880Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.880Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.895Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.911Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.911Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.911Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.911Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.911Z [Cloud] Engine is requesting config to do cloud query [regular network].
2024-01-06T16:55:53.911Z Service stop requested (ServiceError: 0x0). Calling CleanupMpService ...
2024-01-06T16:55:54.005Z Unloaded module#0 MpComServer.
Microsoft Antimalware (F7F4CD20-7371-4319-B1DB-6FCFC68573EC) Log
Stopped On 01-06-2024 17:55:54 (Exit Code = 0x0)
************************************************************

Publicité


Signaler le contenu de ce document

Publicité