ViErus0815 | 17.12.2021 16:59 | Ne, zumindest nicht in denen von FRST, jedoch aber im Defender Log. Vielleicht hilft das weiter? Code:
2021-12-16T11:59:45.381Z [Cloud] End of cloud request.
2021-12-16T11:59:45.406Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T11:59:45.407Z [MpRtp] Engine VFZ block: \Device\HarddiskVolume3\Users\vieru\Downloads\Activate-it.exe. status=0x8070022, statusex=0x102, threatid=0x8003d7d1, sigseq=0x26671bce5233
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T11:59:45.433Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T11:59:45.451Z SDN:Issuing SDN query for \\?\C:\Users\vieru\Downloads\Activate-it.exe (\\?\C:\Users\vieru\Downloads\Activate-it.exe) (sha1=9752ab4c2fee84880708ea9f8340ef671f52accb, sha2=c04b66f2274a84268dc7c7e7b9e98f706fa9ff1a1f1726c2f822115e2d8f2378)
2021-12-16T11:59:45.451Z [Cloud] SubmitReport(CMpSpyDssContext), ShouldSendEvenOnPaidNetworks: 1
2021-12-16T11:59:45.452Z [Cloud] Start of cloud request. Passive mode: 0
2021-12-16T11:59:45.452Z [Cloud] Queued cloud request.
2021-12-16T11:59:45.452Z [Cloud] MpEngineCloudRequest(). hr = 0
2021-12-16T11:59:45.452Z [Cloud] Dequeued cloud request.
2021-12-16T11:59:45.452Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0
2021-12-16T11:59:45.534Z SDN:SDN query completed: 00000000
2021-12-16T11:59:45.534Z [Cloud] End of cloud request.
Begin Resource Scan
Scan ID:{061AEC04-DB03-410B-A6AE-873763007AE6}
Scan Source:3
Start Time:12-16-2021 12:59:45
End Time:12-16-2021 12:59:45
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************
2021-12-16T11:59:45.538Z DETECTIONEVENT MPSOURCE_REALTIME Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T11:59:45.538Z DETECTION_ADD#1 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe
2021-12-16T11:59:45.538Z [RoutineClean] New detection added. Routine cleaning timer scheduled to fire in 4868 milliseconds. 1 detections to be cleaned.
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=2, resourceid=0xa5a20f8d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1104DD1B, sigsha=604d589694ea894637aec1e949960ff3ee003f79, cached=true, source=2, resourceid=0xa5a20f8d
2021-12-16T11:59:48.086Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T11:59:48.097Z [MpRtp] Engine VFZ block: \Device\HarddiskVolume3\Users\vieru\Downloads\Activate-it.exe. status=0x8070022, statusex=0x102, threatid=0x8003d7d1, sigseq=0x26671bce5233
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T11:59:48.124Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{3F4DCAF1-5BE8-482F-B1A3-58298E746EA4}
Scan Source:3
Start Time:12-16-2021 12:59:48
End Time:12-16-2021 12:59:48
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************
2021-12-16T11:59:50.421Z [RoutineClean] Cleaning 1 detections
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T11:59:50.449Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{9B0029F4-2CC8-458E-BF21-BB9A1EA73BEF}
Scan Source:6
Start Time:12-16-2021 12:59:50
End Time:12-16-2021 12:59:50
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T11:59:50.490Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T11:59:52.470Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T11:59:52.471Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T11:59:52.471Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T11:59:54.483Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T11:59:54.484Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T11:59:54.484Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T11:59:56.500Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T11:59:56.500Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T11:59:56.501Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T11:59:59.787Z UtilCleanOpen MPSOURCE_USER, cleaning 1 threats, hr = 0x80508023
Begin Resource Scan
Scan ID:{8F5733EE-5A0B-4E49-9BF4-3F736C75B271}
Scan Source:6
Start Time:12-16-2021 12:59:50
End Time:12-16-2021 12:59:59
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************
FileName:C:\Users\vieru\Downloads\Activate-it.exe
SHA1:9752ab4c2fee84880708ea9f8340ef671f52accb
2021-12-16T12:00:00.068Z DETECTION_CLEANEVENT MPSOURCE_REALTIME MP_THREAT_ACTION_QUARANTINE 0 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:00:00.076Z [Cloud] SubmitReport(CMpSpyNetReportContext - post clean)
2021-12-16T12:00:00.076Z [Cloud] Start of cloud request. Passive mode: 0
2021-12-16T12:00:00.076Z [Cloud] Queued cloud request.
2021-12-16T12:00:00.076Z [Cloud] Dequeued cloud request.
Beginning threat actions
Start time:12-16-2021 13:00:00
Threat Name:Trojan:Win32/Wacatac.B!ml
Threat ID:2147735505
Action:quarantine
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
File to act on SHA1:9752AB4C2FEE84880708EA9F8340EF671F52ACCB
File owner:*******\vieru
Action remove successful on file:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
Finished threat ID:2147735505
Threat result:0
Threat status flags:0
Threat Effective RemovalPolicy:128
Finished threat actions
End time:12-16-2021 13:00:00
Result:0
2021-12-16T12:00:00.076Z [RoutineClean] Routine cleaning completed successfully on 1 detections.
2021-12-16T12:00:00.084Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0
2021-12-16T12:00:00.134Z [Cloud] MpEngineParseSpyNetResponse(). hr = 0
2021-12-16T12:00:00.134Z [Cloud] End of cloud request.
2021-12-16T12:00:02.089Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:00:02.089Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:00:02.090Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=2, resourceid=0xa5a20f8d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1104DD1B, sigsha=604d589694ea894637aec1e949960ff3ee003f79, cached=true, source=2, resourceid=0xa5a20f8d
2021-12-16T12:00:05.431Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:00:05.431Z [MpRtp] Engine VFZ block: \Device\HarddiskVolume3\Users\vieru\Downloads\Activate-it.exe. status=0x8070022, statusex=0x102, threatid=0x8003d7d1, sigseq=0x26671bce5233
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:00:05.459Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{7FC2E7B4-978D-4E8C-A007-2BFE5DCCF364}
Scan Source:3
Start Time:12-16-2021 13:00:05
End Time:12-16-2021 13:00:05
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************
2021-12-16T12:00:05.474Z DETECTIONEVENT MPSOURCE_REALTIME Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:00:05.474Z DETECTION_ADD#1 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe
2021-12-16T12:00:05.474Z [RoutineClean] New detection added. Routine cleaning timer scheduled to fire in 4957 milliseconds. 1 detections to be cleaned.
2021-12-16T12:00:10.443Z [RoutineClean] Cleaning 1 detections
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:00:10.470Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{2A6FA2F6-8B46-4E75-8ABE-7C10728E5019}
Scan Source:6
Start Time:12-16-2021 13:00:10
End Time:12-16-2021 13:00:10
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:00:10.513Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:00:11.832Z UtilCleanOpen MPSOURCE_USER, cleaning 1 threats, hr = 0x80508023
2021-12-16T12:00:12.492Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:00:12.493Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:00:12.493Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:00:14.886Z [SFC] MpCmIsBuildPermissible(1) returns S_OK. Start SFC build.
2021-12-16T12:00:14.886Z [SFC] System file cache build is not needed (already completed)
Begin Resource Scan
Scan ID:{B31B23D1-CDAF-4C20-AEE7-D353CCFBDB81}
Scan Source:6
Start Time:12-16-2021 13:00:10
End Time:12-16-2021 13:00:15
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************
FileName:C:\Users\vieru\Downloads\Activate-it.exe
SHA1:9752ab4c2fee84880708ea9f8340ef671f52accb
2021-12-16T12:00:15.761Z DETECTION_CLEANEVENT MPSOURCE_REALTIME MP_THREAT_ACTION_QUARANTINE 0 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:00:15.763Z [Cloud] SubmitReport(CMpSpyNetReportContext - post clean)
2021-12-16T12:00:15.763Z [Cloud] Start of cloud request. Passive mode: 0
2021-12-16T12:00:15.763Z [Cloud] Queued cloud request.
2021-12-16T12:00:15.763Z [Cloud] Dequeued cloud request.
Beginning threat actions
Start time:12-16-2021 13:00:15
Threat Name:Trojan:Win32/Wacatac.B!ml
Threat ID:2147735505
Action:quarantine
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
File to act on SHA1:9752AB4C2FEE84880708EA9F8340EF671F52ACCB
File owner:*******\vieru
Action remove successful on file:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
Finished threat ID:2147735505
Threat result:0
Threat status flags:0
Threat Effective RemovalPolicy:128
Finished threat actions
End time:12-16-2021 13:00:15
Result:0
2021-12-16T12:00:15.763Z [RoutineClean] Routine cleaning completed successfully on 1 detections.
2021-12-16T12:00:15.772Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0
2021-12-16T12:00:15.901Z [Cloud] MpEngineParseSpyNetResponse(). hr = 0
2021-12-16T12:00:15.901Z [Cloud] End of cloud request.
2021-12-16T12:00:16.988Z [Mini-Filter] Blocked rename of \Users\vieru\Downloads\Activate-it.exe as it is infected
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=2, resourceid=0xa5a20f8d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1104DD1B, sigsha=604d589694ea894637aec1e949960ff3ee003f79, cached=true, source=2, resourceid=0xa5a20f8d
2021-12-16T12:00:17.020Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:00:17.020Z [MpRtp] Engine VFZ block: \Device\HarddiskVolume3\Users\vieru\Downloads\Activate-it.exe. status=0x8070022, statusex=0x102, threatid=0x8003d7d1, sigseq=0x26671bce5233
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:00:17.049Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{1E096C92-46D6-4392-9C4C-90FF5D479BD3}
Scan Source:3
Start Time:12-16-2021 13:00:17
End Time:12-16-2021 13:00:17
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************
2021-12-16T12:00:17.064Z DETECTIONEVENT MPSOURCE_REALTIME Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:00:17.064Z DETECTION_ADD#1 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe
2021-12-16T12:00:17.064Z [RoutineClean] New detection added. Routine cleaning timer scheduled to fire in 4955 milliseconds. 1 detections to be cleaned.
2021-12-16T12:00:17.777Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:00:17.777Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:00:17.778Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:00:19.065Z [Mini-Filter] Blocked rename of \Users\vieru\Downloads\Activate-it.exe as it is infected
Internal signature match:subtype=Lowfi, sigseq=0x000010803F8A68B6, sigsha=0d3673bb431352020de83988c86b361fcdaf017f, cached=false, source=0, resourceid=0xe2f95ec7
Internal signature match:subtype=Lowfi, sigseq=0x00001080E79BF4F0, sigsha=3b6774368da489b60074063fce18866057be36d3, cached=false, source=0, resourceid=0xe2f95ec7
2021-12-16T12:00:22.032Z [RoutineClean] Cleaning 1 detections
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:00:22.058Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{287749D1-A954-4E34-9BE8-5342B892DF6F}
Scan Source:6
Start Time:12-16-2021 13:00:22
End Time:12-16-2021 13:00:22
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:00:22.101Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:00:24.081Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:00:24.082Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:00:24.083Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
Begin Resource Scan
Scan ID:{28C581ED-B4F2-4F57-9871-6F3895B59825}
Scan Source:6
Start Time:12-16-2021 13:00:22
End Time:12-16-2021 13:00:27
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************
FileName:C:\Users\vieru\Downloads\Activate-it.exe
SHA1:9752ab4c2fee84880708ea9f8340ef671f52accb
2021-12-16T12:00:27.434Z DETECTION_CLEANEVENT MPSOURCE_REALTIME MP_THREAT_ACTION_QUARANTINE 0 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:00:27.436Z [Cloud] SubmitReport(CMpSpyNetReportContext - post clean)
2021-12-16T12:00:27.436Z [Cloud] Start of cloud request. Passive mode: 0
2021-12-16T12:00:27.436Z [Cloud] Queued cloud request.
2021-12-16T12:00:27.436Z [Cloud] Dequeued cloud request.
Beginning threat actions
Start time:12-16-2021 13:00:27
Threat Name:Trojan:Win32/Wacatac.B!ml
Threat ID:2147735505
Action:quarantine
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
File to act on SHA1:9752AB4C2FEE84880708EA9F8340EF671F52ACCB
File owner:*******\vieru
Action remove successful on file:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
Finished threat ID:2147735505
Threat result:0
Threat status flags:0
Threat Effective RemovalPolicy:128
Finished threat actions
End time:12-16-2021 13:00:27
Result:0
2021-12-16T12:00:27.437Z [RoutineClean] Routine cleaning completed successfully on 1 detections.
2021-12-16T12:00:27.445Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0
2021-12-16T12:00:27.523Z [Cloud] MpEngineParseSpyNetResponse(). hr = 0
2021-12-16T12:00:27.523Z [Cloud] End of cloud request.
2021-12-16T12:00:29.450Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:00:29.450Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:00:29.451Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:00:30.106Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:00:30.125Z DETECTIONEVENT MPSOURCE_SYSTEM Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:00:30.126Z DETECTION_ADD#1 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe
Begin Resource Scan
Scan ID:{3C3E0C60-0861-4EAF-9540-541D689A4DFD}
Scan Source:10
Start Time:12-16-2021 13:00:30
End Time:12-16-2021 13:00:30
Explicit resource to scan
Resource Schema:samplefileremediationcheckpoint
Resource Path:D719C219E3C8EE8BB4ACB8A02ED0A374
Result Count:2
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
Unknown File
Identifier:567862423197843454
Number of Resources:1
Resource Schema:samplefileremediationcheckpoint
Resource Path:D719C219E3C8EE8BB4ACB8A02ED0A374
Extended Info - SigSeq:0000000000000000
Extended Info - SigSha:da39a3ee5e6b4b0d3255bfef95601890afd80709
End Scan
************************************************************
2021-12-16T12:00:30.126Z [RoutineClean] New detection added. Routine cleaning timer scheduled to fire in 4998 milliseconds. 1 detections to be cleaned.
2021-12-16T12:00:30.141Z UnknownTelemetryScan triggered, type: 1 (1 - Unknown, 2- Lofi), flags: 0 (0 - Regular, 1 - MemScan), 1 resources, RtpIoavOnly: FALSE
2021-12-16T12:00:30.161Z [Cloud] SubmitReport(CMpUnknownSpyNetReportContext)
2021-12-16T12:00:30.161Z [Cloud] Start of cloud request. Passive mode: 0
2021-12-16T12:00:30.161Z [Cloud] Queued cloud request.
2021-12-16T12:00:30.161Z [Cloud] Dequeued cloud request.
2021-12-16T12:00:30.170Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0
2021-12-16T12:00:30.183Z [Cloud] MpEngineParseSpyNetResponse(). hr = 0
2021-12-16T12:00:30.183Z [Cloud] End of cloud request.
2021-12-16T12:00:33.618Z UtilCleanOpen MPSOURCE_USER, cleaning 1 threats, hr = 0x0
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:00:33.649Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:00:35.131Z [RoutineClean] Threat status changed to 0x40 (threatId: 8003d7d1). Skipping automatic remediation.
Internal signature match:subtype=Lowfi, sigseq=0x00003B9663B694BC, sigsha=453d7010a1da1384f3668f77d4026c6d12766501, cached=false, source=0, resourceid=0xf810c38e
2021-12-16T12:00:38.337Z [Mini-Filter] Blocked rename of \Users\vieru\Downloads\Activate-it.exe as it is infected
2021-12-16T12:00:38.338Z [Mini-filter] Unsuccessful scan status(#230): \Device\HarddiskVolume3\$Recycle.Bin\S-1-5-21-84713171-1761078591-1079883020-1001\$IKT40OL.exe. Process: \Device\HarddiskVolume3\Windows\explorer.exe, Status: 0xc0000001, State: 0, ScanRequest #13579, FileId: 0x1100000002ad49, Reason: OnClose, IoStatusBlockForNewFile: 0x2, DesiredAccess:0x0, FileAttributes:0x20, ScanAttributes:0x10, AccessStateFlags:0x801, BackingFileInfo: 0x0, 0x0, 0x0:0\0x0:0
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=2, resourceid=0xa5a20f8d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1104DD1B, sigsha=604d589694ea894637aec1e949960ff3ee003f79, cached=true, source=2, resourceid=0xa5a20f8d
2021-12-16T12:00:38.368Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:00:38.369Z [MpRtp] Engine VFZ block: \Device\HarddiskVolume3\Users\vieru\Downloads\Activate-it.exe. status=0x8070022, statusex=0x102, threatid=0x8003d7d1, sigseq=0x26671bce5233
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:00:38.395Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{7CB8DC55-2590-47BB-82F6-6B1EBB726B1F}
Scan Source:3
Start Time:12-16-2021 13:00:38
End Time:12-16-2021 13:00:38
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************
2021-12-16T12:00:38.408Z DETECTIONEVENT MPSOURCE_REALTIME Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:00:38.408Z DETECTION_ADD#1 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe
Begin Resource Scan
Scan ID:{9EA783B0-7E8E-4685-84AC-10030482353C}
Scan Source:6
Start Time:12-16-2021 13:00:33
End Time:12-16-2021 13:00:38
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************
FileName:C:\Users\vieru\Downloads\Activate-it.exe
SHA1:9752ab4c2fee84880708ea9f8340ef671f52accb
2021-12-16T12:00:38.940Z DETECTION_CLEANEVENT MPSOURCE_SYSTEM MP_THREAT_ACTION_REMOVE 0 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:00:38.942Z [Cloud] SubmitReport(CMpSpyNetReportContext - post clean)
2021-12-16T12:00:38.942Z [Cloud] Start of cloud request. Passive mode: 0
2021-12-16T12:00:38.942Z [Cloud] Queued cloud request.
2021-12-16T12:00:38.942Z [Cloud] Dequeued cloud request.
2021-12-16T12:00:38.943Z DETECTIONEVENT MPSOURCE_REALTIME Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:00:38.943Z [RoutineClean] New detection added. Routine cleaning timer scheduled to fire in 4426 milliseconds. 1 detections to be cleaned.
2021-12-16T12:00:38.953Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0
2021-12-16T12:00:39.049Z [Cloud] MpEngineParseSpyNetResponse(). hr = 0
2021-12-16T12:00:39.050Z [Cloud] End of cloud request.
2021-12-16T12:00:39.800Z [Mini-Filter] Blocked rename of \Users\vieru\Downloads\Activate-it.exe as it is infected
2021-12-16T12:00:42.464Z [Mini-Filter] Blocked rename of \Users\vieru\Downloads\Activate-it.exe as it is infected
2021-12-16T12:00:43.371Z [RoutineClean] Cleaning 1 detections
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:00:43.397Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:00:43.409Z [Mini-Filter] Blocked rename of \Users\vieru\Downloads\Activate-it.exe as it is infected
Begin Resource Scan
Scan ID:{787329AC-EDA4-4A8A-8B29-02C717CF2521}
Scan Source:6
Start Time:12-16-2021 13:00:43
End Time:12-16-2021 13:00:43
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=2, resourceid=0xa5a20f8d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1104DD1B, sigsha=604d589694ea894637aec1e949960ff3ee003f79, cached=true, source=2, resourceid=0xa5a20f8d
2021-12-16T12:00:43.440Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:00:43.440Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:00:43.441Z [MpRtp] Engine VFZ block: \Device\HarddiskVolume3\Users\vieru\Downloads\Activate-it.exe. status=0x8070022, statusex=0x102, threatid=0x8003d7d1, sigseq=0x26671bce5233
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:00:43.467Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{84DB194D-5113-4142-BBC4-ACDC5C36E664}
Scan Source:3
Start Time:12-16-2021 13:00:43
End Time:12-16-2021 13:00:43
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************
2021-12-16T12:00:43.480Z DETECTIONEVENT MPSOURCE_REALTIME Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:00:43.481Z DETECTION_ADD#1 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe
2021-12-16T12:00:44.926Z [Mini-Filter] Blocked rename of \Users\vieru\Downloads\Activate-it.exe as it is infected
2021-12-16T12:00:45.420Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:00:45.421Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:00:45.421Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
Begin Resource Scan
Scan ID:{AA5645EF-2F1D-4287-BEDB-9FA9784E1F74}
Scan Source:6
Start Time:12-16-2021 13:00:43
End Time:12-16-2021 13:00:48
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************
FileName:C:\Users\vieru\Downloads\Activate-it.exe
SHA1:9752ab4c2fee84880708ea9f8340ef671f52accb
2021-12-16T12:00:48.824Z DETECTION_CLEANEVENT MPSOURCE_REALTIME MP_THREAT_ACTION_QUARANTINE 0 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:00:48.832Z [Cloud] SubmitReport(CMpSpyNetReportContext - post clean)
2021-12-16T12:00:48.832Z [Cloud] Start of cloud request. Passive mode: 0
2021-12-16T12:00:48.832Z [Cloud] Queued cloud request.
2021-12-16T12:00:48.832Z [Cloud] Dequeued cloud request.
Beginning threat actions
Start time:12-16-2021 13:00:48
Threat Name:Trojan:Win32/Wacatac.B!ml
Threat ID:2147735505
Action:quarantine
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
File to act on SHA1:9752AB4C2FEE84880708EA9F8340EF671F52ACCB
File owner:*******\vieru
Action remove successful on file:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
Finished threat ID:2147735505
Threat result:0
Threat status flags:0
Threat Effective RemovalPolicy:128
Finished threat actions
End time:12-16-2021 13:00:48
Result:0
2021-12-16T12:00:48.832Z [RoutineClean] Routine cleaning completed successfully on 1 detections.
2021-12-16T12:00:48.842Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0
2021-12-16T12:00:48.945Z [Cloud] MpEngineParseSpyNetResponse(). hr = 0
2021-12-16T12:00:48.945Z [Cloud] End of cloud request.
2021-12-16T12:00:50.835Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:00:50.836Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:00:50.836Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
Beginning threat actions
Start time:12-16-2021 13:00:38
Threat Name:Trojan:Win32/Wacatac.B!ml
Threat ID:2147735505
Action:remove
File to act on SHA1:9752AB4C2FEE84880708EA9F8340EF671F52ACCB
File owner:*******\vieru
Action remove successful on file:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
Finished threat ID:2147735505
Threat result:0
Threat status flags:0
Threat Effective RemovalPolicy:128
Finished threat actions
End time:12-16-2021 13:00:38
Result:0
2021-12-16T12:00:53.217Z UtilCleanOpen MPSOURCE_USER, cleaning 1 threats, hr = 0x80508023
2021-12-16T12:01:00.445Z [Mini-Filter] Blocked rename of \Users\vieru\Downloads\Activate-it.exe as it is infected
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=2, resourceid=0xa5a20f8d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1104DD1B, sigsha=604d589694ea894637aec1e949960ff3ee003f79, cached=true, source=2, resourceid=0xa5a20f8d
2021-12-16T12:01:00.474Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:01:00.475Z [MpRtp] Engine VFZ block: \Device\HarddiskVolume3\Users\vieru\Downloads\Activate-it.exe. status=0x8070022, statusex=0x102, threatid=0x8003d7d1, sigseq=0x26671bce5233
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:01:00.500Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{4872C2AC-8BBB-4FB1-9527-9E9EE3E6EA08}
Scan Source:3
Start Time:12-16-2021 13:01:00
End Time:12-16-2021 13:01:00
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************
2021-12-16T12:01:00.513Z DETECTIONEVENT MPSOURCE_REALTIME Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:01:00.514Z DETECTION_ADD#1 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe
2021-12-16T12:01:00.514Z [RoutineClean] New detection added. Routine cleaning timer scheduled to fire in 4960 milliseconds. 1 detections to be cleaned.
2021-12-16T12:01:01.802Z [Mini-Filter] Blocked rename of \Users\vieru\Downloads\Activate-it.exe as it is infected
Internal signature match:subtype=Lowfi, sigseq=0x00003B9663B694BC, sigsha=453d7010a1da1384f3668f77d4026c6d12766501, cached=true, source=0, resourceid=0x2440a323
2021-12-16T12:01:05.483Z [RoutineClean] Cleaning 1 detections
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:01:05.509Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{ECB046ED-C85D-44E2-895B-12BC3C967789}
Scan Source:6
Start Time:12-16-2021 13:01:05
End Time:12-16-2021 13:01:05
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:01:05.552Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:01:07.532Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:01:07.533Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:01:07.533Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
Begin Resource Scan
Scan ID:{3E5FC2A9-ED61-4B7A-A094-7350C9FB7DB7}
Scan Source:6
Start Time:12-16-2021 13:01:05
End Time:12-16-2021 13:01:10
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************
FileName:C:\Users\vieru\Downloads\Activate-it.exe
SHA1:9752ab4c2fee84880708ea9f8340ef671f52accb
2021-12-16T12:01:10.878Z DETECTION_CLEANEVENT MPSOURCE_REALTIME MP_THREAT_ACTION_QUARANTINE 0 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:01:10.880Z [Cloud] SubmitReport(CMpSpyNetReportContext - post clean)
2021-12-16T12:01:10.880Z [Cloud] Start of cloud request. Passive mode: 0
2021-12-16T12:01:10.880Z [Cloud] Queued cloud request.
2021-12-16T12:01:10.880Z [Cloud] Dequeued cloud request.
Beginning threat actions
Start time:12-16-2021 13:01:10
Threat Name:Trojan:Win32/Wacatac.B!ml
Threat ID:2147735505
Action:quarantine
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
File to act on SHA1:9752AB4C2FEE84880708EA9F8340EF671F52ACCB
File owner:*******\vieru
Action remove successful on file:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
Finished threat ID:2147735505
Threat result:0
Threat status flags:0
Threat Effective RemovalPolicy:128
Finished threat actions
End time:12-16-2021 13:01:10
Result:0
2021-12-16T12:01:10.880Z [RoutineClean] Routine cleaning completed successfully on 1 detections.
2021-12-16T12:01:10.889Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0
2021-12-16T12:01:11.004Z [Cloud] MpEngineParseSpyNetResponse(). hr = 0
2021-12-16T12:01:11.004Z [Cloud] End of cloud request.
2021-12-16T12:01:12.247Z Engine:Triggered AR EMS scan
2021-12-16T12:01:12.250Z Engine:EMS scan for process: lsass pid: 1016, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.261Z Engine:EMS scan for process: svchost pid: 1032, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.273Z Engine:EMS scan for process: svchost pid: 1136, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.275Z Engine:EMS scan for process: svchost pid: 1176, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.277Z Engine:EMS scan for process: svchost pid: 1492, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.279Z Engine:EMS scan for process: svchost pid: 1508, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.281Z Engine:EMS scan for process: svchost pid: 1560, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.285Z Engine:EMS scan for process: svchost pid: 1612, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.286Z Engine:EMS scan for process: svchost pid: 1660, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.287Z Engine:EMS scan for process: svchost pid: 1712, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.292Z Engine:EMS scan for process: svchost pid: 1760, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.293Z Engine:EMS scan for process: svchost pid: 1852, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.296Z Engine:EMS scan for process: svchost pid: 1984, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.297Z Engine:EMS scan for process: svchost pid: 1780, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.299Z Engine:EMS scan for process: svchost pid: 1736, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.300Z Engine:EMS scan for process: svchost pid: 2084, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.301Z Engine:EMS scan for process: svchost pid: 2092, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.303Z Engine:EMS scan for process: svchost pid: 2100, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.304Z Engine:EMS scan for process: svchost pid: 2352, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.306Z Engine:EMS scan for process: svchost pid: 2364, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.308Z Engine:EMS scan for process: svchost pid: 2416, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.311Z Engine:EMS scan for process: svchost pid: 2424, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.313Z Engine:EMS scan for process: svchost pid: 2432, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.314Z Engine:EMS scan for process: svchost pid: 2548, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.315Z Engine:EMS scan for process: svchost pid: 2792, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.323Z Engine:EMS scan for process: svchost pid: 2884, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.328Z Engine:EMS scan for process: svchost pid: 2940, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.332Z Engine:EMS scan for process: svchost pid: 3032, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.333Z Engine:EMS scan for process: svchost pid: 3040, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.336Z Engine:EMS scan for process: svchost pid: 2504, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.339Z Engine:EMS scan for process: svchost pid: 3228, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.343Z Engine:EMS scan for process: svchost pid: 3324, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.344Z Engine:EMS scan for process: svchost pid: 3496, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.347Z Engine:EMS scan for process: svchost pid: 3504, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.351Z Engine:EMS scan for process: svchost pid: 3516, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.352Z Engine:EMS scan for process: svchost pid: 3524, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.353Z Engine:EMS scan for process: svchost pid: 3532, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.364Z Engine:EMS scan for process: svchost pid: 3544, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.366Z Engine:EMS scan for process: svchost pid: 3552, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.370Z Engine:EMS scan for process: svchost pid: 3560, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.375Z Engine:EMS scan for process: svchost pid: 4020, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.378Z Engine:EMS scan for process: svchost pid: 3760, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.381Z Engine:EMS scan for process: svchost pid: 4220, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.383Z Engine:EMS scan for process: svchost pid: 5388, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.387Z Engine:EMS scan for process: svchost pid: 5660, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.389Z Engine:EMS scan for process: svchost pid: 5360, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.390Z Engine:EMS scan for process: svchost pid: 5308, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.395Z Engine:EMS scan for process: svchost pid: 6392, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.403Z Engine:EMS scan for process: svchost pid: 6584, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.417Z Engine:EMS scan for process: svchost pid: 6332, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.419Z Engine:EMS scan for process: svchost pid: 10484, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.420Z Engine:EMS scan for process: svchost pid: 11352, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.423Z Engine:EMS scan for process: svchost pid: 12904, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.425Z Engine:EMS scan for process: svchost pid: 12752, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.426Z Engine:EMS scan for process: svchost pid: 4484, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.428Z Engine:EMS scan for process: svchost pid: 8936, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.430Z Engine:EMS scan for process: svchost pid: 11780, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.433Z Engine:EMS scan for process: svchost pid: 4136, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.444Z Engine:EMS scan for process: svchost pid: 6524, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.446Z Engine:EMS scan for process: svchost pid: 7788, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.455Z Engine:EMS scan for process: svchost pid: 16160, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.456Z Engine:EMS scan for process: svchost pid: 8292, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.464Z Engine:EMS scan for process: svchost pid: 14376, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.466Z Engine:EMS scan for process: svchost pid: 7864, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.467Z Engine:EMS scan for process: svchost pid: 7308, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.473Z Engine:EMS scan for process: svchost pid: 9652, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.473Z Bm signature throttled:0x000019b3378537b0
2021-12-16T12:01:12.493Z Engine:EMS scan for process: explorer pid: 15060, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.692Z Engine:EMS scan for process: svchost pid: 15808, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.702Z Engine:EMS scan for process: svchost pid: 11444, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.702Z Bm signature throttled:0x000019b3378537b0
2021-12-16T12:01:12.702Z Engine:EMS scan for process: dllhost pid: 9756, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.703Z Bm signature throttled:0x000019b3378537b0
2021-12-16T12:01:12.704Z Engine:EMS scan for process: svchost pid: 8732, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.706Z Engine:EMS scan for process: svchost pid: 5684, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.707Z Engine:EMS scan for process: svchost pid: 12252, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.736Z Engine:EMS scan for process: svchost pid: 14872, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.739Z Engine:EMS scan for process: svchost pid: 13376, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.745Z Engine:EMS scan for process: dllhost pid: 9836, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.747Z Engine:EMS scan for process: dllhost pid: 3248, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.748Z Engine:EMS scan for process: svchost pid: 12884, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.749Z Engine:EMS scan for process: svchost pid: 15164, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.753Z Engine:EMS scan for process: svchost pid: 17256, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.761Z Engine:EMS scan for process: svchost pid: 7640, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:01:12.888Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:01:12.889Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:01:12.889Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:01:18.860Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:01:18.879Z DETECTIONEVENT MPSOURCE_SYSTEM Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:01:18.880Z DETECTION_ADD#1 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe
Begin Resource Scan
Scan ID:{8307B78B-BB6C-4165-8EC9-47D8903B3522}
Scan Source:10
Start Time:12-16-2021 13:01:18
End Time:12-16-2021 13:01:18
Explicit resource to scan
Resource Schema:samplefileremediationcheckpoint
Resource Path:0309F47D4FDD96E283A53D335977990A
Result Count:2
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
Unknown File
Identifier:6050605033735585790
Number of Resources:1
Resource Schema:samplefileremediationcheckpoint
Resource Path:0309F47D4FDD96E283A53D335977990A
Extended Info - SigSeq:0000000000000000
Extended Info - SigSha:da39a3ee5e6b4b0d3255bfef95601890afd80709
End Scan
************************************************************
2021-12-16T12:01:18.880Z [RoutineClean] New detection added. Routine cleaning timer scheduled to fire in 4998 milliseconds. 1 detections to be cleaned.
2021-12-16T12:01:18.895Z UnknownTelemetryScan triggered, type: 1 (1 - Unknown, 2- Lofi), flags: 0 (0 - Regular, 1 - MemScan), 1 resources, RtpIoavOnly: FALSE
2021-12-16T12:01:18.902Z [Cloud] SubmitReport(CMpUnknownSpyNetReportContext)
2021-12-16T12:01:18.902Z [Cloud] Start of cloud request. Passive mode: 0
2021-12-16T12:01:18.902Z [Cloud] Queued cloud request.
2021-12-16T12:01:18.902Z [Cloud] Dequeued cloud request.
2021-12-16T12:01:18.908Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0
2021-12-16T12:01:18.920Z [Cloud] MpEngineParseSpyNetResponse(). hr = 0
2021-12-16T12:01:18.920Z [Cloud] End of cloud request.
Internal signature match:subtype=Lowfi, sigseq=0x0000E5E711B2AB39, sigsha=81aa596ffe243ce47b78e77b4f9e92c4e075f336, cached=false, source=0, resourceid=0x59305e1a
2021-12-16T12:01:23.886Z [RoutineClean] Cleaning 1 detections
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:01:23.913Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{97E74903-D631-42BC-981D-18B0AA81B76F}
Scan Source:6
Start Time:12-16-2021 13:01:23
End Time:12-16-2021 13:01:23
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:01:23.956Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:01:25.935Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:01:25.936Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:01:25.936Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:01:26.572Z [RtpConfig] Config change detected, type: 32
2021-12-16T12:01:26.572Z Duplicating the current plugin configuration object...
2021-12-16T12:01:26.572Z CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ...
2021-12-16T12:01:26.572Z Updating plugin configuration due to recent config changes (0x20) ...
2021-12-16T12:01:26.572Z No config change detected. Not updating plugin configuration.
2021-12-16T12:01:26.572Z No config changes found. No configuration switch.
2021-12-16T12:01:26.572Z RefreshPluginConfiguration completed succesfully. Requested: 0x20, Changed: 0
Begin Resource Scan
Scan ID:{13ED9244-B42B-4F48-AA00-267B4BCB4F40}
Scan Source:6
Start Time:12-16-2021 13:01:23
End Time:12-16-2021 13:01:29
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************
FileName:C:\Users\vieru\Downloads\Activate-it.exe
SHA1:9752ab4c2fee84880708ea9f8340ef671f52accb
2021-12-16T12:01:29.308Z DETECTION_CLEANEVENT MPSOURCE_SYSTEM MP_THREAT_ACTION_QUARANTINE 0 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:01:29.311Z [Cloud] SubmitReport(CMpSpyNetReportContext - post clean)
2021-12-16T12:01:29.311Z [Cloud] Start of cloud request. Passive mode: 0
2021-12-16T12:01:29.311Z [Cloud] Queued cloud request.
2021-12-16T12:01:29.311Z [Cloud] Dequeued cloud request.
Beginning threat actions
Start time:12-16-2021 13:01:29
Threat Name:Trojan:Win32/Wacatac.B!ml
Threat ID:2147735505
Action:quarantine
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
File to act on SHA1:9752AB4C2FEE84880708EA9F8340EF671F52ACCB
File owner:*******\vieru
Action remove successful on file:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
Finished threat ID:2147735505
Threat result:0
Threat status flags:0
Threat Effective RemovalPolicy:128
Finished threat actions
End time:12-16-2021 13:01:29
Result:0
2021-12-16T12:01:29.311Z [RoutineClean] Routine cleaning completed successfully on 1 detections.
2021-12-16T12:01:29.319Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0
2021-12-16T12:01:29.426Z [Cloud] MpEngineParseSpyNetResponse(). hr = 0
2021-12-16T12:01:29.426Z [Cloud] End of cloud request.
2021-12-16T12:01:31.319Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:01:31.319Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:01:31.320Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:01:32.596Z UtilCleanOpen MPSOURCE_USER, cleaning 1 threats, hr = 0x80508023
2021-12-16T12:01:57.191Z [SFC] MpCmIsBuildPermissible(1) returns S_OK. Start SFC build.
2021-12-16T12:01:57.191Z [SFC] System file cache build is not needed (already completed)
2021-12-16T12:02:00.701Z Engine:Triggered AR EMS scan
2021-12-16T12:02:00.704Z Engine:EMS scan for process: lsass pid: 1016, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.715Z Engine:EMS scan for process: svchost pid: 1032, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.725Z Engine:EMS scan for process: svchost pid: 1136, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.727Z Engine:EMS scan for process: svchost pid: 1176, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.729Z Engine:EMS scan for process: svchost pid: 1492, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.731Z Engine:EMS scan for process: svchost pid: 1508, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.732Z Engine:EMS scan for process: svchost pid: 1560, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.736Z Engine:EMS scan for process: svchost pid: 1612, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.737Z Engine:EMS scan for process: svchost pid: 1660, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.737Z Engine:EMS scan for process: svchost pid: 1712, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.743Z Engine:EMS scan for process: svchost pid: 1760, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.743Z Engine:EMS scan for process: svchost pid: 1852, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.746Z Engine:EMS scan for process: svchost pid: 1984, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.747Z Engine:EMS scan for process: svchost pid: 1780, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.749Z Engine:EMS scan for process: svchost pid: 1736, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.750Z Engine:EMS scan for process: svchost pid: 2084, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.751Z Engine:EMS scan for process: svchost pid: 2092, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.753Z Engine:EMS scan for process: svchost pid: 2100, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.754Z Engine:EMS scan for process: svchost pid: 2352, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.755Z Engine:EMS scan for process: svchost pid: 2364, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.757Z Engine:EMS scan for process: svchost pid: 2416, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.760Z Engine:EMS scan for process: svchost pid: 2424, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.763Z Engine:EMS scan for process: svchost pid: 2432, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.764Z Engine:EMS scan for process: svchost pid: 2548, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.765Z Engine:EMS scan for process: svchost pid: 2792, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.772Z Engine:EMS scan for process: svchost pid: 2884, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.777Z Engine:EMS scan for process: svchost pid: 2940, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.780Z Engine:EMS scan for process: svchost pid: 3032, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.781Z Engine:EMS scan for process: svchost pid: 3040, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.783Z Engine:EMS scan for process: svchost pid: 2504, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.786Z Engine:EMS scan for process: svchost pid: 3228, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.789Z Engine:EMS scan for process: svchost pid: 3324, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.790Z Engine:EMS scan for process: svchost pid: 3496, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.793Z Engine:EMS scan for process: svchost pid: 3504, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.797Z Engine:EMS scan for process: svchost pid: 3516, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.798Z Engine:EMS scan for process: svchost pid: 3524, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.798Z Engine:EMS scan for process: svchost pid: 3532, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.805Z Engine:EMS scan for process: svchost pid: 3544, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.807Z Engine:EMS scan for process: svchost pid: 3552, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.811Z Engine:EMS scan for process: svchost pid: 3560, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.815Z Engine:EMS scan for process: svchost pid: 4020, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.818Z Engine:EMS scan for process: svchost pid: 3760, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.820Z Engine:EMS scan for process: svchost pid: 4220, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.822Z Engine:EMS scan for process: svchost pid: 5388, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.825Z Engine:EMS scan for process: svchost pid: 5660, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.827Z Engine:EMS scan for process: svchost pid: 5360, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.828Z Engine:EMS scan for process: svchost pid: 5308, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.831Z Engine:EMS scan for process: svchost pid: 6392, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.838Z Engine:EMS scan for process: svchost pid: 6584, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.844Z Engine:EMS scan for process: svchost pid: 6332, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.845Z Engine:EMS scan for process: svchost pid: 10484, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.847Z Engine:EMS scan for process: svchost pid: 11352, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.849Z Engine:EMS scan for process: svchost pid: 12904, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.850Z Engine:EMS scan for process: svchost pid: 12752, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.852Z Engine:EMS scan for process: svchost pid: 4484, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.853Z Engine:EMS scan for process: svchost pid: 8936, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.854Z Engine:EMS scan for process: svchost pid: 11780, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.857Z Engine:EMS scan for process: svchost pid: 4136, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.862Z Engine:EMS scan for process: svchost pid: 6524, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.863Z Engine:EMS scan for process: svchost pid: 7788, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.869Z Engine:EMS scan for process: svchost pid: 16160, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.870Z Engine:EMS scan for process: svchost pid: 8292, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.874Z Engine:EMS scan for process: svchost pid: 14376, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.875Z Engine:EMS scan for process: svchost pid: 7864, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.876Z Engine:EMS scan for process: svchost pid: 7308, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.882Z Engine:EMS scan for process: svchost pid: 9652, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.900Z Engine:EMS scan for process: explorer pid: 15060, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:00.997Z Engine:EMS scan for process: svchost pid: 15808, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:01.005Z Engine:EMS scan for process: svchost pid: 11444, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:01.005Z Engine:EMS scan for process: dllhost pid: 9756, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:01.007Z Engine:EMS scan for process: svchost pid: 8732, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:01.008Z Engine:EMS scan for process: svchost pid: 5684, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:01.010Z Engine:EMS scan for process: svchost pid: 12252, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:01.021Z Engine:EMS scan for process: svchost pid: 14872, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:01.023Z Engine:EMS scan for process: svchost pid: 13376, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:01.027Z Engine:EMS scan for process: dllhost pid: 9836, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:01.029Z Engine:EMS scan for process: dllhost pid: 3248, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:01.030Z Engine:EMS scan for process: svchost pid: 12884, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:01.030Z Engine:EMS scan for process: svchost pid: 15164, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:01.033Z Engine:EMS scan for process: svchost pid: 17256, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:02:07.703Z [RtpConfig] Config change detected, type: 32
2021-12-16T12:02:07.703Z Duplicating the current plugin configuration object...
2021-12-16T12:02:07.703Z CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ...
2021-12-16T12:02:07.703Z Updating plugin configuration due to recent config changes (0x20) ...
2021-12-16T12:02:07.703Z No config change detected. Not updating plugin configuration.
2021-12-16T12:02:07.703Z No config changes found. No configuration switch.
2021-12-16T12:02:07.703Z RefreshPluginConfiguration completed succesfully. Requested: 0x20, Changed: 0
2021-12-16T12:02:10.957Z UtilCleanOpen MPSOURCE_USER, cleaning 1 threats, hr = 0x80508023
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=2, resourceid=0xa5a20f8d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1104DD1B, sigsha=604d589694ea894637aec1e949960ff3ee003f79, cached=true, source=2, resourceid=0xa5a20f8d
2021-12-16T12:02:15.952Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:02:15.953Z [MpRtp] Engine VFZ block: \Device\HarddiskVolume3\Users\vieru\Downloads\Activate-it.exe. status=0x8070022, statusex=0x102, threatid=0x8003d7d1, sigseq=0x26671bce5233
2021-12-16T12:02:15.953Z [Mini-filter] Blocked file(#240): \Device\HarddiskVolume3\Users\vieru\Downloads\Activate-it.exe. Process: \Device\HarddiskVolume3\Windows\explorer.exe, Status: 0x0, State: 16, ScanRequest #13668, FileId: 0x1600000002ad18, Reason: OnOpen, IoStatusBlockForNewFile: 0xffffffff, DesiredAccess:0x120089, FileAttributes:0x20, ScanAttributes:0x0, AccessStateFlags:0x801, BackingFileInfo: 0x0, 0x0, 0x0:0\0x0:0
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:02:15.979Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{9571843B-D210-410E-9571-3A8188A3C379}
Scan Source:3
Start Time:12-16-2021 13:02:15
End Time:12-16-2021 13:02:15
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************
2021-12-16T12:02:15.992Z DETECTIONEVENT MPSOURCE_REALTIME Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:02:15.993Z DETECTION_ADD#1 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe
2021-12-16T12:02:15.993Z [RoutineClean] New detection added. Routine cleaning timer scheduled to fire in 4959 milliseconds. 1 detections to be cleaned.
2021-12-16T12:02:20.957Z [RoutineClean] Cleaning 1 detections
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:02:20.986Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{F028031B-7881-4168-80CE-6390D64C2309}
Scan Source:6
Start Time:12-16-2021 13:02:20
End Time:12-16-2021 13:02:20
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:02:21.028Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:02:23.006Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:02:23.007Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:02:23.007Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:02:23.745Z UtilCleanOpen MPSOURCE_USER, cleaning 2 threats, hr = 0x80508023
Begin Resource Scan
Scan ID:{2F3D0EAF-0E9C-4A49-AF6C-F930E9239ACC}
Scan Source:6
Start Time:12-16-2021 13:02:20
End Time:12-16-2021 13:02:26
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************
FileName:C:\Users\vieru\Downloads\Activate-it.exe
SHA1:9752ab4c2fee84880708ea9f8340ef671f52accb
2021-12-16T12:02:26.334Z DETECTION_CLEANEVENT MPSOURCE_REALTIME MP_THREAT_ACTION_QUARANTINE 0 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:02:26.342Z [Cloud] SubmitReport(CMpSpyNetReportContext - post clean)
2021-12-16T12:02:26.342Z [Cloud] Start of cloud request. Passive mode: 0
2021-12-16T12:02:26.342Z [Cloud] Queued cloud request.
2021-12-16T12:02:26.342Z [Cloud] Dequeued cloud request.
Beginning threat actions
Start time:12-16-2021 13:02:26
Threat Name:Trojan:Win32/Wacatac.B!ml
Threat ID:2147735505
Action:quarantine
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
File to act on SHA1:9752AB4C2FEE84880708EA9F8340EF671F52ACCB
File owner:*******\vieru
Action remove successful on file:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
Finished threat ID:2147735505
Threat result:0
Threat status flags:0
Threat Effective RemovalPolicy:128
Finished threat actions
End time:12-16-2021 13:02:26
Result:0
2021-12-16T12:02:26.342Z [RoutineClean] Routine cleaning completed successfully on 1 detections.
2021-12-16T12:02:26.350Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0
2021-12-16T12:02:26.521Z [Cloud] MpEngineParseSpyNetResponse(). hr = 0
2021-12-16T12:02:26.521Z [Cloud] End of cloud request.
2021-12-16T12:02:28.357Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:02:28.357Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:02:28.357Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=2, resourceid=0xa5a20f8d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1104DD1B, sigsha=604d589694ea894637aec1e949960ff3ee003f79, cached=true, source=2, resourceid=0xa5a20f8d
2021-12-16T12:02:33.679Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:02:33.679Z [MpRtp] Engine VFZ block: \Device\HarddiskVolume3\Users\vieru\Downloads\Activate-it.exe. status=0x8070022, statusex=0x102, threatid=0x8003d7d1, sigseq=0x26671bce5233
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:02:33.711Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{17DBEACC-6CE0-4187-9805-103AF53E9D5A}
Scan Source:3
Start Time:12-16-2021 13:02:33
End Time:12-16-2021 13:02:33
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************
2021-12-16T12:02:33.724Z DETECTIONEVENT MPSOURCE_REALTIME Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:02:33.725Z DETECTION_ADD#1 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe
2021-12-16T12:02:33.725Z [RoutineClean] New detection added. Routine cleaning timer scheduled to fire in 4954 milliseconds. 1 detections to be cleaned.
2021-12-16T12:02:38.693Z [RoutineClean] Cleaning 1 detections
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:02:38.721Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{1C60C566-5E27-4CD9-AE08-24DF34D24633}
Scan Source:6
Start Time:12-16-2021 13:02:38
End Time:12-16-2021 13:02:38
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:02:38.763Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:02:39.558Z [Mini-Filter] Blocked rename of \Users\vieru\Downloads\Activate-it.exe as it is infected
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=2, resourceid=0xa5a20f8d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1104DD1B, sigsha=604d589694ea894637aec1e949960ff3ee003f79, cached=true, source=2, resourceid=0xa5a20f8d
2021-12-16T12:02:39.590Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:02:39.590Z [MpRtp] Engine VFZ block: \Device\HarddiskVolume3\Users\vieru\Downloads\Activate-it.exe. status=0x8070022, statusex=0x102, threatid=0x8003d7d1, sigseq=0x26671bce5233
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:02:39.617Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{FBBBAC29-05C5-422E-9504-3A75281BBB8A}
Scan Source:3
Start Time:12-16-2021 13:02:39
End Time:12-16-2021 13:02:39
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************
2021-12-16T12:02:39.631Z DETECTIONEVENT MPSOURCE_REALTIME Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:02:39.631Z DETECTION_ADD#1 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe
2021-12-16T12:02:40.741Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:02:40.742Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:02:40.742Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
Begin Resource Scan
Scan ID:{08744032-AD56-4B26-B1DB-05F9C49DB6F0}
Scan Source:6
Start Time:12-16-2021 13:02:38
End Time:12-16-2021 13:02:43
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************
FileName:C:\Users\vieru\Downloads\Activate-it.exe
SHA1:9752ab4c2fee84880708ea9f8340ef671f52accb
2021-12-16T12:02:44.054Z DETECTION_CLEANEVENT MPSOURCE_REALTIME MP_THREAT_ACTION_QUARANTINE 0 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:02:44.056Z [Cloud] SubmitReport(CMpSpyNetReportContext - post clean)
2021-12-16T12:02:44.056Z [Cloud] Start of cloud request. Passive mode: 0
2021-12-16T12:02:44.056Z [Cloud] Queued cloud request.
2021-12-16T12:02:44.056Z [Cloud] Dequeued cloud request.
2021-12-16T12:02:44.057Z DETECTIONEVENT MPSOURCE_REALTIME Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
Beginning threat actions
Start time:12-16-2021 13:02:44
Threat Name:Trojan:Win32/Wacatac.B!ml
Threat ID:2147735505
Action:quarantine
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
File to act on SHA1:9752AB4C2FEE84880708EA9F8340EF671F52ACCB
File owner:*******\vieru
Action remove successful on file:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
Finished threat ID:2147735505
Threat result:0
Threat status flags:0
Threat Effective RemovalPolicy:128
Finished threat actions
End time:12-16-2021 13:02:44
Result:0
2021-12-16T12:02:44.057Z [RoutineClean] Routine cleaning completed successfully on 1 detections.
2021-12-16T12:02:44.057Z [RoutineClean] Routine cleaning timer rescheduled to fire in 533 milliseconds. 1 detections remaining to be cleaned.
2021-12-16T12:02:44.065Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0
2021-12-16T12:02:44.145Z [Cloud] MpEngineParseSpyNetResponse(). hr = 0
2021-12-16T12:02:44.146Z [Cloud] End of cloud request.
2021-12-16T12:02:44.597Z [RoutineClean] Cleaning 1 detections
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:02:44.626Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{499CEA53-1290-4BEC-82FA-7D65CECEFDFB}
Scan Source:6
Start Time:12-16-2021 13:02:44
End Time:12-16-2021 13:02:44
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:02:44.671Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:02:46.072Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:02:46.073Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:02:46.073Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:02:48.089Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:02:48.090Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:02:48.091Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
Begin Resource Scan
Scan ID:{FAC80C4D-0BDF-4DDC-BCD4-463ABA5460E9}
Scan Source:6
Start Time:12-16-2021 13:02:44
End Time:12-16-2021 13:02:49
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************
FileName:C:\Users\vieru\Downloads\Activate-it.exe
SHA1:9752ab4c2fee84880708ea9f8340ef671f52accb
2021-12-16T12:02:49.888Z DETECTION_CLEANEVENT MPSOURCE_REALTIME MP_THREAT_ACTION_QUARANTINE 0 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:02:49.891Z [Cloud] SubmitReport(CMpSpyNetReportContext - post clean)
2021-12-16T12:02:49.891Z [Cloud] Start of cloud request. Passive mode: 0
2021-12-16T12:02:49.891Z [Cloud] Queued cloud request.
2021-12-16T12:02:49.891Z [Cloud] Dequeued cloud request.
Beginning threat actions
Start time:12-16-2021 13:02:49
Threat Name:Trojan:Win32/Wacatac.B!ml
Threat ID:2147735505
Action:quarantine
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
File to act on SHA1:9752AB4C2FEE84880708EA9F8340EF671F52ACCB
File owner:*******\vieru
Action remove successful on file:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
Finished threat ID:2147735505
Threat result:0
Threat status flags:0
Threat Effective RemovalPolicy:128
Finished threat actions
End time:12-16-2021 13:02:49
Result:0
2021-12-16T12:02:49.891Z [RoutineClean] Routine cleaning completed successfully on 1 detections.
2021-12-16T12:02:49.899Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0
2021-12-16T12:02:50.277Z [Cloud] MpEngineParseSpyNetResponse(). hr = 0
2021-12-16T12:02:50.277Z [Cloud] End of cloud request.
2021-12-16T12:02:51.907Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:02:51.907Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:02:51.908Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:02:53.013Z UtilCleanOpen MPSOURCE_USER, cleaning 1 threats, hr = 0x80508023
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:02:56.379Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:02:56.399Z DETECTIONEVENT MPSOURCE_SYSTEM Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:02:56.400Z DETECTION_ADD#1 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe
Begin Resource Scan
Scan ID:{3F769B85-EE70-429F-9676-F3F1C98610CA}
Scan Source:10
Start Time:12-16-2021 13:02:56
End Time:12-16-2021 13:02:56
Explicit resource to scan
Resource Schema:samplefileremediationcheckpoint
Resource Path:6471C5F45A8066BB52850839FE59DB1F
Result Count:2
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
Unknown File
Identifier:8268595517701750782
Number of Resources:1
Resource Schema:samplefileremediationcheckpoint
Resource Path:6471C5F45A8066BB52850839FE59DB1F
Extended Info - SigSeq:0000000000000000
Extended Info - SigSha:da39a3ee5e6b4b0d3255bfef95601890afd80709
End Scan
************************************************************
2021-12-16T12:02:56.400Z [RoutineClean] New detection added. Routine cleaning timer scheduled to fire in 4998 milliseconds. 1 detections to be cleaned.
2021-12-16T12:02:56.411Z UnknownTelemetryScan triggered, type: 1 (1 - Unknown, 2- Lofi), flags: 0 (0 - Regular, 1 - MemScan), 1 resources, RtpIoavOnly: FALSE
2021-12-16T12:02:56.418Z [Cloud] SubmitReport(CMpUnknownSpyNetReportContext)
2021-12-16T12:02:56.418Z [Cloud] Start of cloud request. Passive mode: 0
2021-12-16T12:02:56.418Z [Cloud] Queued cloud request.
2021-12-16T12:02:56.418Z [Cloud] Dequeued cloud request.
2021-12-16T12:02:56.425Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0
2021-12-16T12:02:56.453Z [Cloud] MpEngineParseSpyNetResponse(). hr = 0
2021-12-16T12:02:56.453Z [Cloud] End of cloud request.
2021-12-16T12:03:01.398Z [RoutineClean] Cleaning 1 detections
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:03:01.431Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{8579889D-9688-4D26-A48D-F4D38E75B407}
Scan Source:6
Start Time:12-16-2021 13:03:01
End Time:12-16-2021 13:03:01
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:03:01.484Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:03:03.448Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:03:03.448Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:03:03.449Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
Begin Resource Scan
Scan ID:{61D95EF8-599A-4592-A766-372AB9708BB0}
Scan Source:6
Start Time:12-16-2021 13:03:01
End Time:12-16-2021 13:03:06
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************
FileName:C:\Users\vieru\Downloads\Activate-it.exe
SHA1:9752ab4c2fee84880708ea9f8340ef671f52accb
2021-12-16T12:03:06.989Z DETECTION_CLEANEVENT MPSOURCE_SYSTEM MP_THREAT_ACTION_QUARANTINE 0 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:03:06.991Z [Cloud] SubmitReport(CMpSpyNetReportContext - post clean)
2021-12-16T12:03:06.991Z [Cloud] Start of cloud request. Passive mode: 0
2021-12-16T12:03:06.991Z [Cloud] Queued cloud request.
2021-12-16T12:03:06.991Z [Cloud] Dequeued cloud request.
Beginning threat actions
Start time:12-16-2021 13:03:06
Threat Name:Trojan:Win32/Wacatac.B!ml
Threat ID:2147735505
Action:quarantine
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
File to act on SHA1:9752AB4C2FEE84880708EA9F8340EF671F52ACCB
File owner:*******\vieru
Action remove successful on file:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\vieru\Downloads\Activate-it.exe
Threat ID:2147735505
Resource refcount:1
Result:0
Finished threat ID:2147735505
Threat result:0
Threat status flags:0
Threat Effective RemovalPolicy:128
Finished threat actions
End time:12-16-2021 13:03:06
Result:0
2021-12-16T12:03:06.992Z [RoutineClean] Routine cleaning completed successfully on 1 detections.
2021-12-16T12:03:07.000Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0
2021-12-16T12:03:07.103Z [Cloud] MpEngineParseSpyNetResponse(). hr = 0
2021-12-16T12:03:07.103Z [Cloud] End of cloud request.
Internal signature match:subtype=Lowfi, sigseq=0x0000157E57D754FD, sigsha=fa916f6b5489a0a412a116b150394d7d0bbe4253, cached=false, source=2, resourceid=0xd18e4c35
2021-12-16T12:03:09.001Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:03:09.002Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:03:09.002Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E57D754FD, sigsha=fa916f6b5489a0a412a116b150394d7d0bbe4253, cached=false, source=0, resourceid=0xc58ebe84
2021-12-16T12:03:31.777Z UtilCleanOpen MPSOURCE_USER, cleaning 1 threats, hr = 0x80508023
Internal signature match:subtype=Lowfi, sigseq=0x0000D1781D549931, sigsha=2807f46942e428cf0f18f775612fd12bcb2f3f68, cached=false, source=2, resourceid=0x8f3af6b8
2021-12-16T12:03:47.148Z [Mini-filter] Injection into process 1432 from process 5996 is BLOCKED.
2021-12-16T12:03:47.149Z [Mini-filter] Injection into process 3980 from process 5996 is BLOCKED.
2021-12-16T12:05:47.630Z [SFC] MpCmIsBuildPermissible(1) returns S_OK. Start SFC build.
2021-12-16T12:05:47.630Z [SFC] System file cache build is not needed (already completed)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E57D754FD, sigsha=fa916f6b5489a0a412a116b150394d7d0bbe4253, cached=true, source=0, resourceid=0x6e54f7cb
Internal signature match:subtype=Lowfi, sigseq=0x0000157E57D754FD, sigsha=fa916f6b5489a0a412a116b150394d7d0bbe4253, cached=false, source=0, resourceid=0xc58ebe84
2021-12-16T12:05:51.628Z Engine:Triggered AR EMS scan
2021-12-16T12:05:51.631Z Engine:EMS scan for process: lsass pid: 1016, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.642Z Engine:EMS scan for process: svchost pid: 1032, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.653Z Engine:EMS scan for process: svchost pid: 1136, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.655Z Engine:EMS scan for process: svchost pid: 1176, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.656Z Engine:EMS scan for process: svchost pid: 1492, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.659Z Engine:EMS scan for process: svchost pid: 1508, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.660Z Engine:EMS scan for process: svchost pid: 1560, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.663Z Engine:EMS scan for process: svchost pid: 1612, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.664Z Engine:EMS scan for process: svchost pid: 1660, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.665Z Engine:EMS scan for process: svchost pid: 1712, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.670Z Engine:EMS scan for process: svchost pid: 1760, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.671Z Engine:EMS scan for process: svchost pid: 1852, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.674Z Engine:EMS scan for process: svchost pid: 1984, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.675Z Engine:EMS scan for process: svchost pid: 1780, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.676Z Engine:EMS scan for process: svchost pid: 1736, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.677Z Engine:EMS scan for process: svchost pid: 2084, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.678Z Engine:EMS scan for process: svchost pid: 2092, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.680Z Engine:EMS scan for process: svchost pid: 2100, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.681Z Engine:EMS scan for process: svchost pid: 2352, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.683Z Engine:EMS scan for process: svchost pid: 2364, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.684Z Engine:EMS scan for process: svchost pid: 2416, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.687Z Engine:EMS scan for process: svchost pid: 2424, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.690Z Engine:EMS scan for process: svchost pid: 2432, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.691Z Engine:EMS scan for process: svchost pid: 2548, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.692Z Engine:EMS scan for process: svchost pid: 2792, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.698Z Engine:EMS scan for process: svchost pid: 2884, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.703Z Engine:EMS scan for process: svchost pid: 2940, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.706Z Engine:EMS scan for process: svchost pid: 3032, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.707Z Engine:EMS scan for process: svchost pid: 3040, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.709Z Engine:EMS scan for process: svchost pid: 2504, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.712Z Engine:EMS scan for process: svchost pid: 3228, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.715Z Engine:EMS scan for process: svchost pid: 3324, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.716Z Engine:EMS scan for process: svchost pid: 3496, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.718Z Engine:EMS scan for process: svchost pid: 3504, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.721Z Engine:EMS scan for process: svchost pid: 3516, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.722Z Engine:EMS scan for process: svchost pid: 3524, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.723Z Engine:EMS scan for process: svchost pid: 3532, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.728Z Engine:EMS scan for process: svchost pid: 3544, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.730Z Engine:EMS scan for process: svchost pid: 3552, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.734Z Engine:EMS scan for process: svchost pid: 3560, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.739Z Engine:EMS scan for process: svchost pid: 4020, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.741Z Engine:EMS scan for process: svchost pid: 3760, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.744Z Engine:EMS scan for process: svchost pid: 4220, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.746Z Engine:EMS scan for process: svchost pid: 5388, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.749Z Engine:EMS scan for process: svchost pid: 5660, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.751Z Engine:EMS scan for process: svchost pid: 5360, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.752Z Engine:EMS scan for process: svchost pid: 5308, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.754Z Engine:EMS scan for process: svchost pid: 6392, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.761Z Engine:EMS scan for process: svchost pid: 6584, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.767Z Engine:EMS scan for process: svchost pid: 6332, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.768Z Engine:EMS scan for process: svchost pid: 10484, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.770Z Engine:EMS scan for process: svchost pid: 11352, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.772Z Engine:EMS scan for process: svchost pid: 12904, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.774Z Engine:EMS scan for process: svchost pid: 12752, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.775Z Engine:EMS scan for process: svchost pid: 4484, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.776Z Engine:EMS scan for process: svchost pid: 8936, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.778Z Engine:EMS scan for process: svchost pid: 11780, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.781Z Engine:EMS scan for process: svchost pid: 4136, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.786Z Engine:EMS scan for process: svchost pid: 6524, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.788Z Engine:EMS scan for process: svchost pid: 7788, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.791Z Engine:EMS scan for process: svchost pid: 16160, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.792Z Engine:EMS scan for process: svchost pid: 8292, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.796Z Engine:EMS scan for process: svchost pid: 14376, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.797Z Engine:EMS scan for process: svchost pid: 7864, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.798Z Engine:EMS scan for process: svchost pid: 7308, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.804Z Engine:EMS scan for process: svchost pid: 9652, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.823Z Engine:EMS scan for process: explorer pid: 15060, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.920Z Engine:EMS scan for process: svchost pid: 15808, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.928Z Engine:EMS scan for process: svchost pid: 11444, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.929Z Engine:EMS scan for process: dllhost pid: 9756, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.930Z Engine:EMS scan for process: svchost pid: 8732, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.932Z Engine:EMS scan for process: svchost pid: 5684, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.933Z Engine:EMS scan for process: svchost pid: 12252, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.945Z Engine:EMS scan for process: svchost pid: 14872, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.947Z Engine:EMS scan for process: svchost pid: 13376, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.951Z Engine:EMS scan for process: dllhost pid: 9836, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:05:51.952Z Engine:EMS scan for process: dllhost pid: 3248, sigseq: 0x0, sendMemoryScanReport: 0, source: 2
2021-12-16T12:06:02.967Z [RtpConfig] Config change detected, type: 32
2021-12-16T12:06:02.967Z Duplicating the current plugin configuration object...
2021-12-16T12:06:02.967Z CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ...
2021-12-16T12:06:02.967Z Updating plugin configuration due to recent config changes (0x20) ...
2021-12-16T12:06:02.967Z No config change detected. Not updating plugin configuration.
2021-12-16T12:06:02.967Z No config changes found. No configuration switch.
2021-12-16T12:06:02.967Z RefreshPluginConfiguration completed succesfully. Requested: 0x20, Changed: 0
2021-12-16T12:06:17.819Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:06:17.820Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:06:17.820Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:09:32.828Z [EmergencySigManager] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config or paid network)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=2, resourceid=0xa5a20f8d
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1104DD1B, sigsha=604d589694ea894637aec1e949960ff3ee003f79, cached=true, source=2, resourceid=0xa5a20f8d
2021-12-16T12:13:27.712Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:13:27.712Z [MpRtp] Engine VFZ block: \Device\HarddiskVolume3\Users\vieru\Downloads\Activate-it.exe. status=0x8070022, statusex=0x102, threatid=0x8003d7d1, sigseq=0x26671bce5233
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:13:27.741Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{ABE51D66-C2AA-4CC1-BC87-FC02774676E2}
Scan Source:3
Start Time:12-16-2021 13:13:27
End Time:12-16-2021 13:13:27
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************
2021-12-16T12:13:27.756Z DETECTIONEVENT MPSOURCE_REALTIME Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe;
2021-12-16T12:13:27.756Z DETECTION_ADD#1 Trojan:Win32/Wacatac.B!ml file:C:\Users\vieru\Downloads\Activate-it.exe
2021-12-16T12:13:27.756Z [RoutineClean] New detection added. Routine cleaning timer scheduled to fire in 4956 milliseconds. 1 detections to be cleaned.
2021-12-16T12:13:32.724Z [RoutineClean] Cleaning 1 detections
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:13:32.751Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
Begin Resource Scan
Scan ID:{969B7C23-6955-4EEB-89F3-CB3FA987C925}
Scan Source:6
Start Time:12-16-2021 13:13:32
End Time:12-16-2021 13:13:32
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Result Count:1
Threat Name:Trojan:Win32/Wacatac.B!ml
ID:2147735505
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\vieru\Downloads\Activate-it.exe
Extended Info - SigSeq:000026671bce5233
Extended Info - SigSha:0734c1fae7685a7f814060197ba2a4f4d417b35c
End Scan
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x0000157E0F7E00B4, sigsha=a6f6abc1ecb11e238fbd262f4d13d3daa02dbe1b, cached=true, source=0, resourceid=0x4c03b223
2021-12-16T12:13:32.795Z FP supression checks:CheckTrusted=true (Sigseq=0x26671bce5233), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)
2021-12-16T12:13:34.773Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:13:34.774Z IWscAVStatus4: 1, 1, 1. hr = 0x0
2021-12-16T12:13:34.774Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0), snooze state (0), and up-to-date state(1)
2021-12-16T12:13:40.018Z [Mini-filter] Injection into process 1432 from process 5996 is BLOCKED.
2021-12-16T12:13:40.018Z [Mini-filter] Injection into process 3980 from process 5996 is BLOCKED.
2021-12-16T12:13:40.229Z [Mini-filter] Injection into process 1432 from process 5996 is BLOCKED.
2021-12-16T12:13:40.229Z [Mini-filter] Injection into process 3980 from process 5996 is BLOCKED.
2021-12-16T12:13:41.439Z Task(GetDeviceTicket -AccessKey C3EACF32-2F7B-5980-FCDE-BA40FA16784F ) launched as network service
2021-12-16T12:13:41.468Z [Cloud] SubmitReport(CMpHeartbeatSpyNetReportContext - Force), ShouldSendEvenOnPaidNetworks: 1
2021-12-16T12:13:41.468Z [Cloud] Start of cloud request. Passive mode: 0
2021-12-16T12:13:41.468Z [Cloud] Queued cloud request.
2021-12-16T12:13:41.468Z [Cloud] Dequeued cloud request.
2021-12-16T12:13:41.469Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0
2021-12-16T12:13:41.478Z [Mini-filter] Denied access to file: \ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe, from process '\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe' (PID: 5996)
2021-12-16T12:13:41.479Z [Mini-filter] Denied access to file: \ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe, from process '\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe' (PID: 5996)
2021-12-16T12:13:41.527Z [Mini-filter] Denied access to file: \Program Files\Windows Defender\MpCmdRun.exe, from process '\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe' (PID: 5996)
2021-12-16T12:13:41.675Z [Cloud] MpEngineParseSpyNetResponse(). hr = 0
2021-12-16T12:13:41.676Z [Cloud] End of cloud request.
2021-12-16T12:13:41.680Z WDDisable called. Sense: 0, SmartLocker: 0, PassiveModePolicy: 0.
2021-12-16T12:13:41.680Z WDDisable: setting DisableAS to 1 ...
2021-12-16T12:13:41.680Z WDDisable: setting DisableAV to 1 ...
2021-12-16T12:13:42.191Z Product needs to be disabled.
2021-12-16T12:13:42.191Z RTP suspended.
2021-12-16T12:13:42.191Z [Service] Disabling IOAV/IEV/ShellExt/EtwLogger registrations ...
2021-12-16T12:13:42.191Z [Service] Enabling AutoLoggers ...
2021-12-16T12:13:42.192Z DefenderApiLogger config verified (1) - no change needed.
2021-12-16T12:13:42.192Z [Service] Disabling AMSI registration ...
2021-12-16T12:13:42.192Z [Service] Leaving EnableIOAVWorker(0, 1) with hr = 0
2021-12-16T12:13:42.192Z Removing scheduled tasks...
2021-12-16T12:13:42.201Z Disabling service ...
2021-12-16T12:13:42.203Z Task(-DisableService) launched as PPL process
2021-12-16T12:13:42.205Z [RtpConfig] Config change detected, type: 1024
2021-12-16T12:13:42.205Z Duplicating the current plugin configuration object...
2021-12-16T12:13:42.205Z CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ...
2021-12-16T12:13:42.205Z Updating plugin configuration due to recent config changes (0x400) ...
2021-12-16T12:13:42.205Z No config change detected. Not updating plugin configuration.
2021-12-16T12:13:42.205Z No config changes found. No configuration switch.
2021-12-16T12:13:42.205Z RefreshPluginConfiguration completed succesfully. Requested: 0x400, Changed: 0
2021-12-16T12:13:42.228Z Service stop requested (ServiceError: 0). Calling CleanupMpService ...
2021-12-16T12:13:42.231Z Shutdowning WscLib, update=1, snooze=0
2021-12-16T12:13:42.235Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2021-12-16T12:13:42.236Z IWscAVStatus4: 1, 2, 1. hr = 0x0
2021-12-16T12:13:42.237Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2021-12-16T12:13:42.237Z On demand scan closed without completion. Current scan state: 1. ScanSource: 6, Scan flags:0x10050004. NumberOfResources:1. bRemoveFromList:1
2021-12-16T12:13:42.345Z [RoutineClean] Routine cleaning completed successfully on 1 detections.
2021-12-16T12:13:42.345Z [RbM] Rollback manager shutdown called.
2021-12-16T12:13:42.345Z [RbM] Rollback manager shutdown complete.
2021-12-16T12:13:42.345Z [RbM] Entering CMpRollbackManager::BlockedVersionsPlatformConfigCallback.
2021-12-16T12:13:42.345Z [RbM] CMpRollbackManager::BlockedVersionsPlatformConfigCallback cannot continue, m_fShutdown == TRUE.
2021-12-16T12:13:42.345Z |