Nazwa dziennika:Application
Źródło: HitmanPro.Alert
Data: 16.07.2016 22:39:26
Identyfikator zdarzenia:911
Kategoria zadania:(9)
Poziom: Błędy
Słowa kluczowe:Klasyczny
Użytkownik: Nie dotyczy
Komputer: idea-PCZ-580
Opis:
Mitigation Lockdown
Platform 10.0.10586/x64 06_3a
PID 3840
Application C:\Users\j\AppData\Local\Temp\Rar$EXa0.250\EnpassSetup-5.2.1.exe
Filename C:\Users\j\AppData\Local\Temp\Rar$EXa0.250\EnpassSetup-5.2.1.exe
Created By C:\Program Files\WinRAR\WinRAR.exe
Process Trace
1 C:\Users\j\AppData\Local\Temp\Rar$EXa0.250\EnpassSetup-5.2.1.exe [3840]
2 C:\Program Files\WinRAR\WinRAR.exe [11056]
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\j\AppData\Local\Temp\Update-ee281bac-bcd4-4549-8ed8-2900a53bb6f1\EnpassPackage-5.2.1.zip"
3 C:\Program Files (x86)\Enpass\Enpass.exe [7608]
"C:\Program Files (x86)\Enpass\Enpass.exe" startWithTray
4 C:\Windows\explorer.exe [6192]
5 C:\Windows\System32\userinit.exe [2284]
6 C:\Windows\System32\winlogon.exe [5276]
winlogon.exe
7 C:\Windows\System32\smss.exe [3160]
\SystemRoot\System32\smss.exe 000000ec 00000074
Kod XML zdarzenia:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="HitmanPro.Alert" />
<EventID Qualifiers="0">911</EventID>
<Level>2</Level>
<Task>9</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2016-07-16T20:39:26.725800700Z" />
<EventRecordID>29146</EventRecordID>
<Channel>Application</Channel>
<Computer>idea-PCZ-580</Computer>
<Security />
</System>
<EventData>
<Data>C:\Users\j\AppData\Local\Temp\Rar$EXa0.250\EnpassSetup-5.2.1.exe</Data>
<Data>Lockdown</Data>
<Data>Mitigation Lockdown
Platform 10.0.10586/x64 06_3a
PID 3840
Application C:\Users\j\AppData\Local\Temp\Rar$EXa0.250\EnpassSetup-5.2.1.exe
Filename C:\Users\j\AppData\Local\Temp\Rar$EXa0.250\EnpassSetup-5.2.1.exe
Created By C:\Program Files\WinRAR\WinRAR.exe
Process Trace
1 C:\Users\j\AppData\Local\Temp\Rar$EXa0.250\EnpassSetup-5.2.1.exe [3840]
2 C:\Program Files\WinRAR\WinRAR.exe [11056]
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\j\AppData\Local\Temp\Update-ee281bac-bcd4-4549-8ed8-2900a53bb6f1\EnpassPackage-5.2.1.zip"
3 C:\Program Files (x86)\Enpass\Enpass.exe [7608]
"C:\Program Files (x86)\Enpass\Enpass.exe" startWithTray
4 C:\Windows\explorer.exe [6192]
5 C:\Windows\System32\userinit.exe [2284]
6 C:\Windows\System32\winlogon.exe [5276]
winlogon.exe
7 C:\Windows\System32\smss.exe [3160]
\SystemRoot\System32\smss.exe 000000ec 00000074
</Data>
</EventData>
</Event>