DonatShell
Server IP : 180.180.241.3  /  Your IP : 216.73.216.252
Web Server : Microsoft-IIS/7.5
System : Windows NT NETWORK-NHRC 6.1 build 7601 (Windows Server 2008 R2 Standard Edition Service Pack 1) i586
User : IUSR ( 0)
PHP Version : 5.3.28
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /Program Files (x86)/Sophos/Sophos Anti-Virus/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME SHELL ]     

Current File : /Program Files (x86)/Sophos/Sophos Anti-Virus/Instrumentation.dll
MZ@	!L!This program cannot be run in DOS mode.

$ǀǀǀ&ǀǀ&ǀRichǀPEL ]!0&@ 	@T.rdata@@.rsrc	 
@@ ]KTT ] ]
TRSDS9LF@Zgc:\Build\build\symbols\Release\Instrumentation.pdbGCTLT.rdataT.rdata$zzzdbg P.rsrc$01P!.rsrc$0200H`x				 L!:>A&H
WEVT_TEMPLATECRIM81xwIl06aA$WEVT<,l @CHAN\(dDSophos-AntiVirus-Perf/OnAccess<Sophos-AntiVirus-Perf/Scan8Sophos-AntiVirus-Perf/WebXSophos-AntiVirus-Perf/BehaviourIntercept<Sophos-AntiVirus-Perf/CachePSophos-AntiVirus-Perf/JournalTracker<Sophos_AntiVirus-Perf/CommsLSophos-AntiVirus-Perf/ProcessFilterMAPSXVMAPLtVMAP<8	
VMAP4
VMAP$<savperf_ThreatDetectionType(savperf_decision8savperf_filtering_reasonXsavperf_per_process_event_filtering_levelTTBLCTEMPJ%]ÖG%TD	EventDataA3oDataKNamedata
dataTEMPP`EFlzP}rHD	EventDataAUoData=KNamecheckfilemilliseconds
ACoData+KNamemilliseconds
A;oData#KNamedecision
A?oData'KName
returncode
X0checkfilemilliseconds millisecondsdecisionreturncodeTEMP
sYl8D	EventDataACoData+KNamemilliseconds
AAoData)KNameprocessName
A7oDataKNameaction
A9oData!KNamekeyName
A=oData%KName	valueName
A=oData%KName	processId
A;oData#KNamethreadId
A=oData%KName	timeStamp

@`|
 millisecondsprocessNameactionkeyNamevalueNameprocessIdthreadIdtimeStampTEMPt&Ҏuå7(<D	EventDataACoData+KNamemilliseconds
AAoData)KNameprocessname
A7oDataKNameaction
A9oData!KNamekeyname
AAoData)KNamecreateflags
A=oData%KName	processId
A;oData#KNamethreadId
A=oData%KName	timeStamp

4Pdx
 millisecondsprocessnameactionkeynamecreateflagsprocessIdthreadIdtimeStampTEMP

uPh9\I	>FUD	EventDataACoData+KNamemilliseconds
AMoData5KNameparentprocessname
A7oDataKNameaction
AKoData3KNamechildprocessname
AAoData)KNamecreateflags
A=oData%KName	processId
AIoData1KNameparentProcessId
A;oData#KNamethreadId
A=oData%KName	timeStamp

AAoData)KNamecommandLine
	(Pl
 milliseconds(parentprocessnameaction(childprocessnamecreateflagsprocessId$parentProcessIdthreadIdtimeStampcommandLineTEMPh !̖rXVe#D	EventDataACoData+KNamemilliseconds
AAoData)KNameprocessname
A7oDataKNameaction
A;oData#KNamefilename
A=oData%KName	processId
A;oData#KNamethreadId
A=oData%KName	timeStamp

,
D millisecondsprocessnameactionfilenameprocessIdthreadIdtimeStampTEMPhVi$&<'^*`D	EventDataACoData+KNamemilliseconds
A9oData!KNameprocess
A7oDataKNameaction
AEoData-KName
targetprocess
A=oData%KName	processId
A;oData#KNamethreadId
A=oData%KName	timeStamp

4H\|
 millisecondsprocessaction targetprocessprocessIdthreadIdtimeStampTEMP`		\W\IVoI7D	EventDataACoData+KNamemilliseconds
AAoData)KNameprocessname
A7oDataKNameaction
A=oData%KName	processId
A;oData#KNamethreadId
A=oData%KName	timeStamp

AIoData1KNametargetProcessId
AEoData-KName
desiredAccess
A5oDataKNameflags
8Xt
  millisecondsprocessnameactionprocessIdthreadIdtimeStamp$targetProcessId desiredAccessflagsTEMPD!so.nD	EventDataACoData+KNamemilliseconds
AAoData)KNameprocessname
A7oDataKNameaction
!!! millisecondsprocessnameactionTEMP"bBMEJ`D	EventDataA1oDataKNameurl
A9oData!KNamelendata
""urllendataTEMPx#nSjNQdD	EventDataACoData+KNamemilliseconds
# millisecondsTEMPx$HKb4=nD	EventDataA3oDataKNamepass
A=oData%KName	sweeptime
$$passsweeptimeTEMP%TzX1½_*D	EventDataA;oData#KNamefilename
AAoData)KNameprocessname
A;oData#KNamescantype
 &8&T&filenameprocessnamescantypeTEMPt(xai~!o,BD	EventDataACoData+KNamemicroseconds

A;oData#KNamedecision
A?oData'KName
returncode
A;oData#KNamefilename
AAoData)KNameprocessName
A;oData#KNamescanType
A=oData%KName	processID


()XH)`)|)))) microsecondsdecisionreturncodefilenameprocessNamescanTypeprocessIDTEMPL,wFX5
7h]_H8D	EventDataACoData+KNamemicroseconds

AAoData)KNameprocessName
A7oDataKNameaction
A9oData!KNamekeyName
A=oData%KName	valueName
A=oData%KName	processId
A;oData#KNamethreadId
A=oData%KName	timeStamp



,-(-<-P-h--
- microsecondsprocessNameactionkeyNamevalueNameprocessIdthreadIdtimeStampTEMP 0~%"&{<D	EventDataACoData+KNamemicroseconds

AAoData)KNameprocessname
A7oDataKNameaction
A9oData!KNamekeyname
AAoData)KNamecreateflags
A=oData%KName	processId
A;oData#KNamethreadId
A=oData%KName	timeStamp



0001$1@1X1
p1 microsecondsprocessnameactionkeynamecreateflagsprocessIdthreadIdtimeStampTEMP

4!zSёT{V
D	EventDataACoData+KNamemicroseconds

AMoData5KNameparentprocessname
A7oDataKNameaction
AKoData3KNamechildprocessname
AAoData)KNamecreateflags
A=oData%KName	processId
AIoData1KNameparentProcessId
A;oData#KNamethreadId
A=oData%KName	timeStamp

AAoData)KNamecommandLine
	

x55555606T6
l66 microseconds(parentprocessnameaction(childprocessnamecreateflagsprocessId$parentProcessIdthreadIdtimeStampcommandLineTEMPh8S.`7m[O6D	EventDataACoData+KNamemicroseconds

AAoData)KNameprocessname
A7oDataKNameaction
A;oData#KNamefilename
A=oData%KName	processId
A;oData#KNamethreadId
A=oData%KName	timeStamp



X9x99999
9 microsecondsprocessnameactionfilenameprocessIdthreadIdtimeStampTEMPh4<!JEu^^nvD	EventDataACoData+KNamemicroseconds

A9oData!KNameprocess
A7oDataKNameaction
AEoData-KName
targetprocess
A=oData%KName	processId
A;oData#KNamethreadId
A=oData%KName	timeStamp



<<<=(=@=
X= microsecondsprocessaction targetprocessprocessIdthreadIdtimeStampTEMP`		0@U9hRD	EventDataACoData+KNamemicroseconds

AAoData)KNameprocessname
A7oDataKNameaction
A=oData%KName	processId
A;oData#KNamethreadId
A=oData%KName	timeStamp

AIoData1KNametargetProcessId
AEoData-KName
desiredAccess
A5oDataKNameflags


@A A4ALA
dA|AAA microsecondsprocessnameactionprocessIdthreadIdtimeStamp$targetProcessId desiredAccessflagsTEMPBM5V`@D	EventDataACoData+KNamemicroseconds

AAoData)KNameprocessname
A7oDataKNameaction


,CLChC microsecondsprocessnameactionTEMPDW2?jɶdD	EventDataACoData+KNamemicroseconds



(D microsecondsTEMP<$E.
ibKD	EventDataACoData+KNamemicroseconds

A;oData#KNameitemName


LElE microsecondsitemNameTEMPFg-?sVND	EventDataA;oData#KNamemisstype
A9oData!KNamecurrent
A=oData%KName	alternate
A7oDataKNamecookie
(G@GTGlGmisstypecurrentalternatecookieTEMP4XHj+3cRD	EventDataA;oData#KNamefilename
A?oData'KName
volumename
HHfilenamevolumenameTEMPJcZp墶1#G?D	EventDataA?oData'KName
volumename
AGoData/KNamevolumedispname
A5oDataKNameflags
A7oDataKNameserial
A7oDataKNamefstype
A9oData!KNamerunning

K$KHKXKlK

Kvolumename$volumedispnameflagsserialfstyperunningTEMP4lLt@S{ZJBOD	EventDataACoData+KNamemilliseconds
A7oDataKNamenewkey
LL millisecondsnewkeyTEMP$M}}dYomD	EventDataACoData+KNamemilliseconds
A/oDataKNameok

M

M millisecondsokTEMPNnSjNQdD	EventDataACoData+KNamemilliseconds
N millisecondsTEMP4O;'rxcD	EventDataACoData+KNamemicroseconds

A7oDataKNamenewkey


OO microsecondsnewkeyTEMP$P;)`+SdQ	3D	EventDataACoData+KNamemicroseconds

A/oDataKNameok



P

Q microsecondsokTEMPQW2?jɶdD	EventDataACoData+KNamemicroseconds



Q microsecondsTEMP$R/g p}Q{D	EventDataA7oDataKNamevolume
A=oData%KName	cachetext
RRvolumecachetextTEMPS*D;{E8q^:D	EventDataA1oDataKNamevol
A1oDataKNamewhy
SSvolwhyTEMPxUyko~n O5D	EventDataA9oData!KNamevolumen
A5oDataKNamemajor
A5oDataKNameminor
DUXUhUvolumenmajorminorTEMPVēWҋ\]D^D	EventDataA=oData%KName	errorcode
 VerrorcodeTEMPV
Bo̩&]"`RD	EventDataA1oDataKNameerr
VerrTEMP DXE|PSs*60D	EventDataACoData+KNamemicroseconds

A=oData%KName	proc_path
A;oData#KNamefunction
A?oData'KName
returncode


XXXX microsecondsproc_pathfunctionreturncodeTEMPZ4գ8Z*g3
=(D	EventDataACoData+KNamemicroseconds

A;oData#KNamelocation
A5oDataKNameflags


TZtZZ microsecondslocationflagsTEMP[}'AjR1 D	EventDataACoData+KNamemicroseconds

A1oDataKNameurl
A3oDataKNamepath
A7oDataKNamereturn


4\T\`\p\ microsecondsurlpathreturnTEMP$T]%:+D	EventDataACoData+KNamemicroseconds

A1oDataKNameres



|]

] microsecondsresTEMP0^ kD9TD	EventDataA3oDataKNamedata
D^dataTEMP,(_=^_y`fD	EventDataACoData+KNamemicroseconds

A3oDataKNamedata


P_p_ microsecondsdataTEMP`wT*عgnvXD	EventDataACoData+KNamemicroseconds

A1oDataKNamePID
A3oDataKNamepath


``` microsecondsPIDpathTEMP$aV{١X<$D	EventDataACoData+KNamemicroseconds

A1oDataKNamePID


ab microsecondsPIDTEMP`cGEʿLAbn$D	EventDataACoData+KNamemicroseconds

A1oDataKNameres

A-oDataKNamea
A-oDataKNameb


c

ccc microsecondsresabTEMPdRg<>#,]hD	EventDataACoData+KNamemicroseconds

A3oDataKNamepath
A7oDataKNameextent


8eXehe microsecondspathextentTEMPf0Н!#o.D	EventDataACoData+KNamemicroseconds

A3oDataKNamepath
A9oData!KNamekeyname


fff microsecondspathkeynameTEMP`h>bVndn~D	EventDataACoData+KNamemicroseconds

A3oDataKNamepath
A5oDataKNamegenes
A;oData#KNamegenesout


hhhh microsecondspathgenesgenesoutTEMPX ko5h&h[D	EventDataA?oData'KName
ThreatName
AGoData/KNamethreatLocation
A?oData'KName
threatType
AAoData)KNamesafestoreID
AUoData=KNamerebootNeededToResolve

AEoData-KName
cleanupFailed

kkkk

l

@lThreatName$threatLocationthreatTypesafestoreID0rebootNeededToResolve cleanupFailedTEMP48m+}2<Ҝj%bD	EventDataA;oData#KNamefilename
A?oData'KName
tries_left
`mxmfilenametries_leftTEMPn (yqjJD	EventDataA;oData#KNamefilename
A?oData'KName
num_queued
A?oData'KName
check_type
no ofilenamenum_queuedcheck_typeTEMPpQ(S\JA-~2*D	EventDataA;oData#KNamefilename
AAoData)KNameprocessName
A;oData#KNamescanType
A=oData%KName	processID
pq q8qfilenameprocessNamescanTypeprocessIDTEMPq+?״},^yk\D	EventDataA;oData#KNamefilename
qfilenameTEMPr+?״},^yk\D	EventDataA;oData#KNamefilename
rfilenameTEMPHuν1;?LD	EventDataACoData+KNamemicroseconds

A;oData#KNamedecision
A?oData'KName
returncode
A;oData#KNamefilename
AAoData)KNameprocessName
A;oData#KNamescanType
A=oData%KName	processID
AIoData1KNamefilteringReason


uXv v<vTvpvvv microsecondsdecisionreturncodefilenameprocessNamescanTypeprocessID$filteringReasonTEMPX		y6-ij萻.D	EventDataACoData+KNamemicroseconds

AAoData)KNameprocessName
A7oDataKNameaction
A9oData!KNamekeyName
A=oData%KName	valueName
A=oData%KName	processId
A;oData#KNamethreadId
A=oData%KName	timeStamp

AIoData1KNamefilteringReason


4zTzpzzzzz
zz microsecondsprocessNameactionkeyNamevalueNameprocessIdthreadIdtimeStamp$filteringReasonTEMP`		}/>˗׮vD	EventDataACoData+KNamemicroseconds

AAoData)KNameprocessname
A7oDataKNameaction
A9oData!KNamekeyname
AAoData)KNamecreateflags
A=oData%KName	processId
A;oData#KNamethreadId
A=oData%KName	timeStamp

AIoData1KNamefilteringReason


~~~~~(
@X microsecondsprocessnameactionkeynamecreateflagsprocessIdthreadIdtimeStamp$filteringReasonTEMP\jBD	EventDataACoData+KNamemicroseconds

AMoData5KNameparentprocessname
A7oDataKNameaction
AKoData3KNamechildprocessname
AAoData)KNamecreateflags
A=oData%KName	processId
AIoData1KNameparentProcessId
A;oData#KNamethreadId
A=oData%KName	timeStamp

AAoData)KNamecommandLine
	AIoData1KNamefilteringReason


Ѓ,Tp
Ą܄ microseconds(parentprocessnameaction(childprocessnamecreateflagsprocessId$parentProcessIdthreadIdtimeStampcommandLine$filteringReasonTEMPENuѱEn~&>*FD	EventDataACoData+KNamemicroseconds

AAoData)KNameprocessname
A7oDataKNameaction
A;oData#KNamefilename
A=oData%KName	processId
A;oData#KNamethreadId
A=oData%KName	timeStamp

AIoData1KNamefilteringReason


8Xt
Ј microsecondsprocessnameactionfilenameprocessIdthreadIdtimeStamp$filteringReasonTEMP4|bON6y:I:D	EventDataACoData+KNamemicroseconds

AAoData)KNameprocessname
A7oDataKNameaction
AIoData1KNamefilteringReason


̊ microsecondsprocessnameaction$filteringReasonTEMP

PׄQwB
D	EventDataACoData+KNamemicroseconds

AAoData)KNameprocessname
A7oDataKNameaction
A=oData%KName	processId
A;oData#KNamethreadId
A=oData%KName	timeStamp

AIoData1KNametargetProcessId
AEoData-KName
desiredAccess
A5oDataKNameflags
AIoData1KNamefilteringReason
	

8Th
ԏ microsecondsprocessnameactionprocessIdthreadIdtimeStamp$targetProcessId desiredAccessflags$filteringReasonTEMP/Ep结Ȑb/HD	EventDataACoData+KNamemicroseconds

A9oData!KNameprocess
A7oDataKNameaction
AEoData-KName
targetprocess
A=oData%KName	processId
A;oData#KNamethreadId
A=oData%KName	timeStamp

AIoData1KNamefilteringReason


Ddxē
ܓ microsecondsprocessaction targetprocessprocessIdthreadIdtimeStamp$filteringReasonTEMP''=0uAKD	EventDataA5oDataKNamecount
A5oDataKNamepaths
countpathsTEMP[UFRVD	EventDataA5oDataKNamestate



ȕstateTEMPUitg/SD	EventDataA=oData%KName	processId
A3oDataKNamepath
A7oDataKNameresult
 8HprocessIdpathresultTEMP+?״},^yk\D	EventDataA;oData#KNamefilename
filenameOPCOT080P0h

00

000ę0Й0000040P0|000Ț000,  0Pwin:Infowin:Startwin:StopLogLookupComputeLoadHitMissHipsSkipHipsGoldenNoJournalInvalidate,InvalidateMaliciousError(SkipManualCleanupIgnoreSkipSubfile$TheatDiscovered$ThreatResolved$HealthEventSentSendBeaconLEVLPPPܛPwin:Errorwin:Warning(win:Informationalwin:VerboseTASKppp,p<p`p		p

ppp

p\pppp@pppppp8pXptp  p((pĢ))pInterceptCacheSweep$CacheManagement$HIPSEvaluationOnDemandUpdateData(OnAccessIntercept8OnSetRegKeyValueIntercepDOnCreateOrDeleteRegKeyInterceptHOnCreateOrDeleteProcessIntercept@OnCreateRemoteThreadIntercept,OnModFileIntercept0OnIpConnectIntercept0OnLoadDriverIntercept<OnFileOpenForWriteIntercept@OnOpenProcessHandleIntercept,WebContentIntercept HIPSIntercept WebInterceptICChecksum$ProcessJournalSafestoreBeacon DeferredScan ProcessFilterKEYW<ȣ 	FileRegistryPathChecksumProcessUpdateCleanup$ThreatLifetimeEVNT
$0
<
l&<
r<(`l$̞(m$̞(\$̞(l&$̞(<o$̞(Pq$̞	(	r$̞

4$

)$

v$$(-$({$(
$D
1$D 
|$D$

$|(

6$|0\$`8:$`<($`@$|D6$|L$|T$ $\A$`$d$h6$l$p$Нt6$Н|$Н$p=$@$0,Q<, !0 "< |C<(
@(#`d(
@(HD`d)
@)#`d*
@*8`d22H33H44H55H66H77H88xH99EH::ؘxH;;H<<̘H==8H>>$HF)F$G)G($H)Hؕ$dd8$ee8<ff80gg8ؘxhh8<ii80jj8<kkGllH0mK$mmN$nL<xnnO<xoM<ooQ<pp8$xqq8$rrQ$ss8$tt8$uuQ$vv8$wwS$xx8$yyT$z
z8Hx{
{8H|
|8H}}8V0~~$8$$xU$0x$V$$V$$ Y$@ Z$@,@,Q$-@-$.@.\$/@/Q$0@0Q$1
@1]Hx3
@3]Hx5
@5T^H6@6_x7@7_8@8a9@9a:@:Q$;@;Q$<@<Q$=@=QT>
@>Q`?
@?(b`@@@clA@AT^TB@B|elC@CQTD@DQTE@EQTG@GQTH@HQTI
@IQHJ
@JT^HN NQTO@OQTP PT^TQ QQTR
@Rg`S@ST^$T@TQ$U@UQ$V
@VQHZ@ZT^T\@\0]@]<@0@Q<	 @0Ԝ	 @Q<Ԝ&&0\''Q<\X@X0YY< ZZ$$id(id,d4  8, P P P P P PPPPPPPPPPPPPPPPPPPPPPPP0P0PPPPPPPPP0@00 00000``ppppPAInstrumentationPA2\	00
00
00000 0 0\PP|ppppppPppppp p(p)p(t
4l(*2>`FHdl,p$%P&,1'33x(5E(GJP-NV8.ZZ0\]0(11&'2XZp2|33d44
$59((X9mo9\:
:<D?@Operations to do with files

HOperations to do with registry

@Operations to do with paths

HOperations to do with checksums

HOperations to do with processes

DOperations to do with updates

DOperation to do with cleanup

Events to do with management of threats and tracking there lifetime

Info

Start

Stop

Log

Lookup

Compute

Load

Hit

Miss

Hips

SkipHips

Golden

NoJournal

 Invalidate

0InvalidateMalicious

Error

,SkipManualCleanup

Ignore

 SkipSubfile

LProcess threat discovery lifetime

<Process threat resolution

(HealthEventSent

 SendBeacon

Error

Warning

 Information

Verbose

Intercept

Cache

Sweep

,Cache Management

(HIPS processing

$On Deman Scan

 Data update

On Access

<OnSetRegKeyValueIntercep

HOnCreateOrDeleteRegKeyIntercept

LOnCreateOrDeleteProcessIntercept

DOnCreateRemoteThreadIntercept

0OnModFileIntercept

4OnIpConnectIntercept

4OnLoadDriverIntercept

@OnFileOpenForWriteIntercept

DOnOpenProcessHandleIntercept

0WebContentIntercept

$HIPSIntercept

$WebIntercept

 ICChecksum

(ProcessJournal

Safestore

DSending a notification to SSP

$Deferred scan

(Process filter

0OnAccess Detection

(Engine Scanning

(Web protection

4Behavioiur Monitoring

(Result caching

,Journal Tracking

(Communications

(Process filter

hOnAccess - Checking %1 opened by%2  scantype %3

xOnAccess - Retry deferred scan %1, remaining retries=%2

OnAccess - Adding %1 (check type: %3), current queue size is %2

OnAccess - Unable to queue %1: the deferred scanning queue is full

OnAccess - Deferred check finished (%1)ms, decision (%2) -> %3

XOnAccess - failed to get oplock for %1

`OnAccess - Removing %1 from deferred queue.

OnAccess - Failed to scan %1 deferred after maximum retries

pIntercepted %2 setting registry value %4 %5
T(%1)ms

\Intercepted Create or Delete Registry Key

TIntercepted Create or Delete Process

8Intercept File Modified

HIntercept create remote thread

HIntercepted File Modification


PIntercept a driver had been loaded

`Intercept a file has been opened for write

hIntercepted %2 Opening %7 Process Handle
(%1)us

(Intercept Start

(Intercept Stop

Recieved %2 bytes of data web content to be scanned. URL: %1

DWeb content has been checked

(Sweeping Object

,Resweeping object

pPassing file %1 to be scanned to the virus engine. 

hJournal cache decision - Skip cache (Sub File)

`Journal cache decision - Skip cache (HIPS)

pJournal cache decision - Skip cache (ManualCleanup)

hJournal cache decision - Skip cache (NoJournal)

TJournal cache decision - Ignore Cache

TJournal cache decision - Golden File

DJournal cache decision - Hit

DJournal cache decision - Miss

PJournal cache decision - Exception

hJournal cache decision - Post Skip (No Journal)

pJournal cache decision - Post Invalidate Malicious

\Journal cache decision - Post Invalidate

TJournal cache decision - Post Success

\Process filter set up with %1 paths:%n%2

hProcess filter enabled state has been set to %1

`Process %1 (%2) has been classified as %3.

HSutting down journal tracker %1

<Journal Shutting down %1

<Beginning record flush %1

LError flushing journal records %1

DFinished flushing records %1

@Begin Syncronizing cache %1

HFinished synchronizing cache %1

lJournal Tracker - Invalidaing record for %1 on %2

Starting journal tracker for %1 - %2
Flags %3
Serial No %4
Filesystem %5
isRunning %6

hJournal Tracker - Failed to open the volumr %1

LJournal Tracker - Using cache %1

lJournal Tracker - Using golden cache for %1 - %2

TJournal Tracker - Replacing Cache %1

TJournal Tracker Cache %1 unavailable

hJournal Tracker - Golden cache for %1 unused %2

,Journal Halted %1

lJournal Tracker Filesystem on %1 unsupported - %2

LJournal Tracker - %1 is readonly

Journal Tracker The journal version %2.%3 on %1 is unsupported

@Journal Tracker - Error: %1

@Journal Tracker - Info: %1

@Journal Tracker - Debug: %1

4Journal Info Start %1

@Journal Query Journal Info

TJournal Tracker - No Prerequisites %1

TJournal Tracker - Invalidate Handles

dJournal Tracker - Read USN journal failed %1

HJournal - Process Journal Info

@Journal version unsupported

dHIPS intercept for process %2-%3 -> %4
(%1)us

dHIPS intercept for process %2-%3 -> %4
(%1)us

<BHO scanning %2:%3
(%1)us

xReputation lookup for %3 connecting to %2 -> %4
(%1)us

HCreated a new lua engine
(%1)us

8Destroyed a LUA engine

DLUA - Check Profiling 
(%1)us

,LUA - Run
(%1)us

TLUA - assign global constrants
(%1)us

0LUA - Exception %1

@LUA - Wrapper Exception %1

(LUA - %2
(%1)us

TLUA - Looking up PID %2 at %3
(%1)us

TLUA -  PID %2 at %3 not found
(%1)us

XLUA - Not found in cache PID %2
(%1)us

HLUA - Cache miss PID %2 
(%1)us

DLUA - Report Behaviour
(%1)us

8LUA - Phenotype
(%1)us

LLUA - Report Phenotype URI
(%1)us

<LUA - Process Path
(%1)us

@LUA - Checksum file
(%1)us

\LUA - Compare Paths %3 - %4 -> %2
(%1)us

HLUA - Load file %2 - %3
(%1)us

HLUA - SHGetFolderPath %2
(%1)us

DLUA - Reg Query %2 %3
(%1)us

4LUA - Get SID
(%1)us

@LUA - Object to path
(%1)us

@LUA - Path to object
(%1)us

HLUA - Short to long path
(%1)us

HLUA - Long to short path
(%1)us

0LUA - Debug
(%1)us

(LUA - %2
(%1)us

HLUA - Get Default token
(%1)us

HLUA - Set Default token
(%1)us

@LUA - File exists %2
(%1)us

8LUA - Drive type
(%1)us

\LUA - SAVI Scan %2
(%1)us
in: %3
out: %4

<LUA - Set Gene %2
(%1)us

8LUA - Set Action
(%1)us

8LUA - Diff time
(%1)us

8LUA - Checkpoint
(%1)us

<LUA - Has Gene %2
(%1)us

8LUA - Start processing


4LUA -Stop Processing

8On Demand Scan - Start

DOn Demand Scan - Stop
(%1)us

,Data update start

8Data update stop
(%1)us

,IC Checksum start

<IC Checksum stop 
(%1)us

PLoading safestore for disinfection

XUnloading safestore after disinfection

dSafestore has been successfully initalised. 

DA threat has been discovered

0Threat notification

tAn notification was sent to the health event store. 

@Beacon has been sent to SSP

OnAccess - Checkfinished (%1)ms (%2)ms, decision (%3) -> %4

pIntercepted %2 setting registry value %4 %5
T(%1)us

xIntercepted %2 Create or Delete Registry Key %4
(%1)us

Intercepted %2 Creating or Deleting a Process %4
Commandline %9
(%1)us

PIntercept%2 File Modified %4
(%1)us

lIntercept %2 creating remote thread in %4
(%1)us

LIntercepted %4 modiying %4
(%1)us

dIntercepted %2 making an ip connection
(%1)us

XInterceped %2 loading driver %4
(%1)us

`Intercepted %2 opening %4 for write
(%1)us

@Intercept OpenProcessHandle

PWeb content has been checked
(%1)us

0Sweeping %2
(%1)us

8Purged cacge %2
(%1)us

@Journa IO Done  - %2
(%1)us

\Journal Tracker - Thread shutdown 
(%1)us

pOnAccess - %4 checked, decision: %2%nTime: %1 usec

Intercepted %2 setting Registry key %4, value %5%nTime: %1 usec

Intercepted %2 creating or deleting Registry key %4%nTime: %1 usec

Intercepted %2 creating or deleting process %4, command line: %10%nTime: %1 usec

Intercepted %2 creating remote thread in %4%nTime: %1 usec

hIntercepted %2 modifying file %4%nTime: %1 usec

tIntercepted %2 making an IP connection%nTime: %1 usec

hIntercepted %2 loading driver %4%nTime: %1 usec

pIntercepted %2 opening %4 for write%nTime: %1 usec

Intercepted %2 opening process handle to %7%nTime: %1 usec

Infected

(Action Pending

 Disinfected

Clean

Exempt

Error

0Threat Neutralised

 StaticVirus

$RuntimeVirus

Behaviour

4ControlledApplication

(BufferOverflow

$Not filtered

(Process filter

,Global exclusion

4Per-process exclusion

Generic

,File manipulator

H4VS_VERSION_INFO

?StringFileInfo040904b0>CompanyNameSophos Limited^FileDescriptionInstrumentation components<FileVersion10.8.6.215HInternalNameInstrumentation.dllz+LegalCopyright 1989-2019 Sophos Limited, www.sophos.comPOriginalFilenameInstrumentation.dllDProductNameSophos Anti-Virus6	ProductVersion10.8.6DVarFileInfo$Translation	PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD@0@	*H
@0@10	+0h
+7X0T0-
+70մ$fڎ`10
+71	.^aȓII=J	Zs'Aҗ7wv͠6<DKV1zO$c|diF2/4R<|^u
Dr9@9[年j,dT_tuECUQdl&UlG)f.t3EB[՚JnB=>t'S{s%3zM]s/6
M#73=zyQޣlibX$(qˍ6ξjNR,a3oU?EԦ5Y	'b/cf m?.3mӲIoBdjÓ~Aveʱz0!0	+0M{'8.uq00vRUӅ90
	*H
0o10	UUS10U
DigiCert Inc10Uwww.digicert.com1.0,U%DigiCert Assured ID Code Signing CA-10
181107000000Z
200305120000Z0X10	UGB10UAbingdon10U

Sophos Ltd10
UESG10U
Sophos Ltd0"0
	*H
0
1l./Ixyb6;4}zǡPTƜ!:[	:+
OU@^}.\є)X0ŸM|̯SӇ''%	CaY)hYM jFTmMzw֋LcL%þG(ۡꦘp.
l牬LOX?cogzno^%Om0ڠs2 K33:[+=qNeU00U#0{h)Iz?֧E520Utʵ`A&M0U0U%0
+0mUf0d00.,*http://crl3.digicert.com/assured-cs-g1.crl00.,*http://crl4.digicert.com/assured-cs-g1.crl0LU E0C07	`Hl0*0(+https://www.digicert.com/CPS0g0+v0t0$+0http://ocsp.digicert.com0L+0@http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0U00
	*H
m-_’G$yH.arGV@3
kQDHSv$z|33qrD^	~[)yh?:Ŋ	I2gIPע0Um%	)sEk*5@@Kά(x-rP#bm@8ݩJ6;^rǢ9X:";!
GTRV'|v ?L*5ֻ1ʒT7 Yt\X(p4KF$yO0j0R:Xkf0
	*H
0b10	UUS10U
DigiCert Inc10Uwww.digicert.com1!0UDigiCert Assured ID CA-10
141022000000Z
241022000000Z0G10	UUS10U
DigiCert1%0#UDigiCert Timestamp Responder0"0
	*H
0
d]|5*Iu;nSdY|kkUZc[IPكof˅_ԇtD;9$K,^(dPs
gaxu[E#DU}UyHFN_⨶-Yaarh|4/1w06'L1d~6[zzx.Fȍ`ۼstN@pF@Y:	WV0akbBw5010U0U00U%0
+0U 00	`Hl00(+https://www.digicert.com/CPS0d+0VRAny use of this Certificate constitutes acceptance of the DigiCert CP/CPS and the Relying Party Agreement which limit liability and are incorporated herein by reference.0	`Hl0U#0+ߢW
+g0UaZM$I2J*yK}0}Uv0t08642http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08642http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w+k0i0$+0http://ocsp.digicert.com0A+05http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
	*H
%~3M&\# j,1:qͩZ9lZ@7$~ W[`&iW!]4/qk5{?Ab'=8(o:R	pbbKsӎ1/mCq!]Aљt
&w(ؓU
\H'fȣ
ڮ.YamamUT@+kQ
Hn
:=ʯj{D00I!vm0
	*H
0e10	UUS10U
DigiCert Inc10Uwww.digicert.com1$0"UDigiCert Assured ID Root CA0
110211120000Z
260210120000Z0o10	UUS10U
DigiCert Inc10Uwww.digicert.com1.0,U%DigiCert Assured ID Code Signing CA-10"0
	*H
0
|
ʉKS<"HD?"nO$RrFūxz&|S/j(̠K ˸@EO9;oi\.f馸ޮbD'&Iq8mN\gwofdkIh~!	K1jZBG}`+١]Vr>2*,2F^cиL5P_CD|DP*=tzrKVc?NI#%(Ad;]C0?0U0U%0
+0U 00`Hl00:+.http://www.digicert.com/ssl-cps-repository.htm0d+0VRAny use of this Certificate constitutes acceptance of the DigiCert CP/CPS and the Relying Party Agreement which limit liability and are incorporated herein by reference.0U00y+m0k0$+0http://ocsp.digicert.com0C+07http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0Uz0x0:864http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:864http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0U{h)Iz?֧E520U#0E뢯˂1-Q!m0
	*H
{rd:ć۔אY3+ި[%?|C9>;!%{$r]GF?jQ8޴%(TyF$8&aM(?Ī5SO=l#Mg	:=<6Lv:V5/Leȑj-#O7;՜<ձkx͜Q[B&rZ
J#@"“:ԛh)<ĆGBq2	r	yKqiA9wd񄍾}h00
?'0
	*H
0e10	UUS10U
DigiCert Inc10Uwww.digicert.com1$0"UDigiCert Assured ID Root CA0
061110000000Z
211110000000Z0b10	UUS10U
DigiCert Inc10Uwww.digicert.com1!0UDigiCert Assured ID CA-10"0
	*H
0
-Bs@pҞVT\A3ME\,Yߞ$˜wI܉
گ^kq1:@FMz64I1H|PƇ6?0os#V2!p}C;=A?ەH+]Bns?&KYf
čoHO@L@]\/"kes
t\Bh~w
'V|b?2`	z0v0U0;U%402+++++0U 00
`Hl00:+.http://www.digicert.com/ssl-cps-repository.htm0d+0VRAny use of this Certificate constitutes acceptance of the DigiCert CP/CPS and the Relying Party Agreement which limit liability and are incorporated herein by reference.0	`Hl0U00y+m0k0$+0http://ocsp.digicert.com0C+07http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0Uz0x0:864http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:864http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0U+ߢW
+g0U#0E뢯˂1-Q!m0
	*H
FP>ɷ($8[)RR1GV\{
Aut8\aP䂹#Ѻ:r8xu]4rGV6w$Ub-ҵ^O=[1b39xv%s*ϜvK_KKpLyLW_]8O
]gEփ
iOY#Ҫ|Bϑ'ý|
,U"M*!I1GwqܱKKwO/Z)&1%F0%B00o10	UUS10U
DigiCert Inc10Uwww.digicert.com1.0,U%DigiCert Assured ID Code Signing CA-1vRUӅ90	+p0
+7100	*H
	1
+70
+710
+70#	*H
	1FJUg_!<ʿ0
	*H
OZtYj+D5zokJR^D7Jő-BD!M^_B=^^@fLY>lA#^iHFTtSAhER
']&#KW*{Kf6 ڕHVdD+QΡ[a3hI'fHYFSgy_/]wru;فH7KѓR˭Rt"K{VfhDfҡ#%0	*H
	100v0b10	UUS10U
DigiCert Inc10Uwww.digicert.com1!0UDigiCert Assured ID CA-1:Xkf0	+]0	*H
	1	*H
0	*H
	1
191205170510Z0#	*H
	1iwAA$QyRCD0
	*H
PBKp$TR|\>3_8;Ը[%_aBa^k"iQ&ղc#"I7zUO1Wtp:I;ڈ$_	qih[FOd>b)n'WͲ)pPez׺!fLU,aG:]TˠtS֋'0:M3!):q
fvX,2&*э]C"0!
+71!0 	*H
 0 10
	`He0h
+7X0T0
+70
մ$fڎ`10
+71LSeizˌ.nZh+
Fxߖ&__OFޥ~jd!5gjo2.PM79++ؘbu;Oۺ;KG^b]]D6g$
-EH?ρ,C8\}-i24uWiAH
DГ0!kzWA:`Ŷh;T/*msZ,U0-VXIxNd&zcӕd/%;߫PC;Ft}՝SwnyO%Hd4mTuz?6CKݑ`<Q*m|=kc,)^^~'\UBWTªh'K
ꎶZ:9Ĺ`M=i'aR
#ImyjN2<p;o9:54ytZMӭSYj_Nr)X#^Pt(nD~QCunMjO_%~Cʲj+8ݟ/`rw4DdUdǙ۝<5#2]ϓ_ԿĊaY;]v,AAlMS&.OBzE-P010
	`He 
΅HG`҃<pG^ih:Y00}	E%YRvDP0
	*H
0l10	UUS10U
DigiCert Inc10Uwww.digicert.com1+0)U"DigiCert EV Code Signing CA (SHA2)0
181107000000Z
220204120000Z010+7<GB10UPrivate Organization10U0209652010	UGB10UAbingdon10U

Sophos Ltd1 0UEndpoint Security Group10U
Sophos Ltd0"0
	*H
0
_0l)V$K"0PDy?O"3ɼY[v	~Q=~͖̼hP:8IQٟqO? uSspK̉p|ߏgl;?}Hh3	n>
J6Cۜ(jg5zį0?fxtG
a1P[4V&d"=x;(ZUNODD\qo4ladE| dx6
{}_`&^v00U#0~m2j#pj:k0UV(GbH 6*0&U0+0
GB-020965200U0U%0
+0{Ut0r07531http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07531http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0KU D0B07	`Hl0*0(+https://www.digicert.com/CPS0g0~+r0p0$+0http://ocsp.digicert.com0H+0<http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0U00
	*H
"*`41Xqex"@.1˘d߉h#̃҉g
JZ-!cCk1Vo)b㿭ȝ$g'|]ONaoӦ*tod!LaCTFAaa]^iesA*2zOb{l[2o"3دT]gu(|`q=W&m=GF- #CW
+*0Ӈ.a[jg4Xn="4n00_:xG\0
	*H
0l10	UUS10U
DigiCert Inc10Uwww.digicert.com1+0)U"DigiCert High Assurance EV Root CA0
120418120000Z
270418120000Z0l10	UUS10U
DigiCert Inc10Uwww.digicert.com1+0)U"DigiCert EV Code Signing CA (SHA2)0"0
	*H
0
Sdτ5Ѷǣ,,:5:W/H<nܗ"QyaC/
I1DX>O#~le$U>#|BzbE}ct˞c%EO}u>EzX64+.+1Xf2R>v@Zj=Kv\60L*XA "v^T8bp$pd	-⶝!lس{P6
\J9yݿ=:	%X0T0U00U0U%0
+0+s0q0$+0http://ocsp.digicert.com0I+0=http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0U00@><:http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0@><:http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0U 00	`Hl00:+.http://www.digicert.com/ssl-cps-repository.htm0d+0VRAny use of this Certificate constitutes acceptance of the DigiCert CP/CPS and the Relying Party Agreement which limit liability and are incorporated herein by reference.0U~m2j#pj:k0U#0>iGԘ&cd+0
	*H
3J37ۭ6:.zCBNMݟ	!]Cw+ב3lղ;.ɓO@~YVrjAF|If8pwɍ1)3͉?|mƲ:fk{ئ4XSW`#dM|%d!BC7M&MaKFAeθy;Ǚ*nm^aƖa-Cbԙjd1
000l10	UUS10U
DigiCert Inc10Uwww.digicert.com1+0)U"DigiCert EV Code Signing CA (SHA2)	E%YRvDP0
	`He0
+7100
*H
	10	*H
	1
+70
+710
+70/	*H
	1" <e[%x]PW7Q[Ⱥ9.V0
	*H
]#wkJunxڜAڨb0ؤρ[Wj0*BկHؠ5u\!P
7%Tٳ
Lj9ȭ{ѲR@Tλٲ	BgKGdgLH \"[	fq:f'4ޱPCǸ,bwSWa¬7cih*E|)Plxo_dwkVp0
+710	*H
010
	`He0w*H
	hf0d	`Hl010
	`He Bd~Dྋ3L>Rl,:20191205170555Z00j?hvq`̧m0
	*H
0r10	UUS10U
DigiCert Inc10Uwww.digicert.com110/U(DigiCert SHA2 Assured ID Timestamping CA0
191001000000Z
301017000000Z0L10	UUS10U
DigiCert, Inc.1$0"UTIMESTAMP-SHA256-2019-10-150"0
	*H
0
d5edܸ)6g	XM0;<(P1]	i#w-jԮzA9u/E~m<b>~zE1B>UZOX2i"-Ƙket
tHpD;ù,('%K`i"NղeY!|,p׳9wPB,.zΜgz8wT@O ·+xpBS6ESIbz8040U0U00U%0
+0U 00	`Hl00(+https://www.digicert.com/CPS0d+0VRAny use of this Certificate constitutes acceptance of the DigiCert CP/CPS and the Relying Party Agreement which limit liability and are incorporated herein by reference.0	`Hl0U#0 )a%5n0UVSMnWrPL0qUj0h020.,http://crl3.digicert.com/sha2-assured-ts.crl020.,http://crl4.digicert.com/sha2-assured-ts.crl0+y0w0$+0http://ocsp.digicert.com0O+0Chttp://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
	*H
.DJ2Rف	#=ؒFJ/nz<cn7X#CN9	,yk#GT{:sj!)Ê`Gğ
hSZ"S1_؂-mBN$G"rw\O9+WDnC3cQ7VGãXT!VI?W
#^{ݝz*EULωF1_30`Uk0GN3gj(M[˩lS	010
%2~A60
	*H
0e10	UUS10U
DigiCert Inc10Uwww.digicert.com1$0"UDigiCert Assured ID Root CA0
160107120000Z
310107120000Z0r10	UUS10U
DigiCert Inc10Uwww.digicert.com110/U(DigiCert SHA2 Assured ID Timestamping CA0"0
	*H
0
2K͏ݩ9T(W#JE3Q}}Mh~綠􍳈䗿c!W~j8.;̦2Y_e?FGU~'~"?~">m;|	]ȚT	qk"uqrN
@:\QyM$#0]<`j/GوP^fnVa')QFP*,u>1֭d{Єr=MBS*O<ڬݬV00U )a%5n0U#0E뢯˂1-Q!m0U00U0U%0
+0y+m0k0$+0http://ocsp.digicert.com0C+07http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0Uz0x0:864http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:864http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0PU I0G08
`Hl0*0(+https://www.digicert.com/CPS0	`Hl0
	*H
qQVi|czx7@Kŧ B,w+!Z*4j'f	`v:|b^%ĺ{,![,5Churǘ<dH_8aMbF$cR,)xGpuՓ~gSakXi
|(uc"ay~Yo&lQ!X`-+m~%+G|I|BB(VA4f]t{V3"/"6KJR1M0I00r10	UUS10U
DigiCert Inc10Uwww.digicert.com110/U(DigiCert SHA2 Assured ID Timestamping CA?hvq`̧m0
	`He0	*H
	1
*H
	0	*H
	1
191205170555Z0+*H
	1000%P^ږ0-/OL((40/	*H
	1" ,7-R1~ߎ·0
	*H
qKx2e2 8X4鸗Q@.%	ͭ/
>R^GdG,-Qad|ӕ;\o5dvt!-0ZO]i_AСe!pfAFҕH'~4
_ɭ_ُƂ`0Ծ(qQƁJ0c>^fyfAu>6,[E4<IJ!W~

Anon7 - 2022
AnonSec Team