2017/10/10 13:09:46.971 [2632:4208] GetSummary() returned 0 2017/10/10 13:09:46.971 [2632:4208] check techID LocalRep 2017/10/10 13:09:46.971 [2632:4208] Rec Count: 0 Byte Count: 0 2017/10/10 13:09:46.971 [2632:4208] GetSummary() returned 0 2017/10/10 13:09:46.971 [2632:4208] check techID NacMan 2017/10/10 13:09:46.971 [2632:4208] Rec Count: 0 Byte Count: 0 2017/10/10 13:09:46.971 [2632:4208] GetSummary() returned 0 2017/10/10 13:09:46.971 [2632:4208] check techID NetSecMan 2017/10/10 13:09:46.971 [2632:4208] Rec Count: 0 Byte Count: 0 2017/10/10 13:09:46.971 [2632:4208] GetSummary() returned 0 2017/10/10 13:09:46.971 [2632:4208] check techID RebootMgrMan 2017/10/10 13:09:46.971 [2632:4208] Rec Count: 0 Byte Count: 0 2017/10/10 13:09:46.971 [2632:4208] GetSummary() returned 0 2017/10/10 13:09:46.971 [2632:4208] check techID RepMgtMan 2017/10/10 13:09:46.971 [2632:4208] Rec Count: 0 Byte Count: 0 2017/10/10 13:09:46.971 [2632:4208] GetSummary() returned 0 2017/10/10 13:09:46.971 [2632:4208] check techID SfMan 2017/10/10 13:09:46.987 [2632:4208] Rec Count: 0 Byte Count: 0 2017/10/10 13:09:46.987 [2632:4208] GetSummary() returned 0 2017/10/10 13:09:46.987 [2632:4208] check techID SubmissionsMan 2017/10/10 13:09:46.987 [2632:4208] Rec Count: 0 Byte Count: 0 2017/10/10 13:09:46.987 [2632:4208] GetSummary() returned 0 2017/10/10 13:09:46.987 [2632:4208] completed. Found 0 records 2017/10/10 13:09:46.987 [2632:4208] found 0 tech extension records 2017/10/10 13:09:46.987 [2632:4208] nSecurityRecordsTotal=12 2017/10/10 13:09:46.987 [2632:4208] nSecurityRecordsToSend=44 2017/10/10 13:09:46.987 [2632:4208] nSystemRecordsTotal=0 2017/10/10 13:09:46.987 [2632:4208] nSystemRecordsToSend=0 2017/10/10 13:09:46.987 [2632:4208] nTrafficRecordsTotal=15 2017/10/10 13:09:46.987 [2632:4208] nTrafficRecordsToSend=55 2017/10/10 13:09:46.987 [2632:4208] nRawRecordsTotal=0 2017/10/10 13:09:46.987 [2632:4208] nRawRecordsToSend=0 2017/10/10 13:09:46.987 [2632:4208] nProcessRecordsTotal=0 2017/10/10 13:09:46.987 [2632:4208] nProcessRecordsToSend=0 2017/10/10 13:09:46.987 [2632:4208] nLANSensorRecordsTotal=0 2017/10/10 13:09:46.987 [2632:4208] nLANSensorRecordsToSend=0 2017/10/10 13:09:46.987 [2632:4208] nTechExtensionRecordsTotal=0 2017/10/10 13:09:46.987 [2632:4208] nTechExtensionRecordsToSend=0 2017/10/10 13:09:46.987 [2632:4208] sys_event_idfirst=4053 2017/10/10 13:09:46.987 [2632:4208] sys_event_idlast=4052 2017/10/10 13:09:46.987 [2632:4208] sec_event_idfirst=2000 2017/10/10 13:09:46.987 [2632:4208] sec_event_idlast=2011 2017/10/10 13:09:46.987 [2632:4208] tra_event_idfirst=17350 2017/10/10 13:09:46.987 [2632:4208] tra_event_idlast=17364 2017/10/10 13:09:46.987 [2632:4208] raw_event_idfirst=1 2017/10/10 13:09:46.987 [2632:4208] raw_event_idlast=0 2017/10/10 13:09:46.987 [2632:4208] process_event_idfirst=3671 2017/10/10 13:09:46.987 [2632:4208] process_event_idlast=3670 2017/10/10 13:09:46.987 [2632:4208] lansensor_event_idfirst=1 2017/10/10 13:09:46.987 [2632:4208] lansensor_event_idlast=0 2017/10/10 13:09:47.003 [2632:4208] AH: Setting the Browser Session end option & Resetting the URL session .. 2017/10/10 13:09:47.159 [2632:4208] ===SEND EVENT_SERVER_REQUIRES_CLIENT_APPLEARNING === 2017/10/10 13:09:47.159 [2632:4208] Received request for checksum file 2017/10/10 13:09:47.159 [2632:4208] [CollectChecksumCmdProcessor] No checksum is ready to be uploaded. 2017/10/10 13:09:47.159 [2632:4208] EVENT_SYLINK_REQUEST_FILE_METADATA: There is no checksum file needs to be uploaded 2017/10/10 13:09:47.159 [2632:4208] Checksum file to upload: 2017/10/10 13:09:48.188 [2632:4208] AH: Setting the Browser Session end option & Resetting the URL session .. 2017/10/10 13:10:18.219 [2632:3784] HI: Timer Trigger is changed 2017/10/10 13:10:18.219 [2632:3784] HI: HI verifying the HI Content before HI checking. 2017/10/10 13:10:18.250 [2632:3784] HI: reset to history result in location Default 2017/10/10 13:10:18.250 [2632:3784] HI: set HI result to HI_CHECK_SUCCESS. 2017/10/10 13:10:18.250 [2632:3784] HI: HI checking is triggered. 2017/10/10 13:10:18.281 [2632:3784] HI: Script Execution is started 2017/10/10 13:10:18.281 [2632:3784] HI: The winsta\desktop is : Winsta0\Default 2017/10/10 13:10:18.281 [2632:3784] HI: bFindWinlogon is 1 2017/10/10 13:10:18.297 [2632:3784] HI: SetTokenInformation successfully 2017/10/10 13:10:18.297 [2632:3784] HI: the using the first Vista/XP(FUS) method 2017/10/10 13:10:18.921 [2632:3784] Script exit normally. 2017/10/10 13:10:18.921 [2632:3784] HI: Script running Completed 2017/10/10 13:10:18.921 [2632:3784] HI: Closing the Scrpit process handle. 2017/10/10 13:10:18.921 [2632:3784] HI: Read HI Result from encrypted registry value! 2017/10/10 13:10:18.921 [2632:3784] HI: CFailExeHIHandler::ResetFailedTime 2017/10/10 13:10:18.921 [2632:3784] HI: Host Integrity check passed. 2017/10/10 13:10:18.921 [2632:3784] HI: HI result is updated. Result: 0 , Reason: 0 , Description: Host Integrity check passed Requirement: "Write Petya Killswitch File" passed Requirement: "WannaCry Cryptoware Registry Detection Rule" passed , Timestamp: 13152139818 2017/10/10 13:12:18.964 [2632:3784] HI: Timer Trigger is changed 2017/10/10 13:12:18.964 [2632:3784] HI: HI verifying the HI Content before HI checking. 2017/10/10 13:12:18.995 [2632:3784] HI: reset to history result in location Default 2017/10/10 13:12:18.995 [2632:3784] HI: set HI result to HI_CHECK_SUCCESS. 2017/10/10 13:12:18.995 [2632:3784] HI: HI checking is triggered. 2017/10/10 13:12:19.027 [2632:3784] HI: Script Execution is started 2017/10/10 13:12:19.027 [2632:3784] HI: The winsta\desktop is : Winsta0\Default 2017/10/10 13:12:19.027 [2632:3784] HI: bFindWinlogon is 1 2017/10/10 13:12:19.027 [2632:3784] HI: SetTokenInformation successfully 2017/10/10 13:12:19.027 [2632:3784] HI: the using the first Vista/XP(FUS) method 2017/10/10 13:12:19.651 [2632:3784] Script exit normally. 2017/10/10 13:12:19.651 [2632:3784] HI: Script running Completed 2017/10/10 13:12:19.651 [2632:3784] HI: Closing the Scrpit process handle. 2017/10/10 13:12:19.651 [2632:3784] HI: Read HI Result from encrypted registry value! 2017/10/10 13:12:19.651 [2632:3784] HI: CFailExeHIHandler::ResetFailedTime 2017/10/10 13:12:19.651 [2632:3784] HI: Host Integrity check passed. 2017/10/10 13:12:19.651 [2632:3784] HI: HI result is updated. Result: 0 , Reason: 0 , Description: Host Integrity check passed Requirement: "Write Petya Killswitch File" passed Requirement: "WannaCry Cryptoware Registry Detection Rule" passed , Timestamp: 13152139939 2017/10/10 13:14:17.219 [2632:5984] ***SMC*** Enable flag = 0 2017/10/10 13:14:19.700 [2632:3784] HI: Timer Trigger is changed 2017/10/10 13:14:19.700 [2632:3784] HI: HI verifying the HI Content before HI checking. 2017/10/10 13:14:19.715 [2632:3784] HI: reset to history result in location Default 2017/10/10 13:14:19.715 [2632:3784] HI: set HI result to HI_CHECK_SUCCESS. 2017/10/10 13:14:19.731 [2632:3784] HI: HI checking is triggered. 2017/10/10 13:14:19.778 [2632:3784] HI: Script Execution is started 2017/10/10 13:14:19.778 [2632:3784] HI: The winsta\desktop is : Winsta0\Default 2017/10/10 13:14:19.778 [2632:3784] HI: bFindWinlogon is 1 2017/10/10 13:14:19.778 [2632:3784] HI: SetTokenInformation successfully 2017/10/10 13:14:19.778 [2632:3784] HI: the using the first Vista/XP(FUS) method 2017/10/10 13:14:20.417 [2632:3784] Script exit normally. 2017/10/10 13:14:20.417 [2632:3784] HI: Script running Completed 2017/10/10 13:14:20.417 [2632:3784] HI: Closing the Scrpit process handle. 2017/10/10 13:14:20.417 [2632:3784] HI: Read HI Result from encrypted registry value! 2017/10/10 13:14:20.417 [2632:3784] HI: CFailExeHIHandler::ResetFailedTime 2017/10/10 13:14:20.417 [2632:3784] HI: Host Integrity check passed. 2017/10/10 13:14:20.417 [2632:3784] HI: HI result is updated. Result: 0 , Reason: 0 , Description: Host Integrity check passed Requirement: "Write Petya Killswitch File" passed Requirement: "WannaCry Cryptoware Registry Detection Rule" passed , Timestamp: 13152140060 2017/10/10 13:15:12.424 [2632:4208] 200=>200 OK 2017/10/10 13:15:12.424 [2632:4208] CAsyncHttpConnection::Close - Request: HttpSendRequest; CtrlBlk: 07137AB8 time: 0 2017/10/10 13:15:18.601 [2632:4208] AH: Setting the Browser Session end option & Resetting the URL session .. 2017/10/10 13:15:18.633 [2632:4208] 200=>200 OK 2017/10/10 13:15:18.648 [2632:4208] CAsyncHttpConnection::Close - Request: InternetReadFileEx; CtrlBlk: 07137AB8 time: 0 2017/10/10 13:15:19.069 [2632:3080] Succeed to send the connect status change to TrayIcon 2017/10/10 13:15:19.163 [2632:4208] AH: Setting the Browser Session end option & Resetting the URL session .. 2017/10/10 13:15:19.194 [2632:4208] 200=>200 OK 2017/10/10 13:15:19.210 [2632:4208] CAsyncHttpConnection::Close - Request: InternetReadFileEx; CtrlBlk: 07136AF8 time: 0 2017/10/10 13:15:19.725 [2632:4208] AH: Setting the Browser Session end option & Resetting the URL session .. 2017/10/10 13:15:19.756 [2632:4208] 200=>200 OK 2017/10/10 13:15:19.771 [2632:4208] CAsyncHttpConnection::Close - Request: InternetReadFileEx; CtrlBlk: 07136AF8 time: 0 2017/10/10 13:15:20.286 [2632:4208] AH: Setting the Browser Session end option & Resetting the URL session ..