New Antiexecutable: NoVirusThanks EXE Radar Pro

Discussion in 'other anti-malware software' started by sg09, Jun 3, 2011.

  1. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Microsoft Office click to run ran today, and after that I received around 15-20 prompts. I kept allowing, and allowing......! The first several times I clicked Allow without remembering, but after that I clicked allow and remember with the boxes that are ticked by default. The command line box was ticked, but I guess I needed to use a lot of wildcards to avoid this headache. Then ERP autoblocked wevtutil.exe 5 times in a role. I clicked close all, and all notifications closed. It seem close all is working now. You may want to reconsider making wevtutil.exe ask instead of block.

    Here are the entries from the Log that I was prompted for, and also for when the blocks of wevtutil.exe occurred. It is quite long. It seems that around the seventh time I was prompted the command line started having schtask.exe in it, and I think that kept the endless bombardment of prompts coming. Also, I will have to look back at the log to see how wevutil.exe was being used. I did notice that some of the schtasks.exe were related to telemetry. No matter how many times I disable telemetry items in schtask Microsoft enables them again. Bad Microsoft! Bad!

    Code:
    Process        : C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : False
    SHA1           : DEC598C9762D88E94D18ECD3FCF968E62F52C035
    Signer         : Microsoft Corporation
    Command        : "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe"
    Parent         : C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    Parent SHA1    : EA577D44F59CD9918E1C3C5069DDEDC5955BBC9F
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:47:07.610
    Action         : Allow/Program Files
    Expression     : -
    Category       : -
    PID            : 2872
    Process        : C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : False
    SHA1           : 1FEE1A5B370F7F1895D139E95852E5B03F82D058
    Signer         : Microsoft Corporation
    Command        : integrator.exe /I /License PRIDName=O365ProPlusRetail.16 PackageGUID="9AC08E99-230B-47e8-9721-4577B7F124EA" PackageRoot="C:\Program Files (x86)\Microsoft Office\root"
    Parent         : C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    Parent SHA1    : EA577D44F59CD9918E1C3C5069DDEDC5955BBC9F
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:47:08.314
    Action         : Allow/Program Files
    Expression     : -
    Category       : -
    PID            : 9352
    Process        : C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
    Integrity Level: Medium
    User/Domain    : achilles/DESKTOP-7FI3QG7
    System File    : False
    SHA1           : DEC598C9762D88E94D18ECD3FCF968E62F52C035
    Signer         : Microsoft Corporation
    Command        : "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe"
    Parent         : C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    Parent SHA1    : EA577D44F59CD9918E1C3C5069DDEDC5955BBC9F
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:47:08.704
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 5780
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
    Parent SHA1    : 1FEE1A5B370F7F1895D139E95852E5B03F82D058
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:47:09.251
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 7644
    Process        : C:\Windows\System32\dllhost.exe
    Integrity Level: Medium
    User/Domain    : achilles/DESKTOP-7FI3QG7
    System File    : True
    SHA1           : C4BC5F9CA7342250474699BF59410A889AF3D738
    Signer         : Microsoft Windows
    Command        : C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
    Parent         : C:\Windows\System32\svchost.exe
    Parent SHA1    : B3D7C886DC6607A50874E0ECF2B90CFC3C4B57B8
    Parent Signer  : Microsoft Windows Publisher
    
    
    Date/Time      : 2018-10-12 16:47:10.345
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 5776
    Process        : C:\Windows\System32\sppsvc.exe
    Integrity Level: System
    User/Domain    : NETWORK SERVICE/NT AUTHORITY
    System File    : True
    SHA1           : 6B7B30170F11A505B57B9ADD0C2727BD107B0D53
    Signer         : Microsoft Windows
    Command        : C:\Windows\system32\sppsvc.exe
    Parent         : C:\Windows\System32\services.exe
    Parent SHA1    : C5812D6D46B4D93695906804E7F9A74E93158940
    Parent Signer  : Microsoft Windows Publisher
    
    
    Date/Time      : 2018-10-12 16:47:26.517
    Action         : Ask/Allow Once
    Expression     : -
    Category       : Alert Dialog
    PID            : 9980
    Process        : C:\Windows\System32\schtasks.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : FCCBFE14F18625D6E636D42676EFA7797FCA1690
    Signer         :
    Command        : schtasks.exe /Delete /F /tn "Microsoft\Office\Office ClickToRun Service Monitor"
    Parent         : C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    Parent SHA1    : EA577D44F59CD9918E1C3C5069DDEDC5955BBC9F
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:47:26.767
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 9772
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\System32\schtasks.exe
    Parent SHA1    : FCCBFE14F18625D6E636D42676EFA7797FCA1690
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:47:27.470
    Action         : Allow/Known Safe Process
    Expression     : -
    Category       : -
    PID            : 5684
    Process        : C:\Windows\System32\schtasks.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : FCCBFE14F18625D6E636D42676EFA7797FCA1690
    Signer         :
    Command        : schtasks.exe /change /tn "Microsoft\Office\Office ClickToRun Service Monitor" /enable
    Parent         : C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    Parent SHA1    : EA577D44F59CD9918E1C3C5069DDEDC5955BBC9F
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:47:27.721
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 5876
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\System32\schtasks.exe
    Parent SHA1    : FCCBFE14F18625D6E636D42676EFA7797FCA1690
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:47:32.843
    Action         : Ask/Allow Once
    Expression     : -
    Category       : Alert Dialog
    PID            : 1840
    Process        : C:\Windows\System32\schtasks.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : FCCBFE14F18625D6E636D42676EFA7797FCA1690
    Signer         :
    Command        : schtasks.exe /Create /tn "Microsoft\Office\Office ClickToRun Service Monitor" /XML "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ServiceWatcherSchedule.xml"
    Parent         : C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    Parent SHA1    : EA577D44F59CD9918E1C3C5069DDEDC5955BBC9F
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:47:33.093
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 6948
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\System32\schtasks.exe
    Parent SHA1    : FCCBFE14F18625D6E636D42676EFA7797FCA1690
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:47:33.780
    Action         : Allow/Known Safe Process
    Expression     : -
    Category       : -
    PID            : 208
    Process        : C:\Windows\System32\schtasks.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : FCCBFE14F18625D6E636D42676EFA7797FCA1690
    Signer         :
    Command        : schtasks.exe /change /tn "Microsoft\Office\Office ClickToRun Service Monitor" /enable
    Parent         : C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    Parent SHA1    : EA577D44F59CD9918E1C3C5069DDEDC5955BBC9F
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:47:33.996
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 6748
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\System32\schtasks.exe
    Parent SHA1    : FCCBFE14F18625D6E636D42676EFA7797FCA1690
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:47:34.664
    Action         : Allow/Known Safe Process
    Expression     : -
    Category       : -
    PID            : 4924
    Process        : C:\Windows\System32\schtasks.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : FCCBFE14F18625D6E636D42676EFA7797FCA1690
    Signer         :
    Command        : schtasks.exe /change /tn "Microsoft\Office\Office Automatic Updates 2.0" /enable
    Parent         : C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    Parent SHA1    : EA577D44F59CD9918E1C3C5069DDEDC5955BBC9F
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:47:34.851
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 4428
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\System32\schtasks.exe
    Parent SHA1    : FCCBFE14F18625D6E636D42676EFA7797FCA1690
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:47:46.758
    Action         : Ask/Allow Once
    Expression     : -
    Category       : Alert Dialog
    PID            : 4772
    Process        : C:\Windows\System32\schtasks.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : FCCBFE14F18625D6E636D42676EFA7797FCA1690
    Signer         :
    Command        : schtasks.exe /Delete /F /tn "Microsoft\Office\Office Automatic Updates"
    Parent         : C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    Parent SHA1    : EA577D44F59CD9918E1C3C5069DDEDC5955BBC9F
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:47:47.008
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 4332
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\System32\schtasks.exe
    Parent SHA1    : FCCBFE14F18625D6E636D42676EFA7797FCA1690
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:47:47.679
    Action         : Allow/Known Safe Process
    Expression     : -
    Category       : -
    PID            : 6840
    Process        : C:\Windows\System32\schtasks.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : FCCBFE14F18625D6E636D42676EFA7797FCA1690
    Signer         :
    Command        : schtasks.exe /change /tn "Microsoft\Office\Office Automatic Updates" /enable
    Parent         : C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    Parent SHA1    : EA577D44F59CD9918E1C3C5069DDEDC5955BBC9F
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:47:47.863
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 7064
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\System32\schtasks.exe
    Parent SHA1    : FCCBFE14F18625D6E636D42676EFA7797FCA1690
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:47:49.529
    Action         : Ask/Allow Once
    Expression     : -
    Category       : Alert Dialog
    PID            : 9152
    Process        : C:\Windows\System32\schtasks.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : FCCBFE14F18625D6E636D42676EFA7797FCA1690
    Signer         :
    Command        : schtasks.exe /Create /tn "Microsoft\Office\Office Automatic Updates" /XML "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeUpdateSchedule.xml"
    Parent         : C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    Parent SHA1    : EA577D44F59CD9918E1C3C5069DDEDC5955BBC9F
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:47:49.763
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 6628
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\System32\schtasks.exe
    Parent SHA1    : FCCBFE14F18625D6E636D42676EFA7797FCA1690
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:47:50.482
    Action         : Allow/Known Safe Process
    Expression     : -
    Category       : -
    PID            : 8544
    Process        : C:\Windows\System32\schtasks.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : FCCBFE14F18625D6E636D42676EFA7797FCA1690
    Signer         :
    Command        : schtasks.exe /change /tn "Microsoft\Office\Office Automatic Updates" /enable
    Parent         : C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    Parent SHA1    : EA577D44F59CD9918E1C3C5069DDEDC5955BBC9F
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:47:50.667
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 6844
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\System32\schtasks.exe
    Parent SHA1    : FCCBFE14F18625D6E636D42676EFA7797FCA1690
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:47:51.798
    Action         : Allow/Program Files
    Expression     : -
    Category       : -
    PID            : 1984
    Process        : C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : False
    SHA1           : 1FEE1A5B370F7F1895D139E95852E5B03F82D058
    Signer         : Microsoft Corporation
    Command        : integrator.exe /I /Extension /Msi PackageGUID="9AC08E99-230B-47e8-9721-4577B7F124EA" PackageRoot="C:\Program Files (x86)\Microsoft Office\root"
    Parent         : C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    Parent SHA1    : EA577D44F59CD9918E1C3C5069DDEDC5955BBC9F
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:47:52.204
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 5332
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
    Parent SHA1    : 1FEE1A5B370F7F1895D139E95852E5B03F82D058
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:47:59.501
    Action         : Ask/Allow Once
    Expression     : -
    Category       : Alert Dialog
    PID            : 2676
    Process        : C:\Windows\SysWOW64\schtasks.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 74455579633A251C5BB9904FAE3A89A031DBE10C
    Signer         :
    Command        : schtasks.exe /Delete /F /tn "Microsoft\Office\OfficeBackgroundTaskHandlerLogon"
    Parent         : C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
    Parent SHA1    : 1FEE1A5B370F7F1895D139E95852E5B03F82D058
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:47:59.735
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 2528
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\SysWOW64\schtasks.exe
    Parent SHA1    : 74455579633A251C5BB9904FAE3A89A031DBE10C
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:48:10.142
    Action         : Ask/Allow
    Expression     : -
    Category       : Alert Dialog
    PID            : 6500
    Process        : C:\Windows\SysWOW64\schtasks.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 74455579633A251C5BB9904FAE3A89A031DBE10C
    Signer         :
    Command        : schtasks.exe /Create /tn "Microsoft\Office\OfficeBackgroundTaskHandlerLogon" /XML "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml"
    Parent         : C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
    Parent SHA1    : 1FEE1A5B370F7F1895D139E95852E5B03F82D058
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:48:10.376
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 9328
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\SysWOW64\schtasks.exe
    Parent SHA1    : 74455579633A251C5BB9904FAE3A89A031DBE10C
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:48:17.329
    Action         : Ask/Allow
    Expression     : -
    Category       : Alert Dialog
    PID            : 4088
    Process        : C:\Windows\SysWOW64\schtasks.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 74455579633A251C5BB9904FAE3A89A031DBE10C
    Signer         :
    Command        : schtasks.exe /Delete /F /tn "Microsoft\Office\OfficeBackgroundTaskHandlerRegistration"
    Parent         : C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
    Parent SHA1    : 1FEE1A5B370F7F1895D139E95852E5B03F82D058
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:48:17.579
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 2728
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\SysWOW64\schtasks.exe
    Parent SHA1    : 74455579633A251C5BB9904FAE3A89A031DBE10C
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:48:26.657
    Action         : Ask/Allow
    Expression     : -
    Category       : Alert Dialog
    PID            : 3860
    Process        : C:\Windows\SysWOW64\schtasks.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 74455579633A251C5BB9904FAE3A89A031DBE10C
    Signer         :
    Command        : schtasks.exe /Create /tn "Microsoft\Office\OfficeBackgroundTaskHandlerRegistration" /XML "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml"
    Parent         : C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
    Parent SHA1    : 1FEE1A5B370F7F1895D139E95852E5B03F82D058
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:48:26.907
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 7632
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\SysWOW64\schtasks.exe
    Parent SHA1    : 74455579633A251C5BB9904FAE3A89A031DBE10C
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:48:27.282
    Action         : Allow/Program Files
    Expression     : -
    Category       : -
    PID            : 988
    Process        : C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe
    Integrity Level: Medium
    User/Domain    : achilles/DESKTOP-7FI3QG7
    System File    : False
    SHA1           : BE9786F3448F9EBBB622044D41C442701A82B244
    Signer         : Microsoft Corporation
    Command        : "C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe"
    Parent         : C:\Windows\System32\svchost.exe
    Parent SHA1    : B3D7C886DC6607A50874E0ECF2B90CFC3C4B57B8
    Parent Signer  : Microsoft Windows Publisher
    
    
    Date/Time      : 2018-10-12 16:48:38.392
    Action         : Ask/Allow
    Expression     : -
    Category       : Alert Dialog
    PID            : 6180
    Process        : C:\Windows\SysWOW64\schtasks.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 74455579633A251C5BB9904FAE3A89A031DBE10C
    Signer         :
    Command        : schtasks.exe /Delete /F /tn "Microsoft\Office\OfficeTelemetryAgentLogOn2016"
    Parent         : C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
    Parent SHA1    : 1FEE1A5B370F7F1895D139E95852E5B03F82D058
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:48:38.626
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 804
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\SysWOW64\schtasks.exe
    Parent SHA1    : 74455579633A251C5BB9904FAE3A89A031DBE10C
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:48:48.204
    Action         : Ask/Allow
    Expression     : -
    Category       : Alert Dialog
    PID            : 1912
    Process        : C:\Windows\SysWOW64\schtasks.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 74455579633A251C5BB9904FAE3A89A031DBE10C
    Signer         :
    Command        : schtasks.exe /Create /tn "Microsoft\Office\OfficeTelemetryAgentLogOn2016" /XML "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml"
    Parent         : C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
    Parent SHA1    : 1FEE1A5B370F7F1895D139E95852E5B03F82D058
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:48:48.470
    Action         : Allow/Program Files
    Expression     : -
    Category       : -
    PID            : 8912
    Process        : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    Integrity Level: Medium
    User/Domain    : achilles/DESKTOP-7FI3QG7
    System File    : False
    SHA1           : 4ABB30ACD9C8FC94F72B280856E868612FD476E0
    Signer         : Adobe Systems, Incorporated
    Command        : "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    Parent         : C:\Windows\System32\svchost.exe
    Parent SHA1    : B3D7C886DC6607A50874E0ECF2B90CFC3C4B57B8
    Parent Signer  : Microsoft Windows Publisher
    
    
    Date/Time      : 2018-10-12 16:48:48.642
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 3724
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\SysWOW64\schtasks.exe
    Parent SHA1    : 74455579633A251C5BB9904FAE3A89A031DBE10C
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:01.579
    Action         : Ask/Allow
    Expression     : -
    Category       : Alert Dialog
    PID            : 6524
    Process        : C:\Windows\SysWOW64\schtasks.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 74455579633A251C5BB9904FAE3A89A031DBE10C
    Signer         :
    Command        : schtasks.exe /Delete /F /tn "Microsoft\Office\OfficeTelemetryAgentFallBack2016"
    Parent         : C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
    Parent SHA1    : 1FEE1A5B370F7F1895D139E95852E5B03F82D058
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:01.814
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 2288
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\SysWOW64\schtasks.exe
    Parent SHA1    : 74455579633A251C5BB9904FAE3A89A031DBE10C
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:05.689
    Action         : Ask/Allow
    Expression     : -
    Category       : Alert Dialog
    PID            : 224
    Process        : C:\Windows\SysWOW64\schtasks.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 74455579633A251C5BB9904FAE3A89A031DBE10C
    Signer         :
    Command        : schtasks.exe /Create /tn "Microsoft\Office\OfficeTelemetryAgentFallBack2016" /XML "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml"
    Parent         : C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
    Parent SHA1    : 1FEE1A5B370F7F1895D139E95852E5B03F82D058
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:05.907
    Action         : Allow/Trusted Vendor
    Expression     : -
    Category       : -
    PID            : 6752
    Process        : C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : False
    SHA1           : 0DE8E600CB2CB36AFD27614241B325565076F0D6
    Signer         : Adobe Systems Incorporated
    Command        : C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Parent         : C:\Windows\System32\svchost.exe
    Parent SHA1    : B3D7C886DC6607A50874E0ECF2B90CFC3C4B57B8
    Parent Signer  : Microsoft Windows Publisher
    
    
    Date/Time      : 2018-10-12 16:49:06.079
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 9772
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\SysWOW64\schtasks.exe
    Parent SHA1    : 74455579633A251C5BB9904FAE3A89A031DBE10C
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:06.267
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 6988
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Parent SHA1    : 0DE8E600CB2CB36AFD27614241B325565076F0D6
    Parent Signer  : Adobe Systems Incorporated
    
    
    Date/Time      : 2018-10-12 16:49:06.501
    Action         : Allow/Known Safe Process
    Expression     : -
    Category       : -
    PID            : 1724
    Process        : C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : False
    SHA1           : 0DE8E600CB2CB36AFD27614241B325565076F0D6
    Signer         : Adobe Systems Incorporated
    Command        : C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Parent         : C:\Windows\System32\services.exe
    Parent SHA1    : C5812D6D46B4D93695906804E7F9A74E93158940
    Parent Signer  : Microsoft Windows Publisher
    
    
    Date/Time      : 2018-10-12 16:49:08.454
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 8428
    Process        : C:\Windows\System32\dllhost.exe
    Integrity Level: Medium
    User/Domain    : achilles/DESKTOP-7FI3QG7
    System File    : True
    SHA1           : C4BC5F9CA7342250474699BF59410A889AF3D738
    Signer         : Microsoft Windows
    Command        : C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
    Parent         : C:\Windows\System32\svchost.exe
    Parent SHA1    : B3D7C886DC6607A50874E0ECF2B90CFC3C4B57B8
    Parent Signer  : Microsoft Windows Publisher
    
    
    Date/Time      : 2018-10-12 16:49:12.235
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 4924
    Process        : C:\Windows\System32\SearchIndexer.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 693157177CFFEA69B571AFE124B2FDA89920F226
    Signer         :
    Command        : C:\Windows\system32\SearchIndexer.exe /Embedding
    Parent         : C:\Windows\System32\services.exe
    Parent SHA1    : C5812D6D46B4D93695906804E7F9A74E93158940
    Parent Signer  : Microsoft Windows Publisher
    
    
    Date/Time      : 2018-10-12 16:49:12.704
    Action         : Deny
    Expression     : [Proc.Name = wevtutil.exe] [Action = Deny]
    Category       : Vulnerable Processes
    PID            : 9808
    Process        : C:\Windows\SysWOW64\wevtutil.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 8D9803A6BF78F7133692C5827DBF22959424F52C
    Signer         :
    Command        : wevtutil.exe im "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man" /rf:"C:\Program Files (x86)\Microsoft Office\root\Office16\wwlib.dll" /mf:"C:\Program Files (x86)\Microsoft Office\root\Office16\wwlib.dll"
    Parent         : C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
    Parent SHA1    : 1FEE1A5B370F7F1895D139E95852E5B03F82D058
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:13.048
    Action         : Deny
    Expression     : [Proc.Name = wevtutil.exe] [Action = Deny]
    Category       : Vulnerable Processes
    PID            : 7512
    Process        : C:\Windows\SysWOW64\wevtutil.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 8D9803A6BF78F7133692C5827DBF22959424F52C
    Signer         :
    Command        : wevtutil.exe im "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man" /rf:"C:\Program Files (x86)\Microsoft Office\root\Office16\msoetwres.dll" /mf:"C:\Program Files (x86)\Microsoft Office\root\Office16\msoetwres.dll"
    Parent         : C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
    Parent SHA1    : 1FEE1A5B370F7F1895D139E95852E5B03F82D058
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:13.392
    Action         : Deny
    Expression     : [Proc.Name = wevtutil.exe] [Action = Deny]
    Category       : Vulnerable Processes
    PID            : 3460
    Process        : C:\Windows\SysWOW64\wevtutil.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 8D9803A6BF78F7133692C5827DBF22959424F52C
    Signer         :
    Command        : wevtutil.exe im "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man" /rf:"C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\mso.dll" /mf:"C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\mso.dll"
    Parent         : C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
    Parent SHA1    : 1FEE1A5B370F7F1895D139E95852E5B03F82D058
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:13.735
    Action         : Deny
    Expression     : [Proc.Name = wevtutil.exe] [Action = Deny]
    Category       : Vulnerable Processes
    PID            : 4772
    Process        : C:\Windows\SysWOW64\wevtutil.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 8D9803A6BF78F7133692C5827DBF22959424F52C
    Signer         :
    Command        : wevtutil.exe im "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man" /rf:"C:\Program Files (x86)\Microsoft Office\root\Office16\wwlib.dll" /mf:"C:\Program Files (x86)\Microsoft Office\root\Office16\wwlib.dll"
    Parent         : C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
    Parent SHA1    : 1FEE1A5B370F7F1895D139E95852E5B03F82D058
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:14.079
    Action         : Deny
    Expression     : [Proc.Name = wevtutil.exe] [Action = Deny]
    Category       : Vulnerable Processes
    PID            : 7236
    Process        : C:\Windows\SysWOW64\wevtutil.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 8D9803A6BF78F7133692C5827DBF22959424F52C
    Signer         :
    Command        : wevtutil.exe im "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man" /rf:"C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\mso.dll" /mf:"C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\mso.dll"
    Parent         : C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
    Parent SHA1    : 1FEE1A5B370F7F1895D139E95852E5B03F82D058
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:18.610
    Action         : Allow/Known Safe Process
    Expression     : -
    Category       : -
    PID            : 7064
    Process        : C:\Windows\System32\msiexec.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 4045C0F59D419B37B30ED30577D8497412307308
    Signer         :
    Command        : C:\Windows\system32\msiexec.exe /V
    Parent         : C:\Windows\System32\services.exe
    Parent SHA1    : C5812D6D46B4D93695906804E7F9A74E93158940
    Parent Signer  : Microsoft Windows Publisher
    
    
    Date/Time      : 2018-10-12 16:49:19.798
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 4464
    Process        : C:\Windows\SysWOW64\msiexec.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Signer         :
    Command        : c:\Windows\syswow64\MsiExec.exe -Embedding 92403195B55960BE4EDF31745EEA4086 E Global\MSI0000
    Parent         : C:\Windows\System32\msiexec.exe
    Parent SHA1    : 4045C0F59D419B37B30ED30577D8497412307308
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:34.110
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 2400
    Process        : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:34.314
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 5968
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Parent SHA1    : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:34.626
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 3352
    Process        : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:34.860
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 3580
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Parent SHA1    : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:35.095
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 7164
    Process        : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll" /queue:3 /NoDependencies
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:35.298
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 5884
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Parent SHA1    : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:35.532
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 1864
    Process        : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll" /queue:3 /NoDependencies
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:35.735
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 9132
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Parent SHA1    : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:35.970
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 1276
    Process        : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll" /queue:3 /NoDependencies
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:36.173
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 9256
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Parent SHA1    : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:36.407
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 9620
    Process        : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll" /queue:3 /NoDependencies
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:36.610
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 4284
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Parent SHA1    : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:36.876
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 404
    Process        : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll" /queue:3 /NoDependencies
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:37.079
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 4088
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Parent SHA1    : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:37.314
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 9548
    Process        : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll" /queue:3 /NoDependencies
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:37.532
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 948
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Parent SHA1    : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:37.767
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 7632
    Process        : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll" /queue:3 /NoDependencies
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:37.954
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 2632
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Parent SHA1    : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:38.189
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 9128
    Process        : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll" /queue:3 /NoDependencies
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:38.407
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 9480
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Parent SHA1    : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:38.657
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 5196
    Process        : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll" /queue:3 /NoDependencies
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:38.876
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 7700
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Parent SHA1    : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:39.110
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 7532
    Process        : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll" /queue:3 /NoDependencies
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:39.298
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 8324
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Parent SHA1    : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:39.548
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 8912
    Process        : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:39.751
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 7292
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Parent SHA1    : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:40.001
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 8248
    Process        : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:40.189
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 3924
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Parent SHA1    : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:40.423
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 188
    Process        : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll" /queue:3 /NoDependencies
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:40.860
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 3676
    Process        : C:\Windows\System32\notepad.exe
    Integrity Level: Medium
    User/Domain    : achilles/DESKTOP-7FI3QG7
    System File    : True
    SHA1           : A49551FACEADE1185844FC386C8DD3054907234D
    Signer         :
    Command        : "C:\Windows\system32\notepad.exe"
    Parent         : C:\Windows\explorer.exe
    Parent SHA1    : 3F5BB7442AA4F23669A03E0642600374C0E19406
    Parent Signer  : Microsoft Windows
    
    
    Date/Time      : 2018-10-12 16:49:41.064
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 3552
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Parent SHA1    : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:41.298
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 9564
    Process        : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll" /queue:3 /NoDependencies
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:41.501
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 5684
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Parent SHA1    : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:41.735
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 5896
    Process        : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll" /queue:3 /NoDependencies
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:41.923
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 4636
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Parent SHA1    : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:42.157
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 1292
    Process        : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll" /queue:3 /NoDependencies
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:42.345
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 5876
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Parent SHA1    : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:42.579
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 7664
    Process        : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:42.798
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 6948
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Parent SHA1    : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:43.032
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 7596
    Process        : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:43.220
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 7588
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Parent SHA1    : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:43.454
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 3596
    Process        : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:43.642
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 5536
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Parent SHA1    : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:43.876
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 5532
    Process        : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:44.064
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 4656
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Parent SHA1    : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:44.298
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 6512
    Process        : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll" /queue:3 /NoDependencies
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:44.501
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 8220
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Parent SHA1    : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:44.798
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 8168
    Process        : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll" /queue:3 /NoDependencies
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:45.595
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 1008
    Process        : C:\Windows\System32\mspaint.exe
    Integrity Level: Medium
    User/Domain    : achilles/DESKTOP-7FI3QG7
    System File    : True
    SHA1           : CC252D93E3739C2F15BEF5DE56F0D132AD54AD38
    Signer         :
    Command        : "C:\Windows\system32\mspaint.exe"
    Parent         : C:\Windows\explorer.exe
    Parent SHA1    : 3F5BB7442AA4F23669A03E0642600374C0E19406
    Parent Signer  : Microsoft Windows
    
    
    Date/Time      : 2018-10-12 16:49:45.767
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 8620
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Parent SHA1    : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:46.017
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 7780
    Process        : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll" /queue:3 /NoDependencies
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:46.220
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 7496
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Parent SHA1    : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:46.485
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 9880
    Process        : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll" /queue:3 /NoDependencies
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:46.673
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 7248
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Parent SHA1    : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:46.939
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 8700
    Process        : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll" /queue:3 /NoDependencies
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:47.126
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 3460
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Parent SHA1    : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:47.360
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 4332
    Process        : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll" /queue:3 /NoDependencies
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:47.548
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 4772
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Parent SHA1    : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:47.782
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 5340
    Process        : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll" /queue:3 /NoDependencies
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:47.970
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 1248
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Parent SHA1    : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:48.220
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 9728
    Process        : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll" /queue:3 /NoDependencies
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:48.407
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 5780
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Parent SHA1    : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:48.642
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 5636
    Process        : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll" /queue:3 /NoDependencies
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:48.860
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 10116
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Parent SHA1    : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:49.110
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 5968
    Process        : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll" /queue:3 /NoDependencies
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:49.314
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 9800
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Parent SHA1    : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:49.548
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 3580
    Process        : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe update /queue
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:49.767
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 2676
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    Parent SHA1    : 563DF7F82A5E600CBE76BD6E5F1C32EBDAFFF1D8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:50.267
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 5752
    Process        : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Signer         : Microsoft Corporation
    Command        : c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe update /queue
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:50.454
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 7368
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    Parent SHA1    : 14881AA6B67B7FBF867B0AF4D56203044D97B9F8
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:51.048
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 3588
    Process        : C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 5193640CA2765B5EC166F4D7C0BBEC51C73F1E96
    Signer         : Microsoft Corporation
    Command        : "c:\Windows\Microsoft.NET\Framework\v3.5\addinutil.exe" -PipelineRoot:"c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\." -Rebuild
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:51.235
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 8576
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
    Parent SHA1    : 5193640CA2765B5EC166F4D7C0BBEC51C73F1E96
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:54.345
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 4284
    Process        : C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 5193640CA2765B5EC166F4D7C0BBEC51C73F1E96
    Signer         : Microsoft Corporation
    Command        : "c:\Windows\Microsoft.NET\Framework\v3.5\addinutil.exe" -AddInRoot:"c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\." -Rebuild
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:49:54.532
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 1932
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
    Parent SHA1    : 5193640CA2765B5EC166F4D7C0BBEC51C73F1E96
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:49:59.220
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 9548
    Process        : C:\Windows\SysWOW64\msiexec.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Signer         :
    Command        : c:\Windows\syswow64\MsiExec.exe -Embedding 33B91A3DACEB6D0D6AFEAD9D38741A8D E Global\MSI0000
    Parent         : C:\Windows\System32\msiexec.exe
    Parent SHA1    : 4045C0F59D419B37B30ED30577D8497412307308
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:50:03.111
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 9480
    Process        : C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 5193640CA2765B5EC166F4D7C0BBEC51C73F1E96
    Signer         : Microsoft Corporation
    Command        : "c:\Windows\Microsoft.NET\Framework\v3.5\addinutil.exe" -PipelineRoot:"c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\." -Rebuild
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:50:03.298
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 5584
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
    Parent SHA1    : 5193640CA2765B5EC166F4D7C0BBEC51C73F1E96
    Parent Signer  : Microsoft Corporation
    
    
    Date/Time      : 2018-10-12 16:50:04.001
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 3724
    Process        : C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : 5193640CA2765B5EC166F4D7C0BBEC51C73F1E96
    Signer         : Microsoft Corporation
    Command        : "c:\Windows\Microsoft.NET\Framework\v3.5\addinutil.exe" -AddInRoot:"c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\." -Rebuild
    Parent         : C:\Windows\SysWOW64\msiexec.exe
    Parent SHA1    : 6A11A93C55FA53D4AE678A581C79BBD0DD9C1F57
    Parent Signer  :
    
    
    Date/Time      : 2018-10-12 16:50:04.189
    Action         : Allow/System File
    Expression     : -
    Category       : -
    PID            : 3008
    Process        : C:\Windows\System32\conhost.exe
    Integrity Level: System
    User/Domain    : SYSTEM/NT AUTHORITY
    System File    : True
    SHA1           : B0BF5AC2E81BBF597FAD5F349FEEB32CAC449FA2
    Signer         :
    Command        : \??\C:\Windows\system32\conhost.exe 0x4
    Parent         : C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
    Parent SHA1    : 5193640CA2765B5EC166F4D7C0BBEC51C73F1E96
    Parent Signer  : Microsoft Corporation
    
    I'm using Microsoft Office 365 Pro Plus, Windows 10 x64 1709, and ERP build 30.

    Edited 10-12-18 @ 5:40
     

    Attached Files:

    Last edited: Oct 12, 2018
  2. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Here are a few of the command lines from schtask.exe. I guess I will have to work out a list, and eliminate as many prompts as possible using Wildcards. There were more, but I don't have time to look at the moment.

    schtasks.exe /Create /tn "Microsoft\Office\OfficeBackgroundTaskHandlerLogon
    schtasks.exe /Delete /F /tn "Microsoft\Office\OfficeBackgroundTaskHandlerRegistration"
    schtasks.exe /Delete /F /tn "Microsoft\Office\OfficeTelemetryAgentLogOn2016"
    schtasks.exe /Create /tn "Microsoft\Office\OfficeTelemetryAgentFallBack2016" /XML "C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml"
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I think I now understand what you mean. I assumed that because start.exe launched the process, ERP would simply stop monitoring all actions. But apparently if the sandboxed process runs another child process it's still blocked. A bit of a bummer.
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    BTW, I tried to block software_reporter_tool.exe but something went wrong. How would you block it? Now that I think of it a search option in the Events tab would be nice.
     
  5. iammike

    iammike Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    345
    Location:
    SE Asia
    ^
    A possible way to search Events, would be Open Events - View All Logs. Open the last one (or the one you need) by Double Click (this would open the editor that is set to handle .log) and then Search ;)
     
  6. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
  7. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    Wait, isn't that program needed to run Chrome?
    Is it an arm of the kraken? Should it be blocked for privacy? :(

    @novirusthanks I forgot to tell you that for about 8 builds the option to change the sound is ignored. I have "C:\Windows\media\Speech Disambiguation.wav" in it but it just uses the old sound.
    Could it not have enough rights? It is running as administrator by default, I assume.
     
    Last edited: Oct 18, 2018
  8. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    Not at all.
     
  9. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    Needed to update? It does check if it CAN update the browser, doesn't it?
     
  10. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Hey guys. I want to on-the-fly run SWF files from the Desktop w/o Alerts. That's easily accomplished setting a *Wildcard for path and that's ok. However, since it looks to be path depended, there are SWF files that run from inside the folders ON the desktop too.

    Is there a way to set ERP 4 Rules where the SWF files within desktop folders raise an Alert and are remained confined to ERP's protection?

    In case your wondering the Parent process resides in an EXE file that runs the SWF's from Program Files folder.
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes, I tried to block it via path and it didn't work, weird. Thanks for the help @ SHvFl.

    Good tip, but it wouldn't solve my problem. Because I still would need to locate it in the Events tab and if you have a long list of entries it can be annoying.

    It's not needed, and I didn't even know it was running until SpyShelter alerted me that it wanted to access my private files.
     
  12. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    There's an option in the settings of Chrome that are related to software_reporter_tool.exe:

    In "Clean up computer":
    Find and remove harmful software
    Chrome can find harmful software on your computer and remove it

    Report details to Google
    Includes information about harmful software, system settings, and processes on your computer

    Also I am hundred percent sure I deactivated the report a few days ago. Yet it is back on.

    Anyway, sorry for taking over the thread :)
     
  13. Willpower

    Willpower Registered Member

    Joined:
    Jan 3, 2014
    Posts:
    30
    Location:
    Sunny Okanagan, BC Canada
    Hi
    Latest version won't run after install on Win 10 64Bit 'runtime error 216' at 000000000000
    Anyone got ideas

    ExeRadar Pro installs and runs great on my XP 32 Bit but no luck on Win 10 64 Bit
     
    Last edited: Oct 22, 2018
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I've just noticed that when you block it, Chrome will run a pseudo process which still allows them to run the tool. This thing is acting like spyware for real.
     
  15. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    Wait what? What are you talking about?
     
  16. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Works and runs fabulous with Vivaldi Browser and 64bit Windows 8+8.1.

    Backup Manager and Export all data a real plus for the rules savings.
     
    Last edited: Oct 29, 2018
  17. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,359
    Location:
    Italy
    Here is a new v4.0 (pre-release) test31:
    https://downloads.novirusthanks.org/files/exe_radar_pro_4_setup_test31.exe

    *** Please do not share the download link, we will delete it when we'll release the official v4 ***

    Build 31
    + Added MainMenu to Main Form (empty for now)
    + Backup Manager can now close with ESC key
    + Backup Manager can now delete multiple archives with the DEL key
    + Added Delete button to Backup Manager for those unaware of the DEL key shortcut
    + Fixed archived backups not showing on Backup Manager
    + Double-clicking an archive in the Backup Manager now imports it
    + Fixed Option to change the WAV sound is ignored
    + Improved "Allow Known Safe Process Behaviors"
    + Minor fixes and improvements
     
  18. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hello @novirusthanks,

    It seems the Windows 10 version 1809 bug is back (at least on my system) (see post #7299)...
    Is anyone else seeing this?
     
  19. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    @novirusthanks

    Just fyi cause I know it's Chrome's stupidity with test31:

    chrome's_stupidity.png

    Also tried previous test30 and has no warning issues:

    nvt.png
     
  20. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    :D
     
  21. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,359
    Location:
    Italy
  22. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    I don't understand what you mean but never happened before.
    Btw it happened again with the updated binary installer.
     
  23. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    1,359
    Location:
    Italy
    Using Firefox now and no alerts so far.

    Not know exactly why Chrome flags it, the executable is digitally signed with both SHA1+SHA256.

    Users reported that after some hours or days the red flag was gone with other builds.

    Does it happen if you copy and paste the link in the Chrome's address bar and then type ENTER manually?
     
  24. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hello @novirusthanks,
    Thanks for the prompt and speedy fix! All is now working without issue...
     
  25. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    How does this look as far as establishing every rule in the book. Plus on "Allow Known Safe Process Behaviors", this gets ticked at a later date since even some known processes-I want to know what they are and where they travel from/to.

    f5.jpg
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.