Internal signature match:subtype=Lowfi, sigseq=0x0000157E67AA49DF, sigsha=cd8f16a9d4beb15e15e36fc9a546c2d5bfbafd06, cached=false, source=0, resourceid=0x0d0ba041 Internal signature match:subtype=Lowfi, sigseq=0x0000157E67AA49DF, sigsha=cd8f16a9d4beb15e15e36fc9a546c2d5bfbafd06, cached=false, source=0, resourceid=0x0d0ba041 Internal signature match:subtype=Lowfi, sigseq=0x00004AE7F6712C36, sigsha=d96c66db50bb3adef460233484cf124f27fd61c2, cached=false, source=0, resourceid=0x49ced1a9 Internal signature match:subtype=Lowfi, sigseq=0x0000E6E7336DF01B, sigsha=be63f9765c0dd90c9044d12b0531e6ad0a7aa965, cached=false, source=0, resourceid=0x0e132b6d 2026-02-02T19:26:25.292 Process scan (postsignatureupdatescan) completed. 2026-02-02T19:30:37.515 [RbM] Setting Last known good engine candidate. hr = 0 2026-02-02T19:40:00.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-02T19:55:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-02T20:10:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-02T20:25:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-02T20:40:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-02T20:55:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-02T21:10:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-02T21:25:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-02T21:40:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-02T21:55:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-02T22:10:50.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-02T22:25:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-02T22:41:00.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-02T22:56:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-02T23:09:30.061 Created on demand scan context for ScanType:1. ScanTrigger:55, ScanId:5759C9F7-DD58-4820-8AE1-DD5C62D5435A, Source: MPSOURCE_SYSTEM(2), EngineSource: MP_SCANSOURCE_SCHEDULED(1) 2026-02-02T23:09:30.061 Scheduled scan with Id 5759C9F7-DD58-4820-8AE1-DD5C62D5435A configured CPU priority: normal (LowCpuPriority: 0) 2026-02-02T23:09:30.079 [SFC] MpCmIsBuildPermissible(1) returns S_OK. Start SFC build. 2026-02-02T23:09:30.079 [SFC] System file cache build is not needed (already completed) Internal signature match:subtype=Lowfi, sigseq=0x0000157E67AA49DF, sigsha=cd8f16a9d4beb15e15e36fc9a546c2d5bfbafd06, cached=false, source=0, resourceid=0x0d0ba041 Internal signature match:subtype=Lowfi, sigseq=0x0000E6E7336DF01B, sigsha=be63f9765c0dd90c9044d12b0531e6ad0a7aa965, cached=false, source=0, resourceid=0x0e132b6d Internal signature match:subtype=Lowfi, sigseq=0x0000157E67AA49DF, sigsha=cd8f16a9d4beb15e15e36fc9a546c2d5bfbafd06, cached=false, source=0, resourceid=0x0d0ba041 Internal signature match:subtype=Lowfi, sigseq=0x0000157E67AA49DF, sigsha=cd8f16a9d4beb15e15e36fc9a546c2d5bfbafd06, cached=false, source=0, resourceid=0x0d0ba041 Internal signature match:subtype=Lowfi, sigseq=0x00001080BD474309, sigsha=12dcaa1fa061982b60965c79a12b1fa9857cd220, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x000010806C1FBEBC, sigsha=62d527f22a73e99676b1b698fda24d54631bc5e6, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x000010807F33016C, sigsha=3969d92ccecc920f2b38c26959c245b73df4cddd, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x00001080DCA721BD, sigsha=13bf421faa34d3dab1e680e23c46d4dcb5ca3d0a, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x00004AE7F6712C36, sigsha=d96c66db50bb3adef460233484cf124f27fd61c2, cached=false, source=0, resourceid=0xc8ebb48e 2026-02-02T23:11:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-02T23:11:14.637 Engine:Triggered AR EMS scan 2026-02-02T23:11:14.706 Engine:EMS scan for process: lsass pid: 748, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.777 Engine:EMS scan for process: svchost pid: 956, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.780 Engine:EMS scan for process: svchost pid: 980, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.802 Engine:EMS scan for process: svchost pid: 84, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.804 Engine:EMS scan for process: svchost pid: 396, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.806 Engine:EMS scan for process: svchost pid: 1048, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.814 Engine:EMS scan for process: svchost pid: 1132, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.819 Engine:EMS scan for process: svchost pid: 1164, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.821 Engine:EMS scan for process: svchost pid: 1316, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.822 Engine:EMS scan for process: svchost pid: 1324, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.823 Engine:EMS scan for process: svchost pid: 1332, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.825 Engine:EMS scan for process: svchost pid: 1340, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.827 Engine:EMS scan for process: svchost pid: 1452, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.828 Engine:EMS scan for process: svchost pid: 1476, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.830 Engine:EMS scan for process: svchost pid: 1584, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.831 Engine:EMS scan for process: svchost pid: 1612, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.833 Engine:EMS scan for process: svchost pid: 1668, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.835 Engine:EMS scan for process: svchost pid: 1732, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.836 Engine:EMS scan for process: svchost pid: 1780, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.841 Engine:EMS scan for process: svchost pid: 1788, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.843 Engine:EMS scan for process: svchost pid: 1796, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.844 Engine:EMS scan for process: svchost pid: 1912, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.845 Engine:EMS scan for process: svchost pid: 1960, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.847 Engine:EMS scan for process: svchost pid: 2020, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.876 Engine:EMS scan for process: svchost pid: 1564, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.896 Engine:EMS scan for process: svchost pid: 2068, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.901 Engine:EMS scan for process: svchost pid: 2144, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.904 Engine:EMS scan for process: svchost pid: 2152, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.905 Engine:EMS scan for process: svchost pid: 2340, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.906 Engine:EMS scan for process: svchost pid: 2356, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.910 Engine:EMS scan for process: svchost pid: 2444, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.912 Engine:EMS scan for process: svchost pid: 2792, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.913 Engine:EMS scan for process: svchost pid: 2860, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.915 Engine:EMS scan for process: svchost pid: 2948, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.919 Engine:EMS scan for process: svchost pid: 2632, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.922 Engine:EMS scan for process: svchost pid: 3268, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.926 Engine:EMS scan for process: svchost pid: 3308, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.933 Engine:EMS scan for process: svchost pid: 3316, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:14.935 Engine:EMS scan for process: services pid: 3324, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.003 Engine:EMS scan for process: svchost pid: 3356, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.006 Engine:EMS scan for process: svchost pid: 3364, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.011 Engine:EMS scan for process: svchost pid: 3376, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.013 Engine:EMS scan for process: svchost pid: 3384, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.016 Engine:EMS scan for process: svchost pid: 3392, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.018 Engine:EMS scan for process: svchost pid: 3400, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.019 Engine:EMS scan for process: svchost pid: 3408, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.021 Engine:EMS scan for process: svchost pid: 3416, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.022 Engine:EMS scan for process: svchost pid: 3584, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.023 Engine:EMS scan for process: svchost pid: 4148, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.027 Engine:EMS scan for process: svchost pid: 4320, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.032 Engine:EMS scan for process: svchost pid: 4396, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.035 Engine:EMS scan for process: svchost pid: 4568, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.037 Engine:EMS scan for process: svchost pid: 5448, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.039 Engine:EMS scan for process: dllhost pid: 2480, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.040 Engine:EMS scan for process: svchost pid: 7148, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.042 Engine:EMS scan for process: svchost pid: 1356, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.044 Engine:EMS scan for process: svchost pid: 1084, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.046 Engine:EMS scan for process: svchost pid: 6444, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.049 Engine:EMS scan for process: svchost pid: 1924, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.051 Engine:EMS scan for process: svchost pid: 7616, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.053 Engine:EMS scan for process: svchost pid: 7768, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.060 Engine:EMS scan for process: svchost pid: 1392, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.062 Engine:EMS scan for process: svchost pid: 3504, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.066 Engine:EMS scan for process: svchost pid: 8332, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.070 Engine:EMS scan for process: svchost pid: 8168, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.072 Engine:EMS scan for process: svchost pid: 7980, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.075 Engine:EMS scan for process: svchost pid: 7700, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.077 Engine:EMS scan for process: svchost pid: 12000, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.079 Engine:EMS scan for process: svchost pid: 7692, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.083 Engine:EMS scan for process: svchost pid: 13524, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.089 Engine:EMS scan for process: dllhost pid: 12048, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.090 Engine:EMS scan for process: dllhost pid: 13580, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.091 Engine:EMS scan for process: svchost pid: 8420, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.095 Engine:EMS scan for process: svchost pid: 4716, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.101 Engine:EMS scan for process: explorer pid: 8660, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.176 Engine:EMS scan for process: svchost pid: 13208, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.180 Engine:EMS scan for process: svchost pid: 14548, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.186 Engine:EMS scan for process: explorer pid: 13548, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.216 Engine:EMS scan for process: svchost pid: 7696, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.217 Engine:EMS scan for process: svchost pid: 12648, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.219 Engine:EMS scan for process: svchost pid: 8216, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.220 Engine:EMS scan for process: svchost pid: 11760, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.223 Engine:EMS scan for process: explorer pid: 12260, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.268 Engine:EMS scan for process: svchost pid: 7244, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.271 Engine:EMS scan for process: svchost pid: 12008, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-02T23:11:15.276 Engine:EMS scan for process: svchost pid: 12828, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 Internal signature match:subtype=Lowfi, sigseq=0x0000157EF1BEF48F, sigsha=88199b23bf19d286f43e8f883776ee295b1669db, cached=false, source=0, resourceid=0xdb500b9d Internal signature match:subtype=Lowfi, sigseq=0x0000AAE7671D16B6, sigsha=3c5f73131fd9b5bec7ddb911a1fa2acc81ec3877, cached=false, source=0, resourceid=0x0e3a6362 Internal signature match:subtype=Lowfi, sigseq=0x0000F0E76AA58578, sigsha=2d500211ee909e588915002102105fab95e4f2e9, cached=false, source=0, resourceid=0x5b3c3c01 Internal signature match:subtype=Lowfi, sigseq=0x0000F0E76AA58578, sigsha=2d500211ee909e588915002102105fab95e4f2e9, cached=false, source=0, resourceid=0x22d01e50 Internal signature match:subtype=Lowfi, sigseq=0x0000157EF1BEF48F, sigsha=88199b23bf19d286f43e8f883776ee295b1669db, cached=false, source=0, resourceid=0xc742a477 Internal signature match:subtype=Lowfi, sigseq=0x000078E7B6D8B30B, sigsha=7e39caa16cef41cd13040adae6e049354306a445, cached=false, source=0, resourceid=0xc742a477 2026-02-02T23:15:29.909 QuickScan:ScanID:5759C9F7-DD58-4820-8AE1-DD5C62D5435A: Quick scan finished with error 0 2026-02-02T23:15:30.506 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-02T23:15:30.506 [RTP] Duplicating the current plugin configuration object... 2026-02-02T23:15:30.506 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-02T23:15:30.506 [RTP] Updating plugin configuration due to recent config changes (0x20) ... 2026-02-02T23:15:30.506 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-02T23:15:30.506 [RTP] No config change detected. Not updating plugin configuration. 2026-02-02T23:15:30.506 [RTP] No config changes found. No configuration switch. 2026-02-02T23:15:30.520 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x20, Changed: 0 2026-02-02T23:26:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-02T23:41:20.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-02T23:56:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T00:11:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T00:26:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T00:41:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T00:56:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T01:11:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T01:26:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T01:42:00.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T01:57:05.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T02:12:10.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T02:27:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T02:42:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T02:57:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T03:12:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T03:27:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T03:42:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T03:57:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T04:12:50.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T04:27:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T04:43:00.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T04:58:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T05:13:10.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T05:28:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T05:43:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T05:58:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T06:13:30.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T06:28:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T06:43:40.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T06:58:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T07:13:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T07:28:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T07:44:00.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T07:59:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T08:14:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T08:29:15.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T08:44:20.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T08:58:34.589 [AutoPurge] Verification Routine tasks have started. 2026-02-03T08:58:34.589 [AutoPurge] Cleanup Routine tasks have started. 2026-02-03T08:58:34.589 [AutoPurge] Routine task for Cache Maintenance has started. 2026-02-03T08:58:34.590 [AutoPurge] Routine task for Cache Maintenance ... 2026-02-03T08:58:34.590 [AutoPurge] Routine task for MpSFCBuild ... 2026-02-03T08:58:34.590 [AutoPurge] MpCmIsBuildCompleted() - S_OK 2026-02-03T08:58:34.590 [AutoPurge] MpSignalMaintenanceMode ...ApplyDefenderProcessTokenTrustLableAce succeeded to set. 2026-02-03T08:58:35.723 Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0) 2026-02-03T08:58:35.724 [AutoPurge] Purged 0 expired detection item(s) from a total of 0. 2026-02-03T08:58:35.732 [AutoPurge] 0 expired file(s) deleted under C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store (total: 0, expiration in 86400 seconds) Beginning quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Target: Flags:65538 Start time:02-03-2026 08:58:35 Finished quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Result:0 End time:02-03-2026 08:58:35 2026-02-03T08:58:35.884 [PlatUpd] Purging orphaned platform update directories under C:\ProgramData\Microsoft\Windows Defender\Platform ... 2026-02-03T08:58:35.884 [PlatUpd] Not purging current location C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0 ... 2026-02-03T08:58:35.884 [PlatUpd] Not purging backup location C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.5-0 ... 2026-02-03T08:58:35.884 [PlatUpd] Deleting orphaned platform update directory C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25100.9008-0 ... 2026-02-03T08:58:35.892 [PlatUpd] Purging orphaned platform update directories under C:\Program Files\Windows Defender\Platform ... 2026-02-03T08:58:35.892 [AutoPurge] Cleanup Routine tasks have ended. 2026-02-03T08:58:36.322 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-shlwapi-legacy-l1-1-0.dll", hr=0x0 2026-02-03T08:58:36.434 EnsureProtectedFolderAcls(), hr = 0x0 2026-02-03T08:58:36.435 [AutoPurge] MpReinforceServiceAcls: 0 2026-02-03T08:58:36.445 [AutoPurge] Readded platform files to MOAC after ACL enforcement. hr=0 2026-02-03T08:58:36.461 [AutoPurge] SendHeartbeatTelemetryIfDue failed. hr = 0x80508015 2026-02-03T08:58:36.472 [AutoPurge] Removing expired default signature package ... 2026-02-03T08:58:36.872 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\pcat\pt-br\memtest.exe.mui", hr=0x0 2026-02-03T08:58:38.990 Job Notification: New process added to job (4440) 2026-02-03T08:58:42.491 Engine:Setting original file name "memdiag.exe" for "c:\windows\winsxs\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.17763.107_sv-se_1b4fcd368d229221\memtest.exe.mui", hr=0x0 2026-02-03T08:58:45.191 Job Notification: Process exited from job (4440) 2026-02-03T08:58:45.703 [AutoPurge] Verification Routine tasks have ended. 2026-02-03T08:58:47.096 Engine:Setting original file name "MSIDENT.DLL.MUI" for "c:\windows\system32\en-us\msidntld.dll.mui", hr=0x0 2026-02-03T08:58:47.802 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-interlocked-l1-1-0.dll", hr=0x0 2026-02-03T08:58:48.083 Engine:Setting original file name "Windows SDK" for "c:\windows\system32\winmetadata\windows.services.winmd", hr=0x0 2026-02-03T08:58:51.166 Engine:Setting original file name "WIADSS DLL" for "c:\windows\syswow64\en-us\wiadss.dll.mui", hr=0x0 2026-02-03T08:58:51.901 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\pcat\fi-fi\memtest.exe.mui", hr=0x0 2026-02-03T08:58:55.514 Engine:Setting original file name ""MTF.DYNLINK"" for "c:\windows\winsxs\amd64_microsoft-windows-mtf_31bf3856ad364e35_10.0.17763.7919_none_f5cf7ad52d5df808\mtf.dll", hr=0x0 2026-02-03T08:58:57.798 Engine:Setting original file name "outllibr.dll" for "c:\program files\microsoft office\root\office16\outllibr.common.dll", hr=0x0 2026-02-03T08:59:06.585 Engine:Setting original file name "Audio_DiagPackage.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-a..iagnostic.resources_31bf3856ad364e35_10.0.17763.1_en-us_07405ada24951d3a\diagpackage.dll.mui", hr=0x0 2026-02-03T08:59:07.007 Engine:Setting original file name "ir41_32.ax.mui" for "c:\windows\winsxs\x86_microsoft-windows-i..o4-codecs.resources_31bf3856ad364e35_10.0.17763.1_en-us_92a66f78f66fddfc\ir41_32original.dll.mui", hr=0x0 2026-02-03T08:59:07.138 Engine:Setting original file name "Adobe PDF Toolbar for IE" for "c:\program files\common files\adobe\acrobat\wcieactivex\dc\acroiefavclient.dll", hr=0x0 2026-02-03T08:59:10.498 Engine:Setting original file name "DeviceCategories.dll" for "c:\windows\syswow64\ddores.dll", hr=0x0 2026-02-03T08:59:11.429 Engine:Setting original file name "SharedPC.CredentialProvider.dll.MUI" for "c:\windows\winsxs\amd64_microsoft-windows-s..lprovider.resources_31bf3856ad364e35_10.0.17763.1_en-us_dee4accf766e94d4\windows.sharedpc.credentialprovider.dll.mui", hr=0x0 2026-02-03T08:59:11.538 Engine:Setting original file name "AppSharingChromeHookController.exe" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\appsharinghookcontroller.exe", hr=0x0 2026-02-03T08:59:12.015 Engine:Setting original file name "msvcr100_clr0400.dll" for "c:\windows\syswow64\msvcr100.dll", hr=0x0 2026-02-03T08:59:12.688 Engine:Setting original file name "RasCredProv" for "c:\windows\winsxs\wow64_microsoft-windows-rasplap-mui.resources_31bf3856ad364e35_10.0.17763.1_en-us_8b7b75796fafa195\rasplap.dll.mui", hr=0x0 2026-02-03T08:59:13.562 Engine:Setting original file name "WMIC.exe" for "c:\windows\system32\wbem\wmic.exe", hr=0x0 2026-02-03T08:59:19.697 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-security-base-l1-1-0.dll", hr=0x0 2026-02-03T08:59:23.821 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-realtime-l1-1-0.dll", hr=0x0 2026-02-03T08:59:23.984 Engine:Setting original file name "aero.msstyles" for "c:\windows\resources\themes\aero\aerolite.msstyles", hr=0x0 2026-02-03T08:59:24.066 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\pcat\de-de\memtest.exe.mui", hr=0x0 2026-02-03T08:59:25.277 Engine:Setting original file name "WLRMNDR.EXE" for "c:\windows\winsxs\amd64_microsoft-windows-winlogon-tools_31bf3856ad364e35_10.0.17763.1697_none_e1e870c05edca249\wlrmdr.exe", hr=0x0 2026-02-03T08:59:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T08:59:27.413 Engine:Setting original file name "hiberrsm.exe" for "c:\windows\system32\boot\en-us\winresume.efi.mui", hr=0x0 2026-02-03T08:59:28.894 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\de-de\memtest.efi.mui", hr=0x0 2026-02-03T08:59:29.623 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_6208593b31ff9592\api-ms-win-security-lsapolicy-l1-1-0.dll", hr=0x0 2026-02-03T08:59:30.081 Engine:Setting original file name "hiberrsm.exe" for "c:\windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.17763.8146_none_a8cce3593e637340\winresume.exe", hr=0x0 2026-02-03T08:59:30.131 Engine:Setting original file name "dcficons.exe" for "c:\program files\microsoft office\root\vfs\windows\installer\{90160000-000f-0000-1000-0000000ff1ce}\dbcicons.exe", hr=0x0 2026-02-03T08:59:30.482 Engine:Setting original file name "LicensingWinRuntime.dll" for "c:\windows\winsxs\amd64_microsoft-windows-security-spp-ux_31bf3856ad364e35_10.0.17763.7919_none_a90e016670d2a7af\licensingwinrt.dll", hr=0x0 2026-02-03T08:59:31.670 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-comm-l1-1-0.dll", hr=0x0 2026-02-03T08:59:33.242 Engine:Setting original file name "Microsoft.JScript.dll" for "c:\windows\winsxs\x86_netfx-scripting_engine_tlb_b03f5f7f11d50a3a_10.0.17763.1_none_71a956c570486d6b\microsoft.jscript.tlb", hr=0x0 2026-02-03T08:59:34.640 Engine:Setting original file name "PresentationNative" for "c:\manager\licence\bin\presentationnative_cor3.dll", hr=0x0 2026-02-03T08:59:35.384 Engine:Setting original file name "dpmodemx.dll" for "c:\windows\syswow64\dplaysvr.exe", hr=0x0 2026-02-03T08:59:35.821 Engine:Setting original file name "lhdfrgui.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-d..g-adminui.resources_31bf3856ad364e35_10.0.17763.1_en-us_a91c08b0bd0d09ea\dfrgui.exe.mui", hr=0x0 2026-02-03T08:59:35.978 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.media.winmd", hr=0x0 2026-02-03T08:59:36.323 Engine:Setting original file name "msfltr32.acm" for "c:\windows\winsxs\amd64_microsoft-windows-audio-mmecore-acm_31bf3856ad364e35_10.0.17763.1_none_d1ab73043932dad7\msacm32.dll", hr=0x0 2026-02-03T08:59:37.579 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-crt-filesystem-l1-1-0.dll", hr=0x0 2026-02-03T08:59:38.866 Engine:Setting original file name "gdi32" for "c:\windows\syswow64\gdi32full.dll", hr=0x0 2026-02-03T08:59:41.298 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-kernel32-private-l1-1-0.dll", hr=0x0 2026-02-03T08:59:45.097 Engine:Setting original file name "setup" for "c:\users\administrator\downloads\programs\python-3.12.1-amd64.exe", hr=0x0 2026-02-03T08:59:46.340 Engine:Setting original file name "dpmodemx.dll" for "c:\windows\syswow64\dpnaddr.dll", hr=0x0 2026-02-03T08:59:47.294 Engine:Setting original file name "System.Drawing.dll" for "c:\windows\microsoft.net\framework64\v2.0.50727\system.drawing.tlb", hr=0x0 2026-02-03T08:59:47.774 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.perception.winmd", hr=0x0 2026-02-03T08:59:48.584 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-datetime-l1-1-1.dll", hr=0x0 2026-02-03T08:59:48.707 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.security.winmd", hr=0x0 2026-02-03T08:59:49.089 Engine:Setting original file name "RRASUPG.DLL" for "c:\windows\winsxs\amd64_microsoft-windows-rasserver_31bf3856ad364e35_10.0.17763.8024_none_f9585f663982f226\rasmigplugin.dll", hr=0x0 2026-02-03T08:59:49.669 Engine:Setting original file name "osloader.exe" for "c:\windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.17763.8146_none_a8cce3593e637340\winload.exe", hr=0x0 2026-02-03T08:59:52.208 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-heap-obsolete-l1-1-0.dll", hr=0x0 2026-02-03T08:59:52.673 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-threadpool-private-l1-1-0.dll", hr=0x0 2026-02-03T08:59:52.712 Engine:Setting original file name "Video_DiagPackage.dll.mui" for "c:\windows\diagnostics\system\video\en-us\diagpackage.dll.mui", hr=0x0 2026-02-03T08:59:54.913 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-io-l1-1-0.dll", hr=0x0 2026-02-03T08:59:56.564 Engine:Setting original file name "WEXTRACT.EXE .MUI" for "c:\windows\winsxs\amd64_microsoft-windows-ie-iexpress.resources_31bf3856ad364e35_11.0.17763.1_en-us_483cea70e7d68328\wextract.exe.mui", hr=0x0 2026-02-03T08:59:57.675 Engine:Setting original file name "msdxm.ocx" for "c:\windows\system32\dxmasf.dll", hr=0x0 2026-02-03T08:59:57.890 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\api-ms-win-crt-heap-l1-1-0.dll", hr=0x0 2026-02-03T08:59:58.670 Engine:Setting original file name "UccApp.dll" for "c:\program files\microsoft office\root\office16\uccapi.dll", hr=0x0 2026-02-03T09:00:00.680 Engine:Setting original file name "unpnhost.dll.mui" for "c:\windows\system32\en-us\upnphost.dll.mui", hr=0x0 2026-02-03T09:00:01.269 Engine:Setting original file name "mp4sdmod.dll" for "c:\windows\winsxs\amd64_microsoft-windows-mp4sdecd_31bf3856ad364e35_10.0.17763.7919_none_5c34cb3f3f29a7ed\mp4sdecd.dll", hr=0x0 2026-02-03T09:00:02.302 Engine:Setting original file name "UNKNOWN_FILE" for "c:\windows\winsxs\amd64_netfx4-scripting_engine_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_28bfff5fa28f873e\microsoft.jscript.tlb", hr=0x0 2026-02-03T09:00:04.384 Engine:Setting original file name "mscordaccore.dll" for "c:\users\administrator\downloads\compressed\managerserver\mscordaccore_amd64_amd64_8.0.624.26715.dll", hr=0x0 2026-02-03T09:00:04.711 Engine:Setting original file name "Tally Setup" for "c:\program files\tallyprimeeditlog (3)\setup.exe", hr=0x0 2026-02-03T09:00:04.854 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-libraryloader-l1-1-0.dll", hr=0x0 2026-02-03T09:00:06.388 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-eventing-legacy-l1-1-0.dll", hr=0x0 2026-02-03T09:00:10.015 Engine:Setting original file name "audioepb.dll.mui" for "c:\windows\system32\en-us\audioendpointbuilder.dll.mui", hr=0x0 2026-02-03T09:00:10.101 Engine:Setting original file name "ImagingDevices.cpl.mui" for "c:\windows\winsxs\x86_microsoft-windows-i..trolpanel.resources_31bf3856ad364e35_10.0.17763.1_en-us_6bdc508f71f0f023\imagingdevices.exe.mui", hr=0x0 2026-02-03T09:00:11.120 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-timezone-l1-1-0.dll", hr=0x0 2026-02-03T09:00:12.274 Engine:Setting original file name "penusa.dll" for "c:\program files (x86)\common files\microsoft shared\ink\penchs.dll", hr=0x0 2026-02-03T09:00:12.689 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-errorhandling-l1-1-0.dll", hr=0x0 2026-02-03T09:00:13.052 Engine:Setting original file name "MSVidCtl" for "c:\windows\system32\en-us\msvidctl.dll.mui", hr=0x0 2026-02-03T09:00:13.223 Engine:Setting original file name "sbscmp10.dll" for "c:\windows\winsxs\x86_netfx-sbs_sys_enterprisesvc_dll_31bf3856ad364e35_10.0.17763.1_none_f5d0a7ecc59d9f58\sbs_system.enterpriseservices.dll", hr=0x0 2026-02-03T09:00:13.365 Engine:Setting original file name "Windows SDK" for "c:\windows\system32\winmetadata\windows.media.winmd", hr=0x0 2026-02-03T09:00:13.996 Engine:Setting original file name "TARGET_NAME.dll" for "c:\program files\microsoft office\root\office16\cpprestsdk.dll", hr=0x0 2026-02-03T09:00:14.298 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-file-l1-2-1.dll", hr=0x0 2026-02-03T09:00:15.926 Engine:Setting original file name "powershell.exe" for "c:\windows\system32\windowspowershell\v1.0\powershell.exe", hr=0x0 2026-02-03T09:00:18.303 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-eventing-classicprovider-l1-1-0.dll", hr=0x0 2026-02-03T09:00:19.476 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-registry-l2-1-0.dll", hr=0x0 2026-02-03T09:00:19.640 Engine:Setting original file name "SensorsPerformanceEvents.dll.mui" for "c:\windows\system32\en-us\sensorperformanceevents.dll.mui", hr=0x0 2026-02-03T09:00:19.892 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-threadpool-l1-2-0.dll", hr=0x0 2026-02-03T09:00:19.930 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-memory-l1-1-1.dll", hr=0x0 2026-02-03T09:00:20.344 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\api-ms-win-core-file-l2-1-0.dll", hr=0x0 2026-02-03T09:00:21.133 Engine:Setting original file name "LODCTR.DLL.MUI" for "c:\windows\winsxs\amd64_microsoft-windows-p..xecutable.resources_31bf3856ad364e35_10.0.17763.1_en-us_5a008fb4bc58faa4\loadperf.dll.mui", hr=0x0 2026-02-03T09:00:23.112 Engine:Setting original file name "empty" for "c:\manager\licence\bin\clrcompression.dll", hr=0x0 2026-02-03T09:00:25.422 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-memory-l1-1-2.dll", hr=0x0 2026-02-03T09:00:26.018 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-fibers-l1-1-0.dll", hr=0x0 2026-02-03T09:00:26.921 Engine:Setting original file name "Microsoft® Windows® Operating System" for "c:\windows\system32\aitstatic.exe", hr=0x0 2026-02-03T09:00:29.405 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-io-l1-1-0.dll", hr=0x0 2026-02-03T09:00:30.866 Engine:Setting original file name "MSCOREE.DLL" for "c:\windows\winsxs\amd64_netfx-mscoree_tlb_b03f5f7f11d50a3a_10.0.17763.1_none_57db62d5ffb05363\mscoree.tlb", hr=0x0 2026-02-03T09:00:31.225 Engine:Setting original file name "setup" for "c:\programdata\package cache\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}\vc_redist.x86.exe", hr=0x0 2026-02-03T09:00:31.391 Engine:Setting original file name "System.EnterpriseServices.dll" for "c:\windows\winsxs\amd64_netfx4-system_enterpriseservices_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_18a048c882317d25\system.enterpriseservices.tlb", hr=0x0 2026-02-03T09:00:32.165 Engine:Setting original file name "targetmgr" for "c:\windows\winsxs\amd64_microsoft-windows-f..targetmgr.resources_31bf3856ad364e35_10.0.17763.1_en-us_61e66740e8f216f5\targetmgr.exe.mui", hr=0x0 2026-02-03T09:00:33.277 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-c..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_c8bf93a1ea0d4b2f\api-ms-win-core-com-l1-1-0.dll", hr=0x0 2026-02-03T09:00:34.206 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\it-it\memtest.efi.mui", hr=0x0 2026-02-03T09:00:34.670 Engine:Setting original file name "KMDDSP.TSP.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-rasbase.resources_31bf3856ad364e35_10.0.17763.1_en-us_4edd7b2b0dcac8a6_kmddsp.tsp.mui_80ddeedb", hr=0x0 2026-02-03T09:00:35.629 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.devices.winmd", hr=0x0 2026-02-03T09:00:35.775 Engine:Setting original file name "BCP47Lang.dll" for "c:\windows\system32\bcp47langs.dll", hr=0x0 2026-02-03T09:00:37.535 Engine:Setting original file name "HeidiSQL" for "c:\program files (x86)\common files\mariadbshared\heidisql\heidisql.exe", hr=0x0 2026-02-03T09:00:38.864 Engine:Setting original file name "git.exe" for "c:\program files\git\cmd\git-gui.exe", hr=0x0 2026-02-03T09:00:40.286 Engine:Setting original file name "Windows.Internal.ShellCommon.DevicePairingExperienceMEM.dll.MUI" for "c:\windows\system32\en-us\devicepairingexperiencemem.dll.mui", hr=0x0 2026-02-03T09:00:40.337 Engine:Setting original file name "winsqlite3" for "c:\windows\system32\winsqlite3.dll", hr=0x0 2026-02-03T09:00:42.148 Engine:Setting original file name "System.Drawing.dll" for "c:\windows\microsoft.net\framework\v2.0.50727\system.drawing.tlb", hr=0x0 2026-02-03T09:00:44.527 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\zh-tw\msprivs.dll.mui", hr=0x0 2026-02-03T09:00:46.571 Engine:Setting original file name "bootres" for "c:\windows\winsxs\amd64_microsoft-windows-bootres.resources_31bf3856ad364e35_10.0.17763.1_en-us_d28b5274aecae1e5\bootres.dll.mui", hr=0x0 2026-02-03T09:00:48.146 Engine:Setting original file name "Windows SDK" for "c:\windows\system32\winmetadata\windows.storage.winmd", hr=0x0 2026-02-03T09:00:49.805 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\zh-cn\memtest.efi.mui", hr=0x0 2026-02-03T09:00:49.829 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-timezone-l1-1-0.dll", hr=0x0 2026-02-03T09:00:51.467 Engine:Setting original file name "DeviceCategories.dll" for "c:\windows\system32\ddores.dll", hr=0x0 2026-02-03T09:00:51.790 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-url-l1-1-0.dll", hr=0x0 2026-02-03T09:00:51.804 Engine:Setting original file name "PSAPI" for "c:\windows\syswow64\psapi.dll", hr=0x0 2026-02-03T09:00:52.016 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-processthreads-l1-1-2.dll", hr=0x0 2026-02-03T09:00:53.354 Engine:Setting original file name "shimconsole.exe" for "c:\program files\common files\oracle\java\javapath_target_1206494656\java.exe", hr=0x0 2026-02-03T09:00:55.054 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-xstate-l2-1-0.dll", hr=0x0 2026-02-03T09:00:59.343 Engine:Setting original file name "sens.dll.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-sens-service.resources_31bf3856ad364e35_10.0.17763.1_en-us_0607cde57a2ea2cc_sens.dll.mui_64739194", hr=0x0 2026-02-03T09:00:59.839 Engine:Setting original file name "bootstr.exe.mui" for "c:\windows\system32\en-us\bootstr.dll.mui", hr=0x0 2026-02-03T09:01:03.082 Engine:Setting original file name "Adobe PDF Toolbar for IE" for "c:\program files\common files\adobe\acrobat\wcieactivex\dc\x64\acroiefavstub.dll", hr=0x0 2026-02-03T09:01:03.146 Engine:Setting original file name "nbtinfo.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-nbtstat.resources_31bf3856ad364e35_10.0.17763.1_en-us_ac36a91c73bfce21\nbtstat.exe.mui", hr=0x0 2026-02-03T09:01:03.365 Engine:Setting original file name "NearByShareExperience.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-i..xperience.resources_31bf3856ad364e35_10.0.17763.1_en-us_eca21517d6d5f82e\microsoft-windows-internal-shell-nearshareexperience.dll.mui", hr=0x0 2026-02-03T09:01:05.593 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-processthreads-l1-1-2.dll", hr=0x0 2026-02-03T09:01:06.344 Engine:Setting original file name ""mshwLatin.dll".mui" for "c:\program files (x86)\common files\microsoft shared\ink\en-us\mshwlatin.dll.mui", hr=0x0 2026-02-03T09:01:08.947 Engine:Setting original file name "WindowsSpeakerReco.dll" for "c:\program files\microsoft office\root\office16\windowsspeakerrecosdk.dll", hr=0x0 2026-02-03T09:01:09.109 Engine:Setting original file name "WIADSS DLL" for "c:\windows\winsxs\amd64_microsoft-windows-w..aincompat.resources_31bf3856ad364e35_10.0.17763.1_en-us_42a2f01362154e35\wiadss.dll.mui", hr=0x0 2026-02-03T09:01:09.583 Engine:Setting original file name "WerMgr" for "c:\windows\system32\wermgr.exe", hr=0x0 2026-02-03T09:01:09.923 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-eventlog-legacy-l1-1-0.dll", hr=0x0 2026-02-03T09:01:10.453 Engine:Setting original file name "ScreenMagnifier.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-magnify.resources_31bf3856ad364e35_10.0.17763.1_en-us_e652eaab44cc724a\magnify.exe.mui", hr=0x0 2026-02-03T09:01:11.597 Engine:Setting original file name "MMFUtil.exe.mui" for "c:\windows\winsxs\wow64_microsoft-windows-w..t-snapins.resources_31bf3856ad364e35_10.0.17763.1_en-us_d3fb56d7d58de414\mmfutil.dll.mui", hr=0x0 2026-02-03T09:01:15.279 Engine:Setting original file name "DefaultGPOFix" for "c:\windows\winsxs\x86_microsoft-windows-g..o-restore.resources_31bf3856ad364e35_10.0.17763.1_en-us_6321be2e49b57bc1\dcgpofix.exe.mui", hr=0x0 2026-02-03T09:01:15.984 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\qps-ploc\memtest.efi.mui", hr=0x0 2026-02-03T09:01:17.255 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\fi-fi\memtest.efi.mui", hr=0x0 2026-02-03T09:01:17.952 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\office16\api-ms-win-core-localization-l1-2-0.dll", hr=0x0 2026-02-03T09:01:19.128 Engine:Setting original file name "user32" for "c:\windows\syswow64\user32.dll", hr=0x0 2026-02-03T09:01:19.701 Engine:Setting original file name "Windows.StateRepositoryBroker.dll" for "c:\windows\system32\windows.staterepositoryclient.dll", hr=0x0 2026-02-03T09:01:22.471 Engine:Setting original file name "security.dll" for "c:\windows\syswow64\sspicli.dll", hr=0x0 2026-02-03T09:01:24.069 Engine:Setting original file name "Microsoft® Windows® Operating System" for "c:\windows\winsxs\amd64_microsoft-windows-a..on-logger.resources_31bf3856ad364e35_10.0.17763.1_en-us_8a5e32c180625499\aeevts.dll.mui", hr=0x0 2026-02-03T09:01:26.018 Engine:Setting original file name "clusapi" for "c:\windows\system32\en-us\clusapi.dll.mui", hr=0x0 2026-02-03T09:01:26.550 Engine:Setting original file name "filterLib.dll" for "c:\windows\syswow64\fltlib.dll", hr=0x0 2026-02-03T09:01:30.003 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-crt-stdio-l1-1-0.dll", hr=0x0 2026-02-03T09:01:31.257 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\office16\api-ms-win-crt-private-l1-1-0.dll", hr=0x0 2026-02-03T09:01:32.599 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-synch-l1-1-0.dll", hr=0x0 2026-02-03T09:01:32.681 Engine:Setting original file name "user32" for "c:\windows\system32\user32.dll", hr=0x0 2026-02-03T09:01:32.692 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_6208593b31ff9592\api-ms-win-eventing-controller-l1-1-0.dll", hr=0x0 2026-02-03T09:01:34.972 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-shlwapi-obsolete-l1-1-0.dll", hr=0x0 2026-02-03T09:01:36.399 Engine:Setting original file name "netcfgx.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-tcpip.resources_31bf3856ad364e35_10.0.17763.1_en-us_bd08633e254d6a99\tcpipcfg.dll.mui", hr=0x0 2026-02-03T09:01:37.907 Engine:Setting original file name " " for "c:\program files\microsoft vs code\unins000.exe", hr=0x0 2026-02-03T09:01:38.183 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-processenvironment-l1-2-0.dll", hr=0x0 2026-02-03T09:01:38.719 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\api-ms-win-crt-multibyte-l1-1-0.dll", hr=0x0 2026-02-03T09:01:38.855 Engine:Setting original file name "Tally Setup" for "c:\program files\tallyprimeeditlog (2)\setup.exe", hr=0x0 2026-02-03T09:01:39.499 Engine:Setting original file name "MSCOREE.DLL" for "c:\windows\winsxs\x86_netfx4-mscoree_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_d337c9373f0e13b8\mscoree.tlb", hr=0x0 2026-02-03T09:01:46.611 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\nl-nl\memtest.efi.mui", hr=0x0 2026-02-03T09:01:47.053 Engine:Setting original file name "CertPKICmdlet" for "c:\windows\winsxs\amd64_microsoft.certifica..ts.native.resources_31bf3856ad364e35_10.0.17763.1_en-us_c877ddc9c9d4decb\certpkicmdlet.dll.mui", hr=0x0 2026-02-03T09:01:48.297 Engine:Setting original file name "w32time.dll.mui" for "c:\windows\system32\en-us\w32tm.exe.mui", hr=0x0 2026-02-03T09:01:50.595 Engine:Setting original file name "sbscmp10.dll" for "c:\windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.17763.1_none_fb1eb83d06e1a353\sharedreg12.dll", hr=0x0 2026-02-03T09:01:51.002 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\x86_microsoft-windows-o..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_d5c4712a21f80a67\api-ms-win-shcore-stream-l1-1-0.dll", hr=0x0 2026-02-03T09:01:51.995 Engine:Setting original file name "DWrite" for "c:\windows\system32\en-us\dwrite.dll.mui", hr=0x0 2026-02-03T09:01:53.825 Engine:Setting original file name "XLCALL.DLL" for "c:\program files\microsoft office\root\office16\xlcall32.dll", hr=0x0 2026-02-03T09:01:54.233 Engine:Setting original file name ""EventTracingManagement.dll".mui" for "c:\windows\winsxs\amd64_microsoft-windows-e..2provider.resources_31bf3856ad364e35_10.0.17763.1_en-us_4338e3bad64c10c7\eventtracingmanagement.dll.mui", hr=0x0 2026-02-03T09:01:54.797 Engine:Setting original file name "Windows SDK" for "c:\windows\system32\winmetadata\windows.data.winmd", hr=0x0 2026-02-03T09:01:56.011 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-file-l2-1-1.dll", hr=0x0 2026-02-03T09:01:58.000 Engine:Setting original file name "libssl" for "c:\program files (x86)\internet download manager\libssl.dll", hr=0x0 2026-02-03T09:01:58.585 Engine:Setting original file name "sqlaccess" for "c:\windows\winsxs\amd64_microsoft-windows-wid_31bf3856ad364e35_10.0.17763.1_none_9870f12fb40ec83a\sqlaccess.dll", hr=0x0 2026-02-03T09:01:58.675 Engine:Setting original file name "MFC40.DLL.MUI" for "c:\windows\syswow64\en-us\mfc40u.dll.mui", hr=0x0 2026-02-03T09:01:58.797 Engine:Setting original file name "idmmzcc.dll" for "c:\program files (x86)\internet download manager\idmmzcc7_64.dll", hr=0x0 2026-02-03T09:01:58.879 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-debug-l1-1-1.dll", hr=0x0 2026-02-03T09:02:00.013 Engine:Setting original file name "URLRedirection.dll" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\urlredir.dll", hr=0x0 2026-02-03T09:02:00.108 Engine:Setting original file name "penusa.dll" for "c:\program files (x86)\common files\microsoft shared\ink\pipres.dll", hr=0x0 2026-02-03T09:02:00.772 Engine:Setting original file name "MSACC9.OLB" for "c:\program files\microsoft office\root\office16\msacc.olb", hr=0x0 2026-02-03T09:02:03.077 Engine:Setting original file name "Apphelp" for "c:\windows\winsxs\backup\wow64_microsoft-windows-a..structure.resources_31bf3856ad364e35_10.0.17763.1_en-us_f342dcde232b0063_apphelp.dll.mui_59096153", hr=0x0 2026-02-03T09:02:03.401 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_6208593b31ff9592\api-ms-win-security-cryptoapi-l1-1-0.dll", hr=0x0 2026-02-03T09:02:04.112 Engine:Setting original file name "imapi.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-i..egacyshim.resources_31bf3856ad364e35_10.0.17763.1_en-us_143a195f713bf014\imapi.dll.mui", hr=0x0 2026-02-03T09:02:04.841 Engine:Setting original file name "TSSignTool.exe.mui" for "c:\windows\system32\en-us\rdpsign.exe.mui", hr=0x0 2026-02-03T09:02:05.695 Engine:Setting original file name "msvcr100_clr0400.dll" for "c:\windows\system32\msvcr100.dll", hr=0x0 2026-02-03T09:02:08.825 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\office16\api-ms-win-core-processthreads-l1-1-1.dll", hr=0x0 2026-02-03T09:02:10.056 Engine:Setting original file name "Microsoft.Vsa.dll" for "c:\windows\microsoft.net\framework64\v2.0.50727\microsoft.vsa.tlb", hr=0x0 2026-02-03T09:02:10.370 Engine:Setting original file name "filterLib.dll.mui" for "c:\windows\system32\en-us\fltlib.dll.mui", hr=0x0 2026-02-03T09:02:11.064 Engine:Setting original file name ""TextInputFramework.DYNLINK"" for "c:\windows\system32\textinputframework.dll", hr=0x0 2026-02-03T09:02:11.350 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-processthreads-l1-1-1.dll", hr=0x0 2026-02-03T09:02:13.785 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-eventing-controller-l1-1-0.dll", hr=0x0 2026-02-03T09:02:14.131 Engine:Setting original file name "PCW_DiagPackage.dll.mui" for "c:\windows\diagnostics\system\pcw\en-us\diagpackage.dll.mui", hr=0x0 2026-02-03T09:02:18.063 Engine:Setting original file name "WUDFHost.exe.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-d..-usermode.resources_31bf3856ad364e35_10.0.17763.1_en-us_b7aa707aafd4e071_wudfhost.exe.mui_1fc689ff", hr=0x0 2026-02-03T09:02:18.525 Engine:Setting original file name "git.exe" for "c:\program files\git\cmd\scalar.exe", hr=0x0 2026-02-03T09:02:19.021 Engine:Setting original file name "sbscmp10.dll" for "c:\windows\winsxs\x86_netfx-sbs_mscorrc_dll_31bf3856ad364e35_10.0.17763.1_none_36012ac10d1b059e\sbs_mscorrc.dll", hr=0x0 2026-02-03T09:02:19.358 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\office16\api-ms-win-crt-stdio-l1-1-0.dll", hr=0x0 2026-02-03T09:02:19.877 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-service-management-l1-1-0.dll", hr=0x0 2026-02-03T09:02:20.341 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-delayload-l1-1-0.dll", hr=0x0 2026-02-03T09:02:21.209 Engine:Setting original file name "evcreate.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-eventcreate.resources_31bf3856ad364e35_10.0.17763.1_en-us_093c3fa01f64dd5f\eventcreate.exe.mui", hr=0x0 2026-02-03T09:02:25.965 Engine:Setting original file name "MSPPT12.OLB" for "c:\program files\microsoft office\root\office16\msppt.olb", hr=0x0 2026-02-03T09:02:26.832 Engine:Setting original file name "MrmCore.dll" for "c:\windows\syswow64\mrmcorer.dll", hr=0x0 2026-02-03T09:02:26.841 Engine:Setting original file name "penusa.dll" for "c:\program files (x86)\common files\microsoft shared\ink\skchobj.dll", hr=0x0 2026-02-03T09:02:27.992 Engine:Setting original file name "CLEANMGR.DLL.MUI" for "c:\windows\system32\en-us\cleanmgr.exe.mui", hr=0x0 2026-02-03T09:02:28.224 Engine:Setting original file name "Android Studio" for "c:\program files\android\android studio\uninstall.exe", hr=0x0 2026-02-03T09:02:29.099 Engine:Setting original file name "ServDeps.exe.mui" for "c:\windows\winsxs\wow64_microsoft-windows-w..t-snapins.resources_31bf3856ad364e35_10.0.17763.1_en-us_d3fb56d7d58de414\servdeps.dll.mui", hr=0x0 2026-02-03T09:02:32.629 Engine:Setting original file name "AppVEntSubsystems.dll" for "c:\windows\syswow64\appventsubsystems32.dll", hr=0x0 2026-02-03T09:02:32.935 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-profile-l1-1-0.dll", hr=0x0 2026-02-03T09:02:34.807 Engine:Setting original file name ".NET Host Policy - 5.0.0" for "c:\manager\licence\bin\hostpolicy.dll", hr=0x0 2026-02-03T09:02:35.638 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-handle-l1-1-0.dll", hr=0x0 2026-02-03T09:02:35.846 Engine:Setting original file name "oledsldp" for "c:\windows\system32\en-us\adsmsext.dll.mui", hr=0x0 2026-02-03T09:02:36.023 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-memory-l1-1-2.dll", hr=0x0 2026-02-03T09:02:36.179 Engine:Setting original file name "VpnSohDesktop.dll.mui" for "c:\windows\system32\en-us\windows.perception.stub.dll.mui", hr=0x0 2026-02-03T09:02:36.219 Engine:Setting original file name "CertCli" for "c:\windows\system32\en-us\certcli.dll.mui", hr=0x0 2026-02-03T09:02:38.980 Engine:Setting original file name "iccvid.drv.mui" for "c:\windows\syswow64\en-us\iccvid.dll.mui", hr=0x0 2026-02-03T09:02:39.573 Engine:Setting original file name "setup" for "c:\programdata\package cache\{e7a7b1c1-36dd-4cae-bfcb-8bc676ab68c3}\powershell-7.5.4-win-x64.exe", hr=0x0 2026-02-03T09:02:39.616 Engine:Setting original file name "mavinject64.exe" for "c:\windows\system32\mavinject.exe", hr=0x0 2026-02-03T09:02:39.775 Engine:Setting original file name "AppVEntSubsystems.dll" for "c:\windows\system32\appventsubsystems64.dll", hr=0x0 2026-02-03T09:02:40.066 Engine:Setting original file name "winsqlite3" for "c:\windows\winsxs\wow64_microsoft-windows-winsqlite3_31bf3856ad364e35_10.0.17763.5696_none_6e26d5082fb1d30b\winsqlite3.dll", hr=0x0 2026-02-03T09:02:41.144 Engine:Setting original file name "audioadg.exe.mui" for "c:\windows\system32\en-us\audiodg.exe.mui", hr=0x0 2026-02-03T09:02:41.267 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.data.winmd", hr=0x0 2026-02-03T09:02:42.167 Engine:Setting original file name "FX_VER_INTERNALNAME_STR" for "c:\manager\licence\bin\mscorrc.dll", hr=0x0 2026-02-03T09:02:44.122 Engine:Setting original file name "GitHub Desktop" for "c:\users\administrator\appdata\local\githubdesktop\githubdesktop.exe", hr=0x0 2026-02-03T09:02:44.347 Engine:Setting original file name "MSCORLIB.DLL" for "c:\windows\winsxs\x86_netfx4-mscorlib_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_53015c3aad4760ed\mscorlib.tlb", hr=0x0 2026-02-03T09:02:45.751 Engine:Setting original file name "dxmasf.dll" for "c:\windows\syswow64\msdxm.ocx", hr=0x0 2026-02-03T09:02:47.937 Engine:Setting original file name "gprslt.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-g..linetools.resources_31bf3856ad364e35_10.0.17763.1_en-us_84d8c08cfe8bdc4e\gpresult.exe.mui", hr=0x0 2026-02-03T09:02:49.623 Engine:Setting original file name "SSystemPropertiesProtection.EXE.MUI" for "c:\windows\system32\en-us\systempropertiesprotection.exe.mui", hr=0x0 2026-02-03T09:02:49.873 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-datetime-l1-1-1.dll", hr=0x0 2026-02-03T09:02:51.097 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\api-ms-win-crt-filesystem-l1-1-0.dll", hr=0x0 2026-02-03T09:02:51.184 Engine:Setting original file name "UNKNOWN_FILE" for "c:\windows\winsxs\x86_netfx-sys_windows_forms_tlb_b03f5f7f11d50a3a_10.0.17763.1_none_54001bc1d6d8ab30\system.windows.forms.tlb", hr=0x0 2026-02-03T09:02:52.566 Engine:Setting original file name "mpg4dmod.dll" for "c:\windows\system32\mp43decd.dll", hr=0x0 2026-02-03T09:02:53.739 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-sysinfo-l1-2-0.dll", hr=0x0 2026-02-03T09:02:53.929 Engine:Setting original file name "WMIC.exe" for "c:\windows\winsxs\wow64_microsoft-windows-w..ommand-line-utility_31bf3856ad364e35_10.0.17763.1_none_9cc4699659612012\wmic.exe", hr=0x0 2026-02-03T09:02:54.230 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-shutdown-l1-1-0.dll", hr=0x0 2026-02-03T09:02:56.328 Engine:Setting original file name "ndisimplatwmi.DLL.MUI" for "c:\windows\syswow64\wbem\en-us\ndisimplatcim.dll.mui", hr=0x0 2026-02-03T09:02:56.988 Engine:Setting original file name "mscordaccore.dll" for "c:\users\administrator\downloads\compressed\managerserver-win-x64_10\mscordaccore_amd64_amd64_8.0.724.31311.dll", hr=0x0 2026-02-03T09:02:57.292 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-stringansi-l1-1-0.dll", hr=0x0 2026-02-03T09:02:58.398 Engine:Setting original file name "KSLDriver.sys" for "c:\windows\system32\mpenginestore\mpksldrv.sys", hr=0x0 2026-02-03T09:02:59.928 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\pt-br\msprivs.dll.mui", hr=0x0 2026-02-03T09:03:02.056 Engine:Setting original file name "Tally Setup" for "c:\program files\tallyprimeeditlog (1)\setup.exe", hr=0x0 2026-02-03T09:03:02.726 Engine:Setting original file name "SaveAsWebVML.vsl" for "c:\program files\microsoft office\root\office16\savwbras.dll", hr=0x0 2026-02-03T09:03:03.128 Engine:Setting original file name "msedgeupdate.dll" for "c:\program files (x86)\microsoft\edgeupdate\1.3.217.3\psmachine_64.dll", hr=0x0 2026-02-03T09:03:04.380 Engine:Setting original file name "devinfoset.DLL" for "c:\windows\winsxs\wow64_microsoft-onecore-pnp-devicemanagement_31bf3856ad364e35_10.0.17763.2145_none_9b5bd494641118e6\devobj.dll", hr=0x0 2026-02-03T09:03:04.438 Engine:Setting original file name "Ribbons" for "c:\windows\winsxs\amd64_microsoft-windows-ribbons.resources_31bf3856ad364e35_10.0.17763.1_en-us_ec3052a9df5f4b2c\ribbons.scr.mui", hr=0x0 2026-02-03T09:03:08.724 Engine:Setting original file name "Mystify" for "c:\windows\winsxs\amd64_microsoft-windows-mystify.resources_31bf3856ad364e35_10.0.17763.1_en-us_3eaef1343edc066c\mystify.scr.mui", hr=0x0 2026-02-03T09:03:09.419 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-memory-l1-1-0.dll", hr=0x0 2026-02-03T09:03:10.969 Engine:Setting original file name "SETUP.EXE.MUI" for "c:\windows\syswow64\en-us\setup16.exe.mui", hr=0x0 2026-02-03T09:03:11.781 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-xstate-l1-1-0.dll", hr=0x0 2026-02-03T09:03:12.868 Engine:Setting original file name "FontCacheService" for "c:\windows\system32\en-us\fntcache.dll.mui", hr=0x0 2026-02-03T09:03:14.372 Engine:Setting original file name "BITS_DiagPackage.dll.mui" for "c:\windows\diagnostics\system\bits\en-us\diagpackage.dll.mui", hr=0x0 2026-02-03T09:03:15.258 Engine:Setting original file name "setup" for "c:\program files\google\chrome\application\144.0.7559.110\installer\chrmstp.exe", hr=0x0 2026-02-03T09:03:18.838 Engine:Setting original file name "SOA1000.DLL" for "c:\program files\microsoft office\root\office16\soa.dll", hr=0x0 2026-02-03T09:03:19.226 Engine:Setting original file name "MPRDIM.DLL.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-rasserver.resources_31bf3856ad364e35_10.0.17763.1_en-us_6c06fe2b1464c7cc_mprdim.dll.mui_11b5ef08", hr=0x0 2026-02-03T09:03:19.721 Engine:Setting original file name "msvcr100_clr0400.dll" for "c:\program files\microsoft office\root\vfs\system\msvcr100.dll", hr=0x0 2026-02-03T09:03:20.422 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-localization-obsolete-l1-2-0.dll", hr=0x0 2026-02-03T09:03:20.825 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-crt-private-l1-1-0.dll", hr=0x0 2026-02-03T09:03:24.289 Engine:Setting original file name "memdiag.exe" for "c:\windows\winsxs\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.17763.107_ru-ru_7f54e2c195f987c6\memtest.exe.mui", hr=0x0 2026-02-03T09:03:24.845 Engine:Setting original file name "MSJINT40.DLL" for "c:\windows\syswow64\en-us\msjint40.dll.mui", hr=0x0 2026-02-03T09:03:26.183 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\el-gr\msprivs.dll.mui", hr=0x0 2026-02-03T09:03:26.947 Engine:Setting original file name "MediumIL" for "c:\program files (x86)\internet download manager\mediumilstart.exe", hr=0x0 2026-02-03T09:03:27.292 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-crt-conio-l1-1-0.dll", hr=0x0 2026-02-03T09:03:28.645 Engine:Setting original file name "CMMIGR.DLL" for "c:\windows\syswow64\setup\pbkmigr.dll", hr=0x0 2026-02-03T09:03:29.111 Engine:Setting original file name "digsig32.dll" for "c:\program files\microsoft office\root\office16\exsec32.dll", hr=0x0 2026-02-03T09:03:30.101 Engine:Setting original file name "DeviceCategories.dll.mui" for "c:\windows\system32\en-us\ddores.dll.mui", hr=0x0 2026-02-03T09:03:30.497 Engine:Setting original file name "EtwEseProviderResources" for "c:\windows\winsxs\wow64_microsoft-etw-ese.resources_31bf3856ad364e35_10.0.17763.1_en-us_ef6d6d2b6c07370c\etweseproviderresources.dll.mui", hr=0x0 2026-02-03T09:03:35.051 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-processenvironment-l1-2-0.dll", hr=0x0 2026-02-03T09:03:37.458 Engine:Setting original file name "WUDFPf.sys.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-d..-usermode.resources_31bf3856ad364e35_10.0.17763.1_en-us_b7aa707aafd4e071_wudfpf.sys.mui_f61e9e86", hr=0x0 2026-02-03T09:03:38.163 Engine:Setting original file name "TSThemeS.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-t..ces-theme.resources_31bf3856ad364e35_10.0.17763.1_en-us_c2c2ce7a9a17fba3\tstheme.exe.mui", hr=0x0 2026-02-03T09:03:40.570 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-memory-l1-1-1.dll", hr=0x0 2026-02-03T09:03:40.718 Engine:Setting original file name "Microsoft.RightsManagementServices.Admin.SnapinAbout.dll.MUI" for "c:\windows\winsxs\amd64_microsoft-windows-r..resources.resources_31bf3856ad364e35_10.0.17763.1_en-us_55b81315ae52fc40\microsoft.rightsmanagementservices.admin.snapinaboutresource.dll.mui", hr=0x0 2026-02-03T09:03:41.128 Engine:Setting original file name "DynaMon.dll.mui" for "c:\windows\system32\en-us\usbmon.dll.mui", hr=0x0 2026-02-03T09:03:42.195 Engine:Setting original file name "ISOLMIG.DLL" for "c:\windows\syswow64\migisol.dll", hr=0x0 2026-02-03T09:03:42.417 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\pcat\el-gr\memtest.exe.mui", hr=0x0 2026-02-03T09:03:42.530 Engine:Setting original file name "Device_DiagPackage.dll.mui" for "c:\windows\diagnostics\system\device\en-us\diagpackage.dll.mui", hr=0x0 2026-02-03T09:03:47.114 Engine:Setting original file name "Microsoft.JScript.dll" for "c:\windows\winsxs\amd64_netfx-scripting_engine_tlb_b03f5f7f11d50a3a_10.0.17763.1_none_29fc1fee5bcc4465\microsoft.jscript.tlb", hr=0x0 2026-02-03T09:03:47.129 Engine:Setting original file name "ProMgr.dll" for "c:\program files\microsoft office\root\office16\propmgr.dll", hr=0x0 2026-02-03T09:03:47.458 Engine:Setting original file name "WLRMNDR.EXE.MUI" for "c:\windows\winsxs\amd64_microsoft-windows-w..gon-tools.resources_31bf3856ad364e35_10.0.17763.1_en-us_06727a76e9dd94de\wlrmdr.exe.mui", hr=0x0 2026-02-03T09:03:50.969 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\sv-se\memtest.efi.mui", hr=0x0 2026-02-03T09:03:51.267 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-base-util-l1-1-0.dll", hr=0x0 2026-02-03T09:03:52.576 Engine:Setting original file name "SaveAsWebHF.vsl" for "c:\program files\microsoft office\root\office16\savwbhf.dll", hr=0x0 2026-02-03T09:03:53.555 Engine:Setting original file name "libcrypto" for "c:\program files (x86)\internet download manager\libcrypto.dll", hr=0x0 2026-02-03T09:03:53.821 Engine:Setting original file name "Register-CimProvider2.exe.mui" for "c:\windows\winsxs\wow64_microsoft-windows-w..vider-exe.resources_31bf3856ad364e35_10.0.17763.1_en-us_25273528434aea61\register-cimprovider.exe.mui", hr=0x0 2026-02-03T09:03:54.902 Engine:Setting original file name "ProjectModel.dll" for "c:\program files\microsoft office\root\office16\projmodl.dll", hr=0x0 2026-02-03T09:03:55.499 Engine:Setting original file name "gdi32" for "c:\windows\system32\gdi32.dll", hr=0x0 2026-02-03T09:03:55.827 Engine:Setting original file name "schtasks.exe" for "c:\windows\system32\schtasks.exe", hr=0x0 2026-02-03T09:03:56.270 Engine:Setting original file name "utilman2.exe.mui" for "c:\windows\system32\en-us\utilman.exe.mui", hr=0x0 2026-02-03T09:03:59.096 Engine:Setting original file name "dwmcore" for "c:\windows\winsxs\amd64_microsoft-windows-d..ompositor.resources_31bf3856ad364e35_10.0.17763.1_en-us_54404e4dd1f94676\dwmcore.dll.mui", hr=0x0 2026-02-03T09:04:01.254 Engine:Setting original file name " " for "c:\users\administrator\downloads\composer-setup.exe", hr=0x0 2026-02-03T09:04:01.935 Engine:Setting original file name "mapistub.dll" for "c:\windows\system32\mapi32.dll", hr=0x0 2026-02-03T09:04:02.272 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-security-sddl-l1-1-0.dll", hr=0x0 2026-02-03T09:04:02.870 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-threadpool-private-l1-1-0.dll", hr=0x0 2026-02-03T09:04:03.057 Engine:Setting original file name "LyncHtmlConvPxy.cnv" for "c:\program files\microsoft office\root\office16\lynchtmlconvpxy.dll", hr=0x0 2026-02-03T09:04:04.243 Engine:Setting original file name "Adobe PDF Toolbar for IE" for "c:\program files\common files\adobe\acrobat\wcieactivex\dc\x64\acroiefavclient.dll", hr=0x0 2026-02-03T09:04:06.215 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-file-l1-2-1.dll", hr=0x0 2026-02-03T09:04:13.991 Engine:Setting original file name "WindowsUpdate_DiagPackage.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_10.0.17763.1_en-us_72c71197add3cdc6\diagpackage.dll.mui", hr=0x0 2026-02-03T09:04:14.582 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-stringloader-l1-1-1.dll", hr=0x0 2026-02-03T09:04:15.374 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-crt-multibyte-l1-1-0.dll", hr=0x0 2026-02-03T09:04:15.779 Engine:Setting original file name "sbscmp10.dll" for "c:\windows\winsxs\x86_netfx-sbs_wminet_utils_dll_31bf3856ad364e35_10.0.17763.1_none_9542401b25897567\sbs_wminet_utils.dll", hr=0x0 2026-02-03T09:04:16.572 Engine:Setting original file name "Windows.Security.Credentials.UI.CredentialPicker.exe" for "c:\windows\winsxs\wow64_microsoft-windows-s..y-credential-picker_31bf3856ad364e35_10.0.17763.1697_none_0851a88541e7c4ce\windows.security.credentials.ui.credentialpicker.dll", hr=0x0 2026-02-03T09:04:18.468 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\it-it\msprivs.dll.mui", hr=0x0 2026-02-03T09:04:18.551 Engine:Setting original file name "netiougc.exe.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-tcpip.resources_31bf3856ad364e35_10.0.17763.1_en-us_bd08633e254d6a99_netiougc.exe.mui_ad7a9e4d", hr=0x0 2026-02-03T09:04:18.612 Engine:Setting original file name "SR.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-narrator.resources_31bf3856ad364e35_10.0.17763.1_en-us_b71b946ba89732f6\narrator.exe.mui", hr=0x0 2026-02-03T09:04:23.337 Engine:Setting original file name "wersvc" for "c:\windows\system32\en-us\wersvc.dll.mui", hr=0x0 2026-02-03T09:04:24.503 Engine:Setting original file name "spwizres.dll" for "c:\windows\syswow64\spwizimg.dll", hr=0x0 2026-02-03T09:04:24.879 Engine:Setting original file name ".NET Host Resolver - 5.0.0" for "c:\manager\licence\bin\hostfxr.dll", hr=0x0 2026-02-03T09:04:25.072 Engine:Setting original file name "IPRTRMGR.DLL.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-rasserver.resources_31bf3856ad364e35_10.0.17763.1_en-us_6c06fe2b1464c7cc_iprtrmgr.dll.mui_eb023b92", hr=0x0 2026-02-03T09:04:27.858 Engine:Setting original file name "git.exe" for "c:\program files\git\git-cmd.exe", hr=0x0 2026-02-03T09:04:28.090 Engine:Setting original file name "OLBNAME" for "c:\program files\microsoft office\root\office16\msprj.olb", hr=0x0 2026-02-03T09:04:28.196 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-security-lsalookup-l2-1-1.dll", hr=0x0 2026-02-03T09:04:28.875 Engine:Setting original file name "System.Drawing.dll" for "c:\windows\winsxs\amd64_netfx4-system_drawing_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_0c09af3eb391f312\system.drawing.tlb", hr=0x0 2026-02-03T09:04:29.193 Engine:Setting original file name "DefaultGPOFix" for "c:\windows\winsxs\amd64_microsoft-windows-g..o-restore.resources_31bf3856ad364e35_10.0.17763.1_en-us_bf4059b20212ecf7\dcgpofix.exe.mui", hr=0x0 2026-02-03T09:04:29.806 Engine:Setting original file name "iismui" for "c:\windows\winsxs\amd64_microsoft-windows-i..acysnapin.resources_31bf3856ad364e35_10.0.17763.1_en-us_a8454c1deaba74c1\iismui.dll.mui", hr=0x0 2026-02-03T09:04:30.157 Engine:Setting original file name "SgrmEnclave.dll" for "c:\windows\system32\sgrmenclave_secure.dll", hr=0x0 2026-02-03T09:04:33.275 Engine:Setting original file name "idmcchandler.dll" for "c:\program files (x86)\internet download manager\idmcchandler2_64.dll", hr=0x0 2026-02-03T09:04:36.786 Engine:Setting original file name "rasauto.dll.mui" for "c:\windows\winsxs\backup\wow64_microsoft-windows-rasauto-mui.resources_31bf3856ad364e35_10.0.17763.1_en-us_c24c30edd2c9a5f1_rasauto.dll.mui_12fa2c50", hr=0x0 2026-02-03T09:04:37.414 Engine:Setting original file name "MicrosoftEdgeUpdateSetup.exe" for "c:\users\administrator\downloads\programs\microsoftedgesetup.exe", hr=0x0 2026-02-03T09:04:37.820 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\fi-fi\msprivs.dll.mui", hr=0x0 2026-02-03T09:04:38.096 Engine:Setting original file name "davsvc.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-w..r-webclnt.resources_31bf3856ad364e35_10.0.17763.1_en-us_3030de7428c7c284\webclnt.dll.mui", hr=0x0 2026-02-03T09:04:39.036 Engine:Setting original file name "WindowsMediaPlayerPlayDVD_DiagPackage.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_10.0.17763.1_en-us_9181baef114b29b6\diagpackage.dll.mui", hr=0x0 2026-02-03T09:04:39.863 Engine:Setting original file name "WIASERVC.DLL.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-w..eservices.resources_31bf3856ad364e35_10.0.17763.1_en-us_ca1d7e44124f7a48_wiaservc.dll.mui_54051b53", hr=0x0 2026-02-03T09:04:42.775 Engine:Setting original file name "LicProtectorEXE" for "c:\program files\vs revo group\revo uninstaller pro\ruplp.exe", hr=0x0 2026-02-03T09:04:46.129 Engine:Setting original file name "IEBrowseWeb_DiagPackage.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-i..iagnostic.resources_31bf3856ad364e35_10.0.17763.1_en-us_e34220f01fb2b602\diagpackage.dll.mui", hr=0x0 2026-02-03T09:04:46.649 Engine:Setting original file name "OGL" for "c:\program files\microsoft office\root\office16\ocogl.dll", hr=0x0 2026-02-03T09:04:47.141 Engine:Setting original file name "DrvInst.EXE.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-pnp-drvinst.resources_31bf3856ad364e35_10.0.17763.1_en-us_a6aff57dee6bf902_drvinst.exe.mui_e88f4c73", hr=0x0 2026-02-03T09:04:47.312 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-threadpool-legacy-l1-1-0.dll", hr=0x0 2026-02-03T09:04:48.295 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-heap-obsolete-l1-1-0.dll", hr=0x0 2026-02-03T09:04:49.253 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-kernel32-legacy-l1-1-1.dll", hr=0x0 2026-02-03T09:04:50.519 Engine:Setting original file name "partmgr.sys.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-p..onmanager.resources_31bf3856ad364e35_10.0.17763.1_en-us_eef1af88a2cfbd4e_partmgr.sys.mui_b800c491", hr=0x0 2026-02-03T09:04:51.449 Engine:Setting original file name "MPX Interface.DLL" for "c:\program files\microsoft office\root\office16\mpxint.dll", hr=0x0 2026-02-03T09:04:51.526 Engine:Setting original file name "intldate" for "c:\program files\microsoft office\root\office16\ocintldate.dll", hr=0x0 2026-02-03T09:04:52.017 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-string-obsolete-l1-1-0.dll", hr=0x0 2026-02-03T09:04:52.605 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-libraryloader-l1-1-0.dll", hr=0x0 2026-02-03T09:04:52.627 Engine:Setting original file name "pwsh.dll" for "c:\program files\powershell\7\pwsh.exe", hr=0x0 2026-02-03T09:04:52.671 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-processthreads-l1-1-1.dll", hr=0x0 2026-02-03T09:04:57.238 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-service-management-l2-1-0.dll", hr=0x0 2026-02-03T09:04:57.334 OriginalFileName Maintenance::8823 files in Moac, 0 skipped (cached), 318 filename set 2026-02-03T09:04:57.334 [AutoPurge] Routine task for Cache Maintenance has ended. 2026-02-03T09:13:56.017 CheckProductDisabled(fWaitWSC: 0, fRemoveConfigs: 1) ... 2026-02-03T09:13:56.129 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-03T09:13:56.129 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-03T09:13:56.129 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-03T09:13:56.129 [RTP] [RtpConfig] Config change detected, type: 4 2026-02-03T09:13:56.129 [RTP] [RtpConfig] Config change detected, type: 8 2026-02-03T09:13:56.129 [RTP] [RtpConfig] Config change detected, type: 16 2026-02-03T09:13:56.129 [RTP] [RtpConfig] Config change detected, type: 1024 2026-02-03T09:13:56.129 [RTP] [RtpConfig] Config change detected, type: 2048 2026-02-03T09:13:56.129 [RTP] Setting DisableAsyncScanOnClose to 0 (hr=0). 2026-02-03T09:13:56.129 [RTP] Setting DisableAsyncScanOnOpen to 0 in wdfilter (hr=0). 2026-02-03T09:13:56.129 [RTP] Setting FilterExperimentMode to 0 (hr=0). 2026-02-03T09:13:56.251 [RTP] Setting DisableDriverUnload to 1 (hr=0). 2026-02-03T09:13:56.251 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-03T09:13:56.251 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-03T09:13:56.251 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-03T09:13:56.251 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-03T09:13:56.251 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-03T09:13:56.251 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-03T09:13:56.251 [RTP] [RTP] LastAccessTimeSuppression for network files is enabled by configuration. 2026-02-03T09:13:56.251 [RTP] [RtpConfig] Config change detected, type: 64 2026-02-03T09:13:56.257 [NRI] Stopping NIS service ... 2026-02-03T09:13:56.257 [NRI] Stopping NIS service ... 2026-02-03T09:13:56.258 [NRI] Stopping NIS service ... 2026-02-03T09:13:56.258 [NRI] Stopping NIS service ... 2026-02-03T09:13:56.259 [NRI] Stopping NIS service ... 2026-02-03T09:13:58.632 [RTP] Duplicating the current plugin configuration object... 2026-02-03T09:13:58.632 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-03T09:13:58.632 [RTP] Updating plugin configuration due to recent config changes (0x43e) ... 2026-02-03T09:13:58.632 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-03T09:13:58.632 [RTP] Calling GenerateEngineConfigStruct (0x18) ... 2026-02-03T09:13:58.679 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x43e, Changed: 0x218 2026-02-03T09:14:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T09:29:35.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T09:44:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T09:59:45.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T10:14:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T10:29:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T10:45:00.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T11:00:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T11:15:10.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T11:30:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T11:45:20.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T12:00:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T12:15:30.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T12:30:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T12:45:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T13:00:45.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T13:15:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T13:30:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T13:46:00.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T14:01:05.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T14:16:10.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T14:31:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T14:46:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T15:01:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T15:16:30.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T15:31:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T15:46:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T16:01:45.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T16:16:50.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T16:31:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T16:47:00.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T17:02:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T17:17:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T17:32:15.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T17:47:20.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T18:02:25.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T18:17:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T18:32:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T18:47:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T19:02:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T19:17:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T19:23:55.386 [AutoPurge] AutoPurgeWorker triggered with dwWork=0x3 2026-02-03T19:23:55.387 Job Notification: New process added to job (12152) 2026-02-03T19:23:55.389 Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) launched 2026-02-03T19:23:55.390 Aggressive catchup quick scan threshold: 728653103223 / 25920000000000 2026-02-03T19:23:55.418 Job Notification: New process added to job (5132) 2026-02-03T19:23:55.433 [RTP] [Mini-filter] Denied OB operation OpenProcess[\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe][Pid:12152] from process [\Device\HarddiskVolume4\Windows\System32\conhost.exe][Pid:5132]. OriginalDesiredAccess: [0x1fffff] ResultingAccess: [0x1ff7d4] 2026-02-03T19:23:55.551 Job Notification: New process added to job (7672) 2026-02-03T19:23:55.552 Task(SignaturesUpdateService -ScheduleJob -UnmanagedUpdate) launched 2026-02-03T19:23:55.553 Job Notification: New process added to job (18028) 2026-02-03T19:23:55.557 [RTP] [Mini-filter] Denied OB operation OpenProcess[\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe][Pid:7672] from process [\Device\HarddiskVolume4\Windows\System32\conhost.exe][Pid:18028]. OriginalDesiredAccess: [0x1fffff] ResultingAccess: [0x1ff7d4] 2026-02-03T19:23:55.894 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-03T19:23:55.894 [RTP] Duplicating the current plugin configuration object... 2026-02-03T19:23:55.894 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-03T19:23:55.894 [RTP] Updating plugin configuration due to recent config changes (0x20) ... 2026-02-03T19:23:55.894 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-03T19:23:55.894 [RTP] No config change detected. Not updating plugin configuration. 2026-02-03T19:23:55.894 [RTP] No config changes found. No configuration switch. 2026-02-03T19:23:55.894 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x20, Changed: 0 2026-02-03T19:24:50.221 UpdateEngine start: Source: 1, szUpdateDirectory: C:\Windows\Temp\5672D40A-BFCD-4447-A2AC-251FA7A9F8D5253c.1dc9542c1340765 2026-02-03T19:24:50.479 Verifying engine and signature files (source: 0) ... 2026-02-03T19:24:50.479 Skipped verification of [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{112E9DD7-BD97-47FE-A5E0-55EE31DE8AF1}\mpengine.dll] due to PPL. 2026-02-03T19:24:50.479 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{112E9DD7-BD97-47FE-A5E0-55EE31DE8AF1}\mpasbase.vdm] (file in cache) 2026-02-03T19:24:50.480 MpCacheManagerIsTrustedFile [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{112E9DD7-BD97-47FE-A5E0-55EE31DE8AF1}\mpasdlta.vdm]. File not in cache (0x1) 2026-02-03T19:24:50.507 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{112E9DD7-BD97-47FE-A5E0-55EE31DE8AF1}\mpasdlta.vdm] 2026-02-03T19:24:50.507 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{112E9DD7-BD97-47FE-A5E0-55EE31DE8AF1}\mpavbase.vdm] (file in cache) 2026-02-03T19:24:50.507 MpCacheManagerIsTrustedFile [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{112E9DD7-BD97-47FE-A5E0-55EE31DE8AF1}\mpavdlta.vdm]. File not in cache (0x1) 2026-02-03T19:24:50.532 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{112E9DD7-BD97-47FE-A5E0-55EE31DE8AF1}\mpavdlta.vdm] 2026-02-03T19:24:50.780 [Engine] IsHybridMode: 0 2026-02-03T19:24:50.805 [KSL]KSL(1.1.25080.5) Is available via CAMP. KslDevice : KslD, TDTDevice : TDT 2026-02-03T19:24:50.921 Database:Can't find offline cache cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-DD3A81021DFAD838CB50E03C1FDAD5474198A09B.bin): 0x00000002 2026-02-03T19:24:50.922 Database:Creating offline cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-DD3A81021DFAD838CB50E03C1FDAD5474198A09B.bin) 2026-02-03T19:24:50.922 Database:Product:1, ProductVersion:5, Platform:6, PlatformVersion:19, IsBeta:0, IsAdvancedAtLoad:0, IsParanoid: 0, IsOffline: 0 2026-02-03T19:24:50.922 Database:IsEmbedded: 0, IsIEVEnabled: 0, IsServerSku: 1, IsRsdhSku: 1, IsEnterpriseProduct: 0, IsMsft: 0, IsSeville: 0, IsMsSense: 0, IsImmune: 0, IsMba: 0, IsPus: 0, IsManaged: 0, IsSmode: 0 2026-02-03T19:24:50.922 Database:IsAutoSubmit:0, IsPusRem:0, LoadedAS:1, LoadedAV:1, LoadedInternal: 0, PassiveMode: 0, SxsPassiveMode:0, IsDevMode:0, IsTestSigning:0, IsWCOS: 0, IsInsideContainer: 0, IsHybridMode: 0 2026-02-03T19:24:50.922 Database:kLCID:1033, kOsVersion:655360, kProcessorArch:9, dwIsTest:0, fTdtCapable:0, fTdtUVE:0, dwTDTSiloType:0, kOOsVersion:655360, kOsSP:0, kOsBld:17763, dwPvpRing=0xffffffff IDynamicConfig::ReportError value=BruteForceProtectionIPExclusion hr=0x8007007b IDynamicConfig::ReportError value=BruteForceProtectionStatus hr=0x8007007b IDynamicConfig::ReportError value=DisableGradualRelease hr=0x8007007b IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007b IDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000d IDynamicConfig::ReportError value=MpCampRingThrottled hr=0x8007007b IDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d IDynamicConfig::ReportError value=MpEngineRingThrottled hr=0x8007007b 2026-02-03T19:25:11.831 Geo ID not found using standard default set: :SOAP:https://wdcp.microsoft.com/WdCpSrvc.asmx 2026-02-03T19:25:11.842 [AutoExclusion] Applied roles from cache. 2026-02-03T19:25:11.842 [AutoExclusion] Started roles monitoring. IDynamicConfig::ReportError ECS value=EnableAdsSymlinkMitigation_MpRamp hr=0x8007007b IDynamicConfig::ReportError ECS value=EnableBmProcessInfoMetastoreMaintenance_MpRamp hr=0x800700d4 IDynamicConfig::ReportError ECS value=EnableCIWorkaroundOnCFAEnabled_MpRamp hr=0x8007007b IDynamicConfig::ReportError ECS value=MdDisableResController hr=0x800700d4 IDynamicConfig::ReportError ECS value=MdTimerInitalDelay hr=0x800700d4 IDynamicConfig::ReportError ECS value=MdTimerMonitorInterval hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpCopyAcceleratorCancellableCopyState hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpDisablePropBagNotification hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpEnableNoMetaStoreProcessInfoContainer hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpEnablePurgeHipsCache hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpForceDllHostScanExeOnOpen hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpDisableResourceMonitoring hr=0x8007007b IDynamicConfig::ReportError ECS value=EnableThreatIdKeyForSigExpiry_MpRamp hr=0x800700d4 IDynamicConfig::ReportError ECS value=NIS_DisableTransportCallouts hr=0x8007007b IDynamicConfig::ReportError ECS value=MpDlpClipboardSettings hr=0x8007007b IDynamicConfig::ReportError ECS value=MpFC_SupportThreatActionDetectionOnly hr=0x8007007b IDynamicConfig::ReportChange ECS value=MpFC_EnableCommonMetricsEvents new=1 old0 IDynamicConfig::ReportChange ECS value=MpDisableBmHealthOneDsEvent new=True oldFalse 2026-02-03T19:25:11.892 [Engine] RSIG_ENGINE_PRE_SHUTDOWN, 0x00007FF915216240, lRefCount: 5, hr=0 2026-02-03T19:25:11.902 [Engine] New active engine 00007FF926446240 replacing engine 00007FF915216240. Number of active engines: 2 2026-02-03T19:25:11.920 EngineInit:Global ASOC is enabled 2026-02-03T19:25:11.920 EngineInit:ASOO is enabled for developer volumes 2026-02-03T19:25:12.087 Engine-HIPS:Loaded ASR vdm rule "Block use of copied or impersonated system tools", State=5, Action=0, Type=9, Duplicates(Interval=288000000000, scope=0x100) 2026-02-03T19:25:12.087 Engine-HIPS:Loaded ASR vdm rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-03T19:25:12.088 Engine-HIPS:Loaded ASR vdm rule "Block credential stealing from the Windows local security authority subsystem (lsass.exe)", State=5, Action=7, Type=1, Duplicates(Interval=288000000000, scope=0x380) 2026-02-03T19:25:12.088 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from injecting code into other processes", State=5, Action=2, Type=24, Duplicates(Interval=144000000000, scope=0x380) 2026-02-03T19:25:12.089 Engine-HIPS:Loaded ASR vdm rule "Controlled folder access", State=0, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-03T19:25:12.089 Engine-HIPS:Loaded ASR vdm rule "Block untrusted and unsigned processes that run from USB", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-03T19:25:12.089 Engine-HIPS:Loaded ASR vdm rule "Block Adobe Reader from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-03T19:25:12.090 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from creating executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-03T19:25:12.090 Engine-HIPS:Loaded ASR vdm rule "Block Webshell creation for Servers", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-03T19:25:12.090 Engine-HIPS:Loaded ASR vdm rule "Block Office communication application from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-03T19:25:12.091 Engine-HIPS:Loaded ASR vdm rule "Block abuse of in-the-wild exploited vulnerable signed drivers", State=5, Action=0, Type=1, Duplicates(Interval=36000000000, scope=0x100) 2026-02-03T19:25:12.091 Engine-HIPS:Loaded ASR vdm rule "Block all Office applications from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-03T19:25:12.091 Engine-HIPS:Loaded ASR vdm rule "Use advanced protection against ransomware", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-03T19:25:12.092 Engine-HIPS:Loaded ASR vdm rule "Block Process Creations originating from PSExec & WMI commands", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-03T19:25:12.092 Engine-HIPS:Loaded ASR vdm rule "Block Launching of executable content from email attachment", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-03T19:25:12.092 Engine-HIPS:Loaded ASR vdm rule "Block JavaScript or VBScript from launching downloaded executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-03T19:25:12.093 Engine-HIPS:Loaded ASR vdm rule "Block persistence through WMI event subscription", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-03T19:25:12.093 Engine-HIPS:Loaded ASR vdm rule "Block rebooting machine in Safe Mode", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-03T19:25:12.093 Engine-HIPS:Loaded ASR vdm rule "Block execution of potentially obfuscated scripts", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-03T19:25:12.113 MpWriteUupSignatureVersion 1.443.990.0, hr = 0 2026-02-03T19:25:12.114 ForceSyncMoacInsertion config from engine is 0, hr = 0x0 2026-02-03T19:25:12.122 [RTP] [Mini-filter] MpFC: MpFC_Kernel_HardenUxProcesses=0;MpFC_Kernel_SystemIoRequestWorkOnBehalfOf=0x1;MpFC_Kernel_PreventBindfltAbuse=0x1;MpFC_Kernel_ParentProcessObHardeningAllow=0;MpFC_Kernel_ReduceOfficeInjectRuleFP=0x1;MPC_Kernel_CheckValidityOfProcessFilterFlagsInASR=0x1;MpFc_Kernel_UseLowPrioThreadsForAsyncScans=0x1;MpFc_Kernel_DisableFileDirtyLogic=0;MpFC_Kernel_DisableDLPPort=0x1;MpFC_Kernel_DlpFeatures=0;MpFC_Kernel_EnableFolderGuardOnPostCreate=0x1;MpFC_Kernel_StrictTiChildrenMatch=0;MpFC_Kernel_PPLReduxMitigationFlags=0x3;MpFc_Kernel_UseLowPriAsyncScansDevDrvOnly=0x1;MpFc_Kernel_DisableOfficeInjectUevSuppression=0x1;MpFc_Kernel_CopyChunkFileHintMask=0;MpFc_Kernel_DisableScanOnCloseForNetworkFiles=0x1;MpFc_Kernel_MaxAsyncWorkQueue=0x400;MpFc_Kernel_DlpIgnoreSystemFolder=0x1;MpFc_Kernel_DlpPassThroughMode=0;MpFc_Kernel_L2StateCache_DefaultStreamsOnly=0x1;MpFc_Kernel_L2StateCache_SupportGenericFileState=0x1;MpFc_Kernel_CryptSvcPreScanFilter=0x1;MpFc_Kernel_SystemPreScanFilter=0x1;MpFC_Kernel_CheckValidit 2026-02-03T19:25:12.123 [HybridMode] HybridMode change notification isHybridModePolicyEnabled: 0, isVerifiedAndReputableTrustModeEnabled: 0 2026-02-03T19:25:12.123 Hybrid mode change notification called, no change detected in verified and reputable trust mode (0 -> 0)! 2026-02-03T19:25:12.123 Hybrid mode change notification called, no change detected in Hybrid mode (0 -> 0)!ApplyDefenderProcessTokenTrustLableAce succeeded to set. 2026-02-03T19:25:12.133 MpUpdateUpdateResiliencyConfiguration updated to 0 2026-02-03T19:25:12.133 [Plugin] Initializing RTP plugin state... 2026-02-03T19:25:12.133 [Plugin] Normal mode, or passive mode with shadow protection enabled. Will not force RTP off. 2026-02-03T19:25:12.133 [RTP] ****************************RTP Perf Log*************************** RTP Start:‎02‎-‎02‎-‎2026 22:25:38 Last Perf:‎02‎-‎02‎-‎2026 22:25:37 First RTP Scan:N/A Plugin States: AV:1 AS:1 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\OInstall_x64.exe C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\files C:\Users\Administrator\Downloads\InternetDownloadManager6.42Build3.c.taiwebs.com\Internet Download Manager 6.42 Build 3 Multilingual\Patch C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\OInstall.exe Ext Exclusions: Temp Exclusions: Worker Threads: AM:18 Async:4 Cache Flushes: RTP:1 System File Cache: Hits:0 Misses:0 BM Queue:0,1,0 Proc:0,1,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:1,3,0 SetEngine:1,1,0 SetState:0,1,0 SetUser:0,0,0 Config:0,2,0 ProcExcl:0,1,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:280640 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:256020 AsyncQCurrent:0 BMFlags:1160 ServiceMaj:0 ServiceMin:0 NumInstance:6 TotalStreamCon:3129 NTFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:-1541743202 TotalHits:0 InstanceCacheInserts:200599 InstanceCacheUpdates:0 InstanceCacheDeletes:70900 InstanceCacheHits:3069 InstanceCacheMisses:1440881 InstanceCacheOverflows:125243 CSVFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 SyncProcessCreateDuration:-1ms (0/0) Success: 0, failures: 0 (last code: 0x0), timeouts: 0, baddata: 0 **************************END RTP Perf Log************************* 2026-02-03T19:25:12.133 [Engine] Loaded C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{112E9DD7-BD97-47FE-A5E0-55EE31DE8AF1} 2026-02-03T19:25:12.133 [Engine] Skip removing C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5F5F6786-5D8D-46F7-8DC4-718C4984D44C}, C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5F5F6786-5D8D-46F7-8DC4-718C4984D44C}\mpasbase.vdm in use, hr=0x80070020 2026-02-03T19:25:12.133 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-03T19:25:12.143 [SCC][CID=4408205765_15240] [1DS] SCCState hr=0x0 msg={"error":"","hr":"0x0","init":false,"source":"None","state":"None"} 2026-02-03T19:25:12.143 Failed to retrieve config value from engine or configurations for config key (MdCpuSensorCollectionLag) hr = 0x8050800f 2026-02-03T19:25:12.143 Failed to retrieve config value from engine or configurations for config key (MdCrashSensorCollectionLag) hr = 0x8050800f 2026-02-03T19:25:12.143 Failed to retrieve config value from engine or configurations for config key (MdDiskSensorCollectionLag) hr = 0x8050800f 2026-02-03T19:25:12.143 Failed to retrieve config value from engine or configurations for config key (MdMemorySensorCollectionLag) hr = 0x8050800f 2026-02-03T19:25:12.143 MdCoreSvc is supported in this platform and OS Beginning quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Target: Flags:131074 Start time:02-03-2026 19:25:12 Finished quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Result:0 End time:02-03-2026 19:25:12 2026-02-03T19:25:12.145 MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0 2026-02-03T19:25:12.145 MpPlatformKillbitsFromEngineEx (0x0) (0x0) written, hr = 0 2026-02-03T19:25:12.146 [NRI] Stopping NIS service ... 2026-02-03T19:25:12.146 Failed to retrieve config value from engine or configurations for config key (MdCpuSensorCollectionLag) hr = 0x8050800f 2026-02-03T19:25:12.146 Failed to retrieve config value from engine or configurations for config key (MdCrashSensorCollectionLag) hr = 0x8050800f 2026-02-03T19:25:12.147 Failed to retrieve config value from engine or configurations for config key (MdDiskSensorCollectionLag) hr = 0x8050800f 2026-02-03T19:25:12.147 Failed to retrieve config value from engine or configurations for config key (MdMemorySensorCollectionLag) hr = 0x8050800f 2026-02-03T19:25:12.147 MdCoreSvc is supported in this platform and OS Signature updated on 02-03-2026 19:25:12 Product Version: 4.18.25110.6 Service Version: 4.18.25110.6 Engine Version: 1.1.25110.1 AS Signature Version: 1.443.990.0 AV Signature Version: 1.443.990.0 ************************************************************ 2026-02-03T19:25:12.149 [Update] Performing ScanOnUpdate, GetConfigHr: 0x0, dwDisableScanOnUpdate: 0, passiveMode: 0, killbit: 0 2026-02-03T19:25:12.149 UpdateEngine finished with 0: Source: 1, szUpdateDirectory: C:\Windows\Temp\5672D40A-BFCD-4447-A2AC-251FA7A9F8D5253c.1dc9542c1340765 2026-02-03T19:25:12.151 Process scan (postsignatureupdatescan) started. 2026-02-03T19:25:12.165 [TP] State change. FeatureAvialable: False, NewState: 0x2, OldState: 0x2, Scenario: Consumer, Source: Signatures, ConfigChange: Remove 2026-02-03T19:25:12.165 [TP] TP Enabled: 0, SecureConfigEnabled: 0, DisableTPExclusionBypass: 0, EnableTPExclusion via FC: 0, IsIntuneManagedDefender: 0, IsSCCMManagedDefender: 0, IsMDEAttachManagedDefender: 0, IsSCCMOnlyManagedDefender: 0, IsStrictPolicyModeEnabled: 0 (from snapshot: 0), Effective EnableTPExclusions: 0, Previous EnableTPExclusions: 0, Delayed call: 0 2026-02-03T19:25:12.260 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-03T19:25:12.260 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-03T19:25:12.260 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-03T19:25:12.260 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-03T19:25:12.260 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-03T19:25:12.373 [Engine] Engine 00007FF915216240 no longer in use. Number of active engines: 1 2026-02-03T19:25:12.373 [RTP] [RTP] FilterCommunicator object 0x00000200AE3185E0 StopCommunication (\MicrosoftMalwareProtectionPortWD, \MicrosoftMalwareProtectionVeryLowIoPortWD), threads: 8 normal, 2 very low, 0 alt, thread pool threads: 0 normal, 0 very low, 8 alt 2026-02-03T19:25:12.618 CheckProductDisabled(fWaitWSC: 0, fRemoveConfigs: 1) ... IDynamicConfig::ReportError value=BruteForceProtectionIPExclusion hr=0x8007007b IDynamicConfig::ReportError value=BruteForceProtectionStatus hr=0x8007007b IDynamicConfig::ReportError value=DisableGradualRelease hr=0x8007007b IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007b IDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000d IDynamicConfig::ReportError value=MpCampRingThrottled hr=0x8007007b IDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d IDynamicConfig::ReportError value=MpEngineRingThrottled hr=0x8007007b IDynamicConfig::ReportChange value=MpFC_EnableCommonMetricsEvents new=0 old1 IDynamicConfig::ReportChange value=MpDisableBmHealthOneDsEvent new=False oldTrue IDynamicConfig::ReportError ECS value=EnableAdsSymlinkMitigation_MpRamp hr=0x8007007b IDynamicConfig::ReportError ECS value=EnableBmProcessInfoMetastoreMaintenance_MpRamp hr=0x800700d4 IDynamicConfig::ReportError ECS value=EnableCIWorkaroundOnCFAEnabled_MpRamp hr=0x8007007b IDynamicConfig::ReportError ECS value=MdDisableResController hr=0x800700d4 IDynamicConfig::ReportError ECS value=MdTimerInitalDelay hr=0x800700d4 IDynamicConfig::ReportError ECS value=MdTimerMonitorInterval hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpCopyAcceleratorCancellableCopyState hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpDisablePropBagNotification hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpEnableNoMetaStoreProcessInfoContainer hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpEnablePurgeHipsCache hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpForceDllHostScanExeOnOpen hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpDisableResourceMonitoring hr=0x8007007b IDynamicConfig::ReportError ECS value=EnableThreatIdKeyForSigExpiry_MpRamp hr=0x800700d4 IDynamicConfig::ReportError ECS value=NIS_DisableTransportCallouts hr=0x8007007b IDynamicConfig::ReportError ECS value=MpDlpClipboardSettings hr=0x8007007b IDynamicConfig::ReportError ECS value=MpFC_SupportThreatActionDetectionOnly hr=0x8007007b IDynamicConfig::ReportChange ECS value=MpFC_EnableCommonMetricsEvents new=1 old0 IDynamicConfig::ReportChange ECS value=MpDisableBmHealthOneDsEvent new=True oldFalse 2026-02-03T19:25:12.622 [KSL] Entering CKSLEngine::EnableKSL. State: [3] 2026-02-03T19:25:12.622 [KSL] CKSLEngine::EnableKSL feature is already enabled. 2026-02-03T19:25:12.622 [KSL] Leaving CKSLEngine::EnableKsl(0). 2026-02-03T19:25:12.622 [KSL] Entering CKSLEngine::EnableKSL. State: [3] 2026-02-03T19:25:12.622 [KSL] CKSLEngine::EnableKSL feature is already enabled. 2026-02-03T19:25:12.622 [KSL] Leaving CKSLEngine::EnableKsl(0). 2026-02-03T19:25:12.624 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-03T19:25:12.624 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-03T19:25:12.624 [RTP] Duplicating the current plugin configuration object... 2026-02-03T19:25:12.624 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-03T19:25:12.624 [RTP] Updating plugin configuration due to recent config changes (0x22) ... 2026-02-03T19:25:12.624 [RTP] [RtpConfig] Config change detected, type: 4 2026-02-03T19:25:12.624 [RTP] [RtpConfig] Config change detected, type: 8 2026-02-03T19:25:12.624 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-03T19:25:12.624 [RTP] No config change detected. Not updating plugin configuration. 2026-02-03T19:25:12.624 [RTP] No config changes found. No configuration switch. 2026-02-03T19:25:12.624 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x22, Changed: 0 2026-02-03T19:25:12.624 [RTP] [RtpConfig] Config change detected, type: 1024 2026-02-03T19:25:12.624 [RTP] [RtpConfig] Config change detected, type: 2048 2026-02-03T19:25:12.624 [RTP] Setting DisableAsyncScanOnClose to 0 (hr=0). 2026-02-03T19:25:12.624 [NRI] Stopping NIS service ... 2026-02-03T19:25:12.624 [RTP] Setting DisableAsyncScanOnOpen to 0 in wdfilter (hr=0). 2026-02-03T19:25:12.624 [RTP] Setting FilterExperimentMode to 0 (hr=0). 2026-02-03T19:25:12.624 [RTP] Setting DisableDriverUnload to 1 (hr=0). 2026-02-03T19:25:12.624 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-03T19:25:12.624 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-03T19:25:12.625 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-03T19:25:12.625 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-03T19:25:12.625 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-03T19:25:12.625 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-03T19:25:12.625 [RTP] [RTP] LastAccessTimeSuppression for network files is enabled by configuration. 2026-02-03T19:25:12.625 [RTP] [RtpConfig] Config change detected, type: 64 2026-02-03T19:25:12.625 [NRI] Stopping NIS service ... 2026-02-03T19:25:12.626 [NRI] Stopping NIS service ... 2026-02-03T19:25:12.626 [NRI] Stopping NIS service ... 2026-02-03T19:25:12.627 [NRI] Stopping NIS service ... Signature updated via MicrosoftUpdateServer on 02-03-2026 19:25:12 ************************************************************ 2026-02-03T19:25:13.313 Job Notification: Process exited from job (12152) 2026-02-03T19:25:13.314 Job Notification: Process exited from job (5132) 2026-02-03T19:25:13.654 Job Notification: Process exited from job (7672) 2026-02-03T19:25:13.656 Job Notification: Process exited from job (18028) 2026-02-03T19:25:15.127 [RTP] Duplicating the current plugin configuration object... 2026-02-03T19:25:15.127 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-03T19:25:15.127 [RTP] Updating plugin configuration due to recent config changes (0x40c) ... 2026-02-03T19:25:15.127 [RTP] Calling GenerateEngineConfigStruct (0x18) ... 2026-02-03T19:25:15.127 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x40c, Changed: 0x218 2026-02-03T19:25:23.083 [Engine] RSIG_UNLOADENGINE, 00007FF915216240, err=0x0 2026-02-03T19:25:23.168 [Engine] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5F5F6786-5D8D-46F7-8DC4-718C4984D44C} removed Internal signature match:subtype=Lowfi, sigseq=0x0000157E55A4A794, sigsha=0d6df75c878ae2057e5184c1c65cd97a922b0f0b, cached=false, source=0, resourceid=0xa865ed51 Internal signature match:subtype=Lowfi, sigseq=0x00004AE7F6712C36, sigsha=d96c66db50bb3adef460233484cf124f27fd61c2, cached=false, source=0, resourceid=0x49ced1a9 Internal signature match:subtype=Lowfi, sigseq=0x0000E6E7336DF01B, sigsha=be63f9765c0dd90c9044d12b0531e6ad0a7aa965, cached=false, source=0, resourceid=0x0e132b6d 2026-02-03T19:25:54.988 Process scan (postsignatureupdatescan) completed. 2026-02-03T19:30:12.062 [RbM] Setting Last known good engine candidate. hr = 0 2026-02-03T19:32:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T19:48:00.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T20:03:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T20:18:10.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T20:33:15.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T20:48:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T21:03:25.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T21:18:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T21:33:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T21:48:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T22:03:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T22:18:50.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T22:33:55.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T22:49:00.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T23:04:05.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T23:09:30.187 Created on demand scan context for ScanType:1. ScanTrigger:55, ScanId:90033A78-EBA4-4362-8642-E0B58C94BC75, Source: MPSOURCE_SYSTEM(2), EngineSource: MP_SCANSOURCE_SCHEDULED(1) 2026-02-03T23:09:30.187 Scheduled scan with Id 90033A78-EBA4-4362-8642-E0B58C94BC75 configured CPU priority: normal (LowCpuPriority: 0) 2026-02-03T23:09:30.254 [SFC] MpCmIsBuildPermissible(1) returns S_OK. Start SFC build. 2026-02-03T23:09:30.254 [SFC] System file cache build is not needed (already completed) Internal signature match:subtype=Lowfi, sigseq=0x0000E6E7336DF01B, sigsha=be63f9765c0dd90c9044d12b0531e6ad0a7aa965, cached=false, source=0, resourceid=0x0e132b6d Internal signature match:subtype=Lowfi, sigseq=0x00001080BD474309, sigsha=12dcaa1fa061982b60965c79a12b1fa9857cd220, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x000010806C1FBEBC, sigsha=62d527f22a73e99676b1b698fda24d54631bc5e6, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x000010807F33016C, sigsha=3969d92ccecc920f2b38c26959c245b73df4cddd, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x00001080DCA721BD, sigsha=13bf421faa34d3dab1e680e23c46d4dcb5ca3d0a, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x00004AE7F6712C36, sigsha=d96c66db50bb3adef460233484cf124f27fd61c2, cached=false, source=0, resourceid=0xc8ebb48e 2026-02-03T23:11:37.330 Engine:Triggered AR EMS scan 2026-02-03T23:11:37.341 Engine:EMS scan for process: lsass pid: 748, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.436 Engine:EMS scan for process: svchost pid: 956, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.438 Engine:EMS scan for process: svchost pid: 980, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.451 Engine:EMS scan for process: svchost pid: 84, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.452 Engine:EMS scan for process: svchost pid: 396, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.454 Engine:EMS scan for process: svchost pid: 1048, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.460 Engine:EMS scan for process: svchost pid: 1132, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.464 Engine:EMS scan for process: svchost pid: 1164, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.466 Engine:EMS scan for process: svchost pid: 1316, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.468 Engine:EMS scan for process: svchost pid: 1324, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.469 Engine:EMS scan for process: svchost pid: 1332, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.470 Engine:EMS scan for process: svchost pid: 1340, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.471 Engine:EMS scan for process: svchost pid: 1452, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.472 Engine:EMS scan for process: svchost pid: 1476, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.473 Engine:EMS scan for process: svchost pid: 1584, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.475 Engine:EMS scan for process: svchost pid: 1612, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.476 Engine:EMS scan for process: svchost pid: 1668, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.479 Engine:EMS scan for process: svchost pid: 1732, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.480 Engine:EMS scan for process: svchost pid: 1780, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.485 Engine:EMS scan for process: svchost pid: 1788, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.486 Engine:EMS scan for process: svchost pid: 1796, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.487 Engine:EMS scan for process: svchost pid: 1912, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.489 Engine:EMS scan for process: svchost pid: 1960, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.491 Engine:EMS scan for process: svchost pid: 2020, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.499 Engine:EMS scan for process: svchost pid: 1564, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.510 Engine:EMS scan for process: svchost pid: 2068, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.514 Engine:EMS scan for process: svchost pid: 2144, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.517 Engine:EMS scan for process: svchost pid: 2152, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.519 Engine:EMS scan for process: svchost pid: 2340, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.520 Engine:EMS scan for process: svchost pid: 2356, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.525 Engine:EMS scan for process: svchost pid: 2444, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.526 Engine:EMS scan for process: svchost pid: 2792, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.541 Engine:EMS scan for process: svchost pid: 2860, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.542 Engine:EMS scan for process: svchost pid: 2948, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.546 Engine:EMS scan for process: svchost pid: 2632, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.563 Engine:EMS scan for process: svchost pid: 3268, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.567 Engine:EMS scan for process: svchost pid: 3308, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.569 Engine:EMS scan for process: svchost pid: 3316, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.573 Engine:EMS scan for process: services pid: 3324, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.686 Engine:EMS scan for process: svchost pid: 3356, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.690 Engine:EMS scan for process: svchost pid: 3364, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.695 Engine:EMS scan for process: svchost pid: 3376, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.698 Engine:EMS scan for process: svchost pid: 3384, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.701 Engine:EMS scan for process: svchost pid: 3392, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.703 Engine:EMS scan for process: svchost pid: 3400, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.704 Engine:EMS scan for process: svchost pid: 3408, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.705 Engine:EMS scan for process: svchost pid: 3416, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.706 Engine:EMS scan for process: svchost pid: 3584, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.708 Engine:EMS scan for process: svchost pid: 4148, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.711 Engine:EMS scan for process: svchost pid: 4320, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.717 Engine:EMS scan for process: svchost pid: 4396, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.719 Engine:EMS scan for process: svchost pid: 4568, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.722 Engine:EMS scan for process: svchost pid: 5448, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.738 Engine:EMS scan for process: dllhost pid: 2480, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.739 Engine:EMS scan for process: svchost pid: 7148, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.741 Engine:EMS scan for process: svchost pid: 1356, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.742 Engine:EMS scan for process: svchost pid: 1084, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.745 Engine:EMS scan for process: svchost pid: 6444, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.747 Engine:EMS scan for process: svchost pid: 1924, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.748 Engine:EMS scan for process: svchost pid: 7616, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.750 Engine:EMS scan for process: svchost pid: 7768, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.758 Engine:EMS scan for process: svchost pid: 1392, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.761 Engine:EMS scan for process: svchost pid: 3504, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.764 Engine:EMS scan for process: svchost pid: 8332, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.780 Engine:EMS scan for process: svchost pid: 8168, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.782 Engine:EMS scan for process: svchost pid: 7980, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.785 Engine:EMS scan for process: svchost pid: 7700, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.787 Engine:EMS scan for process: svchost pid: 12000, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.790 Engine:EMS scan for process: svchost pid: 7692, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.793 Engine:EMS scan for process: svchost pid: 13524, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.799 Engine:EMS scan for process: dllhost pid: 12048, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.801 Engine:EMS scan for process: dllhost pid: 13580, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.802 Engine:EMS scan for process: svchost pid: 8420, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.806 Engine:EMS scan for process: svchost pid: 4716, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.811 Engine:EMS scan for process: explorer pid: 8660, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.856 Engine:EMS scan for process: svchost pid: 13208, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.861 Engine:EMS scan for process: svchost pid: 14548, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.866 Engine:EMS scan for process: explorer pid: 13548, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.881 Engine:EMS scan for process: svchost pid: 7696, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.884 Engine:EMS scan for process: svchost pid: 12648, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.886 Engine:EMS scan for process: svchost pid: 8216, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.887 Engine:EMS scan for process: explorer pid: 12260, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.903 Engine:EMS scan for process: svchost pid: 7244, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.906 Engine:EMS scan for process: svchost pid: 12008, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.911 Engine:EMS scan for process: svchost pid: 12904, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.913 Engine:EMS scan for process: svchost pid: 10416, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-03T23:11:37.916 Engine:EMS scan for process: svchost pid: 9460, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 Internal signature match:subtype=Lowfi, sigseq=0x0000157EF1BEF48F, sigsha=88199b23bf19d286f43e8f883776ee295b1669db, cached=false, source=0, resourceid=0xdb500b9d Internal signature match:subtype=Lowfi, sigseq=0x0000AAE7671D16B6, sigsha=3c5f73131fd9b5bec7ddb911a1fa2acc81ec3877, cached=false, source=0, resourceid=0x0e3a6362 Internal signature match:subtype=Lowfi, sigseq=0x0000157EF1BEF48F, sigsha=88199b23bf19d286f43e8f883776ee295b1669db, cached=false, source=0, resourceid=0xc742a477 Internal signature match:subtype=Lowfi, sigseq=0x000078E7B6D8B30B, sigsha=7e39caa16cef41cd13040adae6e049354306a445, cached=false, source=0, resourceid=0xc742a477 2026-02-03T23:15:46.822 QuickScan:ScanID:90033A78-EBA4-4362-8642-E0B58C94BC75: Quick scan finished with error 0 2026-02-03T23:15:47.382 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-03T23:15:47.382 [RTP] Duplicating the current plugin configuration object... 2026-02-03T23:15:47.382 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-03T23:15:47.382 [RTP] Updating plugin configuration due to recent config changes (0x20) ... 2026-02-03T23:15:47.382 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-03T23:15:47.382 [RTP] No config change detected. Not updating plugin configuration. 2026-02-03T23:15:47.382 [RTP] No config changes found. No configuration switch. 2026-02-03T23:15:47.382 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x20, Changed: 0 2026-02-03T23:19:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T23:34:15.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-03T23:49:20.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T00:04:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T00:19:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T00:34:35.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T00:49:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T01:04:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T01:19:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T01:34:55.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T01:50:00.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T02:05:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T02:20:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T02:35:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T02:50:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T03:05:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T03:20:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T03:35:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T03:50:40.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T04:05:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T04:20:50.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T04:35:55.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T04:51:00.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T05:06:05.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T05:21:10.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T05:36:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T05:51:20.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T06:06:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T06:21:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T06:36:35.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T06:51:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T07:06:45.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T07:21:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T07:36:55.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T07:52:00.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T08:07:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T08:22:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T08:37:15.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T08:52:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T09:07:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T09:22:30.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T09:37:35.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T09:52:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T10:07:45.388 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T10:22:50.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T10:37:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T10:53:00.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T10:56:15.991 [AutoPurge] Verification Routine tasks have started. 2026-02-04T10:56:15.991 [AutoPurge] Routine task for Cache Maintenance has started. 2026-02-04T10:56:15.992 [AutoPurge] Routine task for Cache Maintenance ... 2026-02-04T10:56:15.992 [AutoPurge] Routine task for MpSFCBuild ... 2026-02-04T10:56:15.992 [AutoPurge] MpCmIsBuildCompleted() - S_OK 2026-02-04T10:56:15.992 [AutoPurge] MpSignalMaintenanceMode ...ApplyDefenderProcessTokenTrustLableAce succeeded to set. 2026-02-04T10:56:15.999 [AutoPurge] Cleanup Routine tasks have started. 2026-02-04T10:56:17.031 Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0) 2026-02-04T10:56:17.031 [AutoPurge] Purged 0 expired detection item(s) from a total of 0. 2026-02-04T10:56:17.050 [AutoPurge] 0 expired file(s) deleted under C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store (total: 0, expiration in 86400 seconds) Beginning quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Target: Flags:65538 Start time:02-04-2026 10:56:17 Finished quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Result:0 End time:02-04-2026 10:56:17 2026-02-04T10:56:17.377 [PlatUpd] Purging orphaned platform update directories under C:\ProgramData\Microsoft\Windows Defender\Platform ... 2026-02-04T10:56:17.377 [PlatUpd] Not purging current location C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0 ... 2026-02-04T10:56:17.377 [PlatUpd] Not purging backup location C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.5-0 ... 2026-02-04T10:56:17.377 [PlatUpd] Deleting orphaned platform update directory C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25100.9008-0 ... 2026-02-04T10:56:17.378 [PlatUpd] Purging orphaned platform update directories under C:\Program Files\Windows Defender\Platform ... 2026-02-04T10:56:17.378 [AutoPurge] Cleanup Routine tasks have ended. 2026-02-04T10:56:18.652 EnsureProtectedFolderAcls(), hr = 0x0 2026-02-04T10:56:18.653 [AutoPurge] MpReinforceServiceAcls: 0 2026-02-04T10:56:18.662 [AutoPurge] Readded platform files to MOAC after ACL enforcement. hr=0 2026-02-04T10:56:18.663 [AutoPurge] SendHeartbeatTelemetryIfDue failed. hr = 0x80508015 2026-02-04T10:56:18.733 [AutoPurge] Removing expired default signature package ... 2026-02-04T10:56:20.550 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-shlwapi-legacy-l1-1-0.dll", hr=0x0 2026-02-04T10:56:20.811 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\pcat\pt-br\memtest.exe.mui", hr=0x0 2026-02-04T10:56:26.499 Job Notification: New process added to job (18064) 2026-02-04T10:56:29.295 Engine:Setting original file name "memdiag.exe" for "c:\windows\winsxs\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.17763.107_sv-se_1b4fcd368d229221\memtest.exe.mui", hr=0x0 2026-02-04T10:56:37.325 Engine:Setting original file name "MSIDENT.DLL.MUI" for "c:\windows\system32\en-us\msidntld.dll.mui", hr=0x0 2026-02-04T10:56:38.203 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-interlocked-l1-1-0.dll", hr=0x0 2026-02-04T10:56:38.755 Engine:Setting original file name "Windows SDK" for "c:\windows\system32\winmetadata\windows.services.winmd", hr=0x0 2026-02-04T10:56:40.040 Job Notification: Process exited from job (18064) 2026-02-04T10:56:40.865 [AutoPurge] Verification Routine tasks have ended. 2026-02-04T10:56:43.488 Engine:Setting original file name "WIADSS DLL" for "c:\windows\syswow64\en-us\wiadss.dll.mui", hr=0x0 2026-02-04T10:56:43.984 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\pcat\fi-fi\memtest.exe.mui", hr=0x0 2026-02-04T10:56:48.538 Engine:Setting original file name ""MTF.DYNLINK"" for "c:\windows\winsxs\amd64_microsoft-windows-mtf_31bf3856ad364e35_10.0.17763.7919_none_f5cf7ad52d5df808\mtf.dll", hr=0x0 2026-02-04T10:56:50.779 Engine:Setting original file name "outllibr.dll" for "c:\program files\microsoft office\root\office16\outllibr.common.dll", hr=0x0 2026-02-04T10:56:59.990 Engine:Setting original file name "Audio_DiagPackage.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-a..iagnostic.resources_31bf3856ad364e35_10.0.17763.1_en-us_07405ada24951d3a\diagpackage.dll.mui", hr=0x0 2026-02-04T10:57:00.332 Engine:Setting original file name "ir41_32.ax.mui" for "c:\windows\winsxs\x86_microsoft-windows-i..o4-codecs.resources_31bf3856ad364e35_10.0.17763.1_en-us_92a66f78f66fddfc\ir41_32original.dll.mui", hr=0x0 2026-02-04T10:57:00.615 Engine:Setting original file name "Adobe PDF Toolbar for IE" for "c:\program files\common files\adobe\acrobat\wcieactivex\dc\acroiefavclient.dll", hr=0x0 2026-02-04T10:57:03.571 Engine:Setting original file name "DeviceCategories.dll" for "c:\windows\syswow64\ddores.dll", hr=0x0 2026-02-04T10:57:04.234 Engine:Setting original file name "SharedPC.CredentialProvider.dll.MUI" for "c:\windows\winsxs\amd64_microsoft-windows-s..lprovider.resources_31bf3856ad364e35_10.0.17763.1_en-us_dee4accf766e94d4\windows.sharedpc.credentialprovider.dll.mui", hr=0x0 2026-02-04T10:57:04.330 Engine:Setting original file name "AppSharingChromeHookController.exe" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\appsharinghookcontroller.exe", hr=0x0 2026-02-04T10:57:05.101 Engine:Setting original file name "msvcr100_clr0400.dll" for "c:\windows\syswow64\msvcr100.dll", hr=0x0 2026-02-04T10:57:05.544 Engine:Setting original file name "RasCredProv" for "c:\windows\winsxs\wow64_microsoft-windows-rasplap-mui.resources_31bf3856ad364e35_10.0.17763.1_en-us_8b7b75796fafa195\rasplap.dll.mui", hr=0x0 2026-02-04T10:57:06.492 Engine:Setting original file name "WMIC.exe" for "c:\windows\system32\wbem\wmic.exe", hr=0x0 2026-02-04T10:57:12.244 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-security-base-l1-1-0.dll", hr=0x0 2026-02-04T10:57:16.266 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-realtime-l1-1-0.dll", hr=0x0 2026-02-04T10:57:16.423 Engine:Setting original file name "aero.msstyles" for "c:\windows\resources\themes\aero\aerolite.msstyles", hr=0x0 2026-02-04T10:57:16.514 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\pcat\de-de\memtest.exe.mui", hr=0x0 2026-02-04T10:57:17.486 Engine:Setting original file name "WLRMNDR.EXE" for "c:\windows\system32\wlrmdr.exe", hr=0x0 2026-02-04T10:57:19.323 Engine:Setting original file name "hiberrsm.exe" for "c:\windows\system32\boot\en-us\winresume.efi.mui", hr=0x0 2026-02-04T10:57:20.755 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\de-de\memtest.efi.mui", hr=0x0 2026-02-04T10:57:21.383 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_6208593b31ff9592\api-ms-win-security-lsapolicy-l1-1-0.dll", hr=0x0 2026-02-04T10:57:21.735 Engine:Setting original file name "hiberrsm.exe" for "c:\windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.17763.8146_none_a8cce3593e637340\winresume.exe", hr=0x0 2026-02-04T10:57:21.754 Engine:Setting original file name "dcficons.exe" for "c:\program files\microsoft office\root\vfs\windows\installer\{90160000-000f-0000-1000-0000000ff1ce}\dbcicons.exe", hr=0x0 2026-02-04T10:57:22.010 Engine:Setting original file name "LicensingWinRuntime.dll" for "c:\windows\winsxs\amd64_microsoft-windows-security-spp-ux_31bf3856ad364e35_10.0.17763.7919_none_a90e016670d2a7af\licensingwinrt.dll", hr=0x0 2026-02-04T10:57:23.003 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-comm-l1-1-0.dll", hr=0x0 2026-02-04T10:57:24.247 Engine:Setting original file name "Microsoft.JScript.dll" for "c:\windows\winsxs\x86_netfx-scripting_engine_tlb_b03f5f7f11d50a3a_10.0.17763.1_none_71a956c570486d6b\microsoft.jscript.tlb", hr=0x0 2026-02-04T10:57:25.608 Engine:Setting original file name "PresentationNative" for "c:\manager\licence\bin\presentationnative_cor3.dll", hr=0x0 2026-02-04T10:57:26.235 Engine:Setting original file name "dpmodemx.dll" for "c:\windows\syswow64\dplaysvr.exe", hr=0x0 2026-02-04T10:57:26.893 Engine:Setting original file name "lhdfrgui.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-d..g-adminui.resources_31bf3856ad364e35_10.0.17763.1_en-us_a91c08b0bd0d09ea\dfrgui.exe.mui", hr=0x0 2026-02-04T10:57:27.017 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.media.winmd", hr=0x0 2026-02-04T10:57:27.427 Engine:Setting original file name "msfltr32.acm" for "c:\windows\winsxs\amd64_microsoft-windows-audio-mmecore-acm_31bf3856ad364e35_10.0.17763.1_none_d1ab73043932dad7\msacm32.dll", hr=0x0 2026-02-04T10:57:28.583 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-crt-filesystem-l1-1-0.dll", hr=0x0 2026-02-04T10:57:29.599 Engine:Setting original file name "gdi32" for "c:\windows\syswow64\gdi32full.dll", hr=0x0 2026-02-04T10:57:32.944 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-kernel32-private-l1-1-0.dll", hr=0x0 2026-02-04T10:57:36.419 Engine:Setting original file name "setup" for "c:\users\administrator\downloads\programs\python-3.12.1-amd64.exe", hr=0x0 2026-02-04T10:57:37.476 Engine:Setting original file name "dpmodemx.dll" for "c:\windows\syswow64\dpnaddr.dll", hr=0x0 2026-02-04T10:57:38.198 Engine:Setting original file name "System.Drawing.dll" for "c:\windows\microsoft.net\framework64\v2.0.50727\system.drawing.tlb", hr=0x0 2026-02-04T10:57:38.457 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.perception.winmd", hr=0x0 2026-02-04T10:57:39.339 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-datetime-l1-1-1.dll", hr=0x0 2026-02-04T10:57:39.430 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.security.winmd", hr=0x0 2026-02-04T10:57:39.800 Engine:Setting original file name "RRASUPG.DLL" for "c:\windows\winsxs\amd64_microsoft-windows-rasserver_31bf3856ad364e35_10.0.17763.8024_none_f9585f663982f226\rasmigplugin.dll", hr=0x0 2026-02-04T10:57:40.486 Engine:Setting original file name "osloader.exe" for "c:\windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.17763.8146_none_a8cce3593e637340\winload.exe", hr=0x0 2026-02-04T10:57:42.816 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-heap-obsolete-l1-1-0.dll", hr=0x0 2026-02-04T10:57:43.369 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-threadpool-private-l1-1-0.dll", hr=0x0 2026-02-04T10:57:43.391 Engine:Setting original file name "Video_DiagPackage.dll.mui" for "c:\windows\diagnostics\system\video\en-us\diagpackage.dll.mui", hr=0x0 2026-02-04T10:57:45.733 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-io-l1-1-0.dll", hr=0x0 2026-02-04T10:57:47.252 Engine:Setting original file name "WEXTRACT.EXE .MUI" for "c:\windows\winsxs\amd64_microsoft-windows-ie-iexpress.resources_31bf3856ad364e35_11.0.17763.1_en-us_483cea70e7d68328\wextract.exe.mui", hr=0x0 2026-02-04T10:57:48.503 Engine:Setting original file name "msdxm.ocx" for "c:\windows\system32\dxmasf.dll", hr=0x0 2026-02-04T10:57:48.770 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\api-ms-win-crt-heap-l1-1-0.dll", hr=0x0 2026-02-04T10:57:49.590 Engine:Setting original file name "UccApp.dll" for "c:\program files\microsoft office\root\office16\uccapi.dll", hr=0x0 2026-02-04T10:57:51.302 Engine:Setting original file name "unpnhost.dll.mui" for "c:\windows\system32\en-us\upnphost.dll.mui", hr=0x0 2026-02-04T10:57:51.672 Engine:Setting original file name "mp4sdmod.dll" for "c:\windows\winsxs\amd64_microsoft-windows-mp4sdecd_31bf3856ad364e35_10.0.17763.7919_none_5c34cb3f3f29a7ed\mp4sdecd.dll", hr=0x0 2026-02-04T10:57:53.006 Engine:Setting original file name "UNKNOWN_FILE" for "c:\windows\winsxs\amd64_netfx4-scripting_engine_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_28bfff5fa28f873e\microsoft.jscript.tlb", hr=0x0 2026-02-04T10:57:55.296 Engine:Setting original file name "mscordaccore.dll" for "c:\users\administrator\downloads\compressed\managerserver\mscordaccore_amd64_amd64_8.0.624.26715.dll", hr=0x0 2026-02-04T10:57:55.507 Engine:Setting original file name "Tally Setup" for "c:\program files\tallyprimeeditlog (3)\setup.exe", hr=0x0 2026-02-04T10:57:55.616 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-libraryloader-l1-1-0.dll", hr=0x0 2026-02-04T10:57:57.116 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-eventing-legacy-l1-1-0.dll", hr=0x0 2026-02-04T10:58:00.879 Engine:Setting original file name "audioepb.dll.mui" for "c:\windows\system32\en-us\audioendpointbuilder.dll.mui", hr=0x0 2026-02-04T10:58:00.943 Engine:Setting original file name "ImagingDevices.cpl.mui" for "c:\windows\winsxs\x86_microsoft-windows-i..trolpanel.resources_31bf3856ad364e35_10.0.17763.1_en-us_6bdc508f71f0f023\imagingdevices.exe.mui", hr=0x0 2026-02-04T10:58:02.095 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-timezone-l1-1-0.dll", hr=0x0 2026-02-04T10:58:02.891 Engine:Setting original file name "penusa.dll" for "c:\program files (x86)\common files\microsoft shared\ink\penchs.dll", hr=0x0 2026-02-04T10:58:03.336 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-errorhandling-l1-1-0.dll", hr=0x0 2026-02-04T10:58:03.641 Engine:Setting original file name "MSVidCtl" for "c:\windows\system32\en-us\msvidctl.dll.mui", hr=0x0 2026-02-04T10:58:03.794 Engine:Setting original file name "sbscmp10.dll" for "c:\windows\winsxs\x86_netfx-sbs_sys_enterprisesvc_dll_31bf3856ad364e35_10.0.17763.1_none_f5d0a7ecc59d9f58\sbs_system.enterpriseservices.dll", hr=0x0 2026-02-04T10:58:03.916 Engine:Setting original file name "Windows SDK" for "c:\windows\system32\winmetadata\windows.media.winmd", hr=0x0 2026-02-04T10:58:04.400 Engine:Setting original file name "TARGET_NAME.dll" for "c:\program files\microsoft office\root\office16\cpprestsdk.dll", hr=0x0 2026-02-04T10:58:04.786 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-file-l1-2-1.dll", hr=0x0 2026-02-04T10:58:06.138 Engine:Setting original file name "powershell.exe" for "c:\windows\system32\windowspowershell\v1.0\powershell.exe", hr=0x0 2026-02-04T10:58:07.869 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-eventing-classicprovider-l1-1-0.dll", hr=0x0 2026-02-04T10:58:08.606 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-registry-l2-1-0.dll", hr=0x0 2026-02-04T10:58:08.745 Engine:Setting original file name "SensorsPerformanceEvents.dll.mui" for "c:\windows\system32\en-us\sensorperformanceevents.dll.mui", hr=0x0 2026-02-04T10:58:08.901 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-threadpool-l1-2-0.dll", hr=0x0 2026-02-04T10:58:08.938 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-memory-l1-1-1.dll", hr=0x0 2026-02-04T10:58:09.039 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\api-ms-win-core-file-l2-1-0.dll", hr=0x0 2026-02-04T10:58:09.515 Engine:Setting original file name "LODCTR.DLL.MUI" for "c:\windows\winsxs\amd64_microsoft-windows-p..xecutable.resources_31bf3856ad364e35_10.0.17763.1_en-us_5a008fb4bc58faa4\loadperf.dll.mui", hr=0x0 2026-02-04T10:58:11.558 Engine:Setting original file name "empty" for "c:\manager\licence\bin\clrcompression.dll", hr=0x0 2026-02-04T10:58:13.160 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-memory-l1-1-2.dll", hr=0x0 2026-02-04T10:58:13.505 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-fibers-l1-1-0.dll", hr=0x0 2026-02-04T10:58:14.316 Engine:Setting original file name "Microsoft® Windows® Operating System" for "c:\windows\system32\aitstatic.exe", hr=0x0 2026-02-04T10:58:16.248 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-io-l1-1-0.dll", hr=0x0 2026-02-04T10:58:17.581 Engine:Setting original file name "MSCOREE.DLL" for "c:\windows\winsxs\amd64_netfx-mscoree_tlb_b03f5f7f11d50a3a_10.0.17763.1_none_57db62d5ffb05363\mscoree.tlb", hr=0x0 2026-02-04T10:58:17.766 Engine:Setting original file name "setup" for "c:\programdata\package cache\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}\vc_redist.x86.exe", hr=0x0 2026-02-04T10:58:17.850 Engine:Setting original file name "System.EnterpriseServices.dll" for "c:\windows\winsxs\amd64_netfx4-system_enterpriseservices_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_18a048c882317d25\system.enterpriseservices.tlb", hr=0x0 2026-02-04T10:58:18.634 Engine:Setting original file name "targetmgr" for "c:\windows\winsxs\amd64_microsoft-windows-f..targetmgr.resources_31bf3856ad364e35_10.0.17763.1_en-us_61e66740e8f216f5\targetmgr.exe.mui", hr=0x0 2026-02-04T10:58:19.330 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-c..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_c8bf93a1ea0d4b2f\api-ms-win-core-com-l1-1-0.dll", hr=0x0 2026-02-04T10:58:20.059 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\it-it\memtest.efi.mui", hr=0x0 2026-02-04T10:58:20.344 Engine:Setting original file name "KMDDSP.TSP.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-rasbase.resources_31bf3856ad364e35_10.0.17763.1_en-us_4edd7b2b0dcac8a6_kmddsp.tsp.mui_80ddeedb", hr=0x0 2026-02-04T10:58:21.123 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.devices.winmd", hr=0x0 2026-02-04T10:58:21.255 Engine:Setting original file name "BCP47Lang.dll" for "c:\windows\system32\bcp47langs.dll", hr=0x0 2026-02-04T10:58:22.521 Engine:Setting original file name "HeidiSQL" for "c:\program files (x86)\common files\mariadbshared\heidisql\heidisql.exe", hr=0x0 2026-02-04T10:58:23.577 Engine:Setting original file name "git.exe" for "c:\program files\git\cmd\git-gui.exe", hr=0x0 2026-02-04T10:58:24.669 Engine:Setting original file name "Windows.Internal.ShellCommon.DevicePairingExperienceMEM.dll.MUI" for "c:\windows\system32\en-us\devicepairingexperiencemem.dll.mui", hr=0x0 2026-02-04T10:58:24.709 Engine:Setting original file name "winsqlite3" for "c:\windows\system32\winsqlite3.dll", hr=0x0 2026-02-04T10:58:25.965 Engine:Setting original file name "System.Drawing.dll" for "c:\windows\microsoft.net\framework\v2.0.50727\system.drawing.tlb", hr=0x0 2026-02-04T10:58:28.181 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\zh-tw\msprivs.dll.mui", hr=0x0 2026-02-04T10:58:29.745 Engine:Setting original file name "bootres" for "c:\windows\winsxs\amd64_microsoft-windows-bootres.resources_31bf3856ad364e35_10.0.17763.1_en-us_d28b5274aecae1e5\bootres.dll.mui", hr=0x0 2026-02-04T10:58:31.157 Engine:Setting original file name "Windows SDK" for "c:\windows\system32\winmetadata\windows.storage.winmd", hr=0x0 2026-02-04T10:58:32.452 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\zh-cn\memtest.efi.mui", hr=0x0 2026-02-04T10:58:32.466 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-timezone-l1-1-0.dll", hr=0x0 2026-02-04T10:58:33.478 Engine:Setting original file name "DeviceCategories.dll" for "c:\windows\system32\ddores.dll", hr=0x0 2026-02-04T10:58:33.733 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-url-l1-1-0.dll", hr=0x0 2026-02-04T10:58:33.748 Engine:Setting original file name "PSAPI" for "c:\windows\syswow64\psapi.dll", hr=0x0 2026-02-04T10:58:33.989 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-processthreads-l1-1-2.dll", hr=0x0 2026-02-04T10:58:35.169 Engine:Setting original file name "shimconsole.exe" for "c:\program files\common files\oracle\java\javapath_target_1206494656\java.exe", hr=0x0 2026-02-04T10:58:36.489 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-xstate-l2-1-0.dll", hr=0x0 2026-02-04T10:58:40.052 Engine:Setting original file name "sens.dll.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-sens-service.resources_31bf3856ad364e35_10.0.17763.1_en-us_0607cde57a2ea2cc_sens.dll.mui_64739194", hr=0x0 2026-02-04T10:58:40.586 Engine:Setting original file name "bootstr.exe.mui" for "c:\windows\system32\en-us\bootstr.dll.mui", hr=0x0 2026-02-04T10:58:44.100 Engine:Setting original file name "Adobe PDF Toolbar for IE" for "c:\program files\common files\adobe\acrobat\wcieactivex\dc\x64\acroiefavstub.dll", hr=0x0 2026-02-04T10:58:44.147 Engine:Setting original file name "nbtinfo.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-nbtstat.resources_31bf3856ad364e35_10.0.17763.1_en-us_ac36a91c73bfce21\nbtstat.exe.mui", hr=0x0 2026-02-04T10:58:44.413 Engine:Setting original file name "NearByShareExperience.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-i..xperience.resources_31bf3856ad364e35_10.0.17763.1_en-us_eca21517d6d5f82e\microsoft-windows-internal-shell-nearshareexperience.dll.mui", hr=0x0 2026-02-04T10:58:46.295 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-processthreads-l1-1-2.dll", hr=0x0 2026-02-04T10:58:47.286 Engine:Setting original file name ""mshwLatin.dll".mui" for "c:\program files (x86)\common files\microsoft shared\ink\en-us\mshwlatin.dll.mui", hr=0x0 2026-02-04T10:58:49.771 Engine:Setting original file name "WindowsSpeakerReco.dll" for "c:\program files\microsoft office\root\office16\windowsspeakerrecosdk.dll", hr=0x0 2026-02-04T10:58:49.944 Engine:Setting original file name "WIADSS DLL" for "c:\windows\winsxs\amd64_microsoft-windows-w..aincompat.resources_31bf3856ad364e35_10.0.17763.1_en-us_42a2f01362154e35\wiadss.dll.mui", hr=0x0 2026-02-04T10:58:50.266 Engine:Setting original file name "WerMgr" for "c:\windows\system32\wermgr.exe", hr=0x0 2026-02-04T10:58:50.574 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-eventlog-legacy-l1-1-0.dll", hr=0x0 2026-02-04T10:58:51.179 Engine:Setting original file name "ScreenMagnifier.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-magnify.resources_31bf3856ad364e35_10.0.17763.1_en-us_e652eaab44cc724a\magnify.exe.mui", hr=0x0 2026-02-04T10:58:52.391 Engine:Setting original file name "MMFUtil.exe.mui" for "c:\windows\winsxs\wow64_microsoft-windows-w..t-snapins.resources_31bf3856ad364e35_10.0.17763.1_en-us_d3fb56d7d58de414\mmfutil.dll.mui", hr=0x0 2026-02-04T10:58:55.756 Engine:Setting original file name "DefaultGPOFix" for "c:\windows\winsxs\x86_microsoft-windows-g..o-restore.resources_31bf3856ad364e35_10.0.17763.1_en-us_6321be2e49b57bc1\dcgpofix.exe.mui", hr=0x0 2026-02-04T10:58:56.506 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\qps-ploc\memtest.efi.mui", hr=0x0 2026-02-04T10:58:57.782 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\fi-fi\memtest.efi.mui", hr=0x0 2026-02-04T10:58:58.634 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\office16\api-ms-win-core-localization-l1-2-0.dll", hr=0x0 2026-02-04T10:59:00.651 Engine:Setting original file name "user32" for "c:\windows\syswow64\user32.dll", hr=0x0 2026-02-04T10:59:01.463 Engine:Setting original file name "Windows.StateRepositoryBroker.dll" for "c:\windows\system32\windows.staterepositoryclient.dll", hr=0x0 2026-02-04T10:59:07.661 Engine:Setting original file name "security.dll" for "c:\windows\syswow64\sspicli.dll", hr=0x0 2026-02-04T10:59:09.766 Engine:Setting original file name "Microsoft® Windows® Operating System" for "c:\windows\winsxs\amd64_microsoft-windows-a..on-logger.resources_31bf3856ad364e35_10.0.17763.1_en-us_8a5e32c180625499\aeevts.dll.mui", hr=0x0 2026-02-04T10:59:11.922 Engine:Setting original file name "clusapi" for "c:\windows\system32\en-us\clusapi.dll.mui", hr=0x0 2026-02-04T10:59:12.383 Engine:Setting original file name "filterLib.dll" for "c:\windows\syswow64\fltlib.dll", hr=0x0 2026-02-04T10:59:16.101 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-crt-stdio-l1-1-0.dll", hr=0x0 2026-02-04T10:59:17.391 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\office16\api-ms-win-crt-private-l1-1-0.dll", hr=0x0 2026-02-04T10:59:18.822 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-synch-l1-1-0.dll", hr=0x0 2026-02-04T10:59:18.917 Engine:Setting original file name "user32" for "c:\windows\system32\user32.dll", hr=0x0 2026-02-04T10:59:18.929 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_6208593b31ff9592\api-ms-win-eventing-controller-l1-1-0.dll", hr=0x0 2026-02-04T10:59:21.343 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-shlwapi-obsolete-l1-1-0.dll", hr=0x0 2026-02-04T10:59:21.475 Engine:Setting original file name "setup" for "c:\program files\google\chrome\application\144.0.7559.112\installer\setup.exe", hr=0x0 2026-02-04T10:59:22.451 Engine:Setting original file name "netcfgx.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-tcpip.resources_31bf3856ad364e35_10.0.17763.1_en-us_bd08633e254d6a99\tcpipcfg.dll.mui", hr=0x0 2026-02-04T10:59:23.927 Engine:Setting original file name " " for "c:\program files\microsoft vs code\unins000.exe", hr=0x0 2026-02-04T10:59:24.161 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-processenvironment-l1-2-0.dll", hr=0x0 2026-02-04T10:59:24.631 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\api-ms-win-crt-multibyte-l1-1-0.dll", hr=0x0 2026-02-04T10:59:24.751 Engine:Setting original file name "Tally Setup" for "c:\program files\tallyprimeeditlog (2)\setup.exe", hr=0x0 2026-02-04T10:59:25.302 Engine:Setting original file name "MSCOREE.DLL" for "c:\windows\winsxs\x86_netfx4-mscoree_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_d337c9373f0e13b8\mscoree.tlb", hr=0x0 2026-02-04T10:59:32.181 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\nl-nl\memtest.efi.mui", hr=0x0 2026-02-04T10:59:32.603 Engine:Setting original file name "CertPKICmdlet" for "c:\windows\winsxs\amd64_microsoft.certifica..ts.native.resources_31bf3856ad364e35_10.0.17763.1_en-us_c877ddc9c9d4decb\certpkicmdlet.dll.mui", hr=0x0 2026-02-04T10:59:33.822 Engine:Setting original file name "w32time.dll.mui" for "c:\windows\system32\en-us\w32tm.exe.mui", hr=0x0 2026-02-04T10:59:36.430 Engine:Setting original file name "sbscmp10.dll" for "c:\windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.17763.1_none_fb1eb83d06e1a353\sharedreg12.dll", hr=0x0 2026-02-04T10:59:36.817 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\x86_microsoft-windows-o..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_d5c4712a21f80a67\api-ms-win-shcore-stream-l1-1-0.dll", hr=0x0 2026-02-04T10:59:37.631 Engine:Setting original file name "DWrite" for "c:\windows\system32\en-us\dwrite.dll.mui", hr=0x0 2026-02-04T10:59:39.567 Engine:Setting original file name "XLCALL.DLL" for "c:\program files\microsoft office\root\office16\xlcall32.dll", hr=0x0 2026-02-04T10:59:40.186 Engine:Setting original file name ""EventTracingManagement.dll".mui" for "c:\windows\winsxs\amd64_microsoft-windows-e..2provider.resources_31bf3856ad364e35_10.0.17763.1_en-us_4338e3bad64c10c7\eventtracingmanagement.dll.mui", hr=0x0 2026-02-04T10:59:40.709 Engine:Setting original file name "Windows SDK" for "c:\windows\system32\winmetadata\windows.data.winmd", hr=0x0 2026-02-04T10:59:42.143 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-file-l2-1-1.dll", hr=0x0 2026-02-04T10:59:44.222 Engine:Setting original file name "libssl" for "c:\program files (x86)\internet download manager\libssl.dll", hr=0x0 2026-02-04T10:59:44.892 Engine:Setting original file name "sqlaccess" for "c:\windows\winsxs\amd64_microsoft-windows-wid_31bf3856ad364e35_10.0.17763.1_none_9870f12fb40ec83a\sqlaccess.dll", hr=0x0 2026-02-04T10:59:44.988 Engine:Setting original file name "MFC40.DLL.MUI" for "c:\windows\syswow64\en-us\mfc40u.dll.mui", hr=0x0 2026-02-04T10:59:45.092 Engine:Setting original file name "idmmzcc.dll" for "c:\program files (x86)\internet download manager\idmmzcc7_64.dll", hr=0x0 2026-02-04T10:59:45.175 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-debug-l1-1-1.dll", hr=0x0 2026-02-04T10:59:46.173 Engine:Setting original file name "URLRedirection.dll" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\urlredir.dll", hr=0x0 2026-02-04T10:59:46.229 Engine:Setting original file name "penusa.dll" for "c:\program files (x86)\common files\microsoft shared\ink\pipres.dll", hr=0x0 2026-02-04T10:59:46.758 Engine:Setting original file name "MSACC9.OLB" for "c:\program files\microsoft office\root\office16\msacc.olb", hr=0x0 2026-02-04T10:59:48.880 Engine:Setting original file name "Apphelp" for "c:\windows\winsxs\backup\wow64_microsoft-windows-a..structure.resources_31bf3856ad364e35_10.0.17763.1_en-us_f342dcde232b0063_apphelp.dll.mui_59096153", hr=0x0 2026-02-04T10:59:49.130 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_6208593b31ff9592\api-ms-win-security-cryptoapi-l1-1-0.dll", hr=0x0 2026-02-04T10:59:49.899 Engine:Setting original file name "imapi.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-i..egacyshim.resources_31bf3856ad364e35_10.0.17763.1_en-us_143a195f713bf014\imapi.dll.mui", hr=0x0 2026-02-04T10:59:50.678 Engine:Setting original file name "TSSignTool.exe.mui" for "c:\windows\system32\en-us\rdpsign.exe.mui", hr=0x0 2026-02-04T10:59:51.407 Engine:Setting original file name "msvcr100_clr0400.dll" for "c:\windows\system32\msvcr100.dll", hr=0x0 2026-02-04T10:59:54.653 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\office16\api-ms-win-core-processthreads-l1-1-1.dll", hr=0x0 2026-02-04T10:59:55.786 Engine:Setting original file name "Microsoft.Vsa.dll" for "c:\windows\microsoft.net\framework64\v2.0.50727\microsoft.vsa.tlb", hr=0x0 2026-02-04T10:59:56.632 Engine:Setting original file name "filterLib.dll.mui" for "c:\windows\system32\en-us\fltlib.dll.mui", hr=0x0 2026-02-04T10:59:57.253 Engine:Setting original file name ""TextInputFramework.DYNLINK"" for "c:\windows\system32\textinputframework.dll", hr=0x0 2026-02-04T10:59:57.520 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-processthreads-l1-1-1.dll", hr=0x0 2026-02-04T11:00:00.861 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-eventing-controller-l1-1-0.dll", hr=0x0 2026-02-04T11:00:01.149 Engine:Setting original file name "PCW_DiagPackage.dll.mui" for "c:\windows\diagnostics\system\pcw\en-us\diagpackage.dll.mui", hr=0x0 2026-02-04T11:00:04.842 Engine:Setting original file name "WUDFHost.exe.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-d..-usermode.resources_31bf3856ad364e35_10.0.17763.1_en-us_b7aa707aafd4e071_wudfhost.exe.mui_1fc689ff", hr=0x0 2026-02-04T11:00:05.348 Engine:Setting original file name "git.exe" for "c:\program files\git\cmd\scalar.exe", hr=0x0 2026-02-04T11:00:05.750 Engine:Setting original file name "sbscmp10.dll" for "c:\windows\winsxs\x86_netfx-sbs_mscorrc_dll_31bf3856ad364e35_10.0.17763.1_none_36012ac10d1b059e\sbs_mscorrc.dll", hr=0x0 2026-02-04T11:00:06.179 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\office16\api-ms-win-crt-stdio-l1-1-0.dll", hr=0x0 2026-02-04T11:00:06.772 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-service-management-l1-1-0.dll", hr=0x0 2026-02-04T11:00:07.078 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-delayload-l1-1-0.dll", hr=0x0 2026-02-04T11:00:08.179 Engine:Setting original file name "evcreate.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-eventcreate.resources_31bf3856ad364e35_10.0.17763.1_en-us_093c3fa01f64dd5f\eventcreate.exe.mui", hr=0x0 2026-02-04T11:00:15.625 Engine:Setting original file name "MSPPT12.OLB" for "c:\program files\microsoft office\root\office16\msppt.olb", hr=0x0 2026-02-04T11:00:17.755 Engine:Setting original file name "MrmCore.dll" for "c:\windows\syswow64\mrmcorer.dll", hr=0x0 2026-02-04T11:00:17.771 Engine:Setting original file name "penusa.dll" for "c:\program files (x86)\common files\microsoft shared\ink\skchobj.dll", hr=0x0 2026-02-04T11:00:19.592 Engine:Setting original file name "CLEANMGR.DLL.MUI" for "c:\windows\system32\en-us\cleanmgr.exe.mui", hr=0x0 2026-02-04T11:00:19.993 Engine:Setting original file name "Android Studio" for "c:\program files\android\android studio\uninstall.exe", hr=0x0 2026-02-04T11:00:21.080 Engine:Setting original file name "ServDeps.exe.mui" for "c:\windows\winsxs\wow64_microsoft-windows-w..t-snapins.resources_31bf3856ad364e35_10.0.17763.1_en-us_d3fb56d7d58de414\servdeps.dll.mui", hr=0x0 2026-02-04T11:00:25.163 Engine:Setting original file name "AppVEntSubsystems.dll" for "c:\windows\syswow64\appventsubsystems32.dll", hr=0x0 2026-02-04T11:00:25.432 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-profile-l1-1-0.dll", hr=0x0 2026-02-04T11:00:28.786 Engine:Setting original file name ".NET Host Policy - 5.0.0" for "c:\manager\licence\bin\hostpolicy.dll", hr=0x0 2026-02-04T11:00:29.310 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-handle-l1-1-0.dll", hr=0x0 2026-02-04T11:00:29.504 Engine:Setting original file name "oledsldp" for "c:\windows\system32\en-us\adsmsext.dll.mui", hr=0x0 2026-02-04T11:00:29.678 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-memory-l1-1-2.dll", hr=0x0 2026-02-04T11:00:29.801 Engine:Setting original file name "VpnSohDesktop.dll.mui" for "c:\windows\system32\en-us\windows.perception.stub.dll.mui", hr=0x0 2026-02-04T11:00:29.841 Engine:Setting original file name "CertCli" for "c:\windows\system32\en-us\certcli.dll.mui", hr=0x0 2026-02-04T11:00:32.502 Engine:Setting original file name "iccvid.drv.mui" for "c:\windows\syswow64\en-us\iccvid.dll.mui", hr=0x0 2026-02-04T11:00:32.769 Engine:Setting original file name "setup" for "c:\programdata\package cache\{e7a7b1c1-36dd-4cae-bfcb-8bc676ab68c3}\powershell-7.5.4-win-x64.exe", hr=0x0 2026-02-04T11:00:32.799 Engine:Setting original file name "mavinject64.exe" for "c:\windows\system32\mavinject.exe", hr=0x0 2026-02-04T11:00:32.936 Engine:Setting original file name "AppVEntSubsystems.dll" for "c:\windows\system32\appventsubsystems64.dll", hr=0x0 2026-02-04T11:00:33.305 Engine:Setting original file name "winsqlite3" for "c:\windows\winsxs\wow64_microsoft-windows-winsqlite3_31bf3856ad364e35_10.0.17763.5696_none_6e26d5082fb1d30b\winsqlite3.dll", hr=0x0 2026-02-04T11:00:34.508 Engine:Setting original file name "audioadg.exe.mui" for "c:\windows\system32\en-us\audiodg.exe.mui", hr=0x0 2026-02-04T11:00:34.703 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.data.winmd", hr=0x0 2026-02-04T11:00:35.684 Engine:Setting original file name "FX_VER_INTERNALNAME_STR" for "c:\manager\licence\bin\mscorrc.dll", hr=0x0 2026-02-04T11:00:37.550 Engine:Setting original file name "GitHub Desktop" for "c:\users\administrator\appdata\local\githubdesktop\githubdesktop.exe", hr=0x0 2026-02-04T11:00:37.694 Engine:Setting original file name "MSCORLIB.DLL" for "c:\windows\winsxs\x86_netfx4-mscorlib_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_53015c3aad4760ed\mscorlib.tlb", hr=0x0 2026-02-04T11:00:39.056 Engine:Setting original file name "dxmasf.dll" for "c:\windows\syswow64\msdxm.ocx", hr=0x0 2026-02-04T11:00:40.770 Engine:Setting original file name "gprslt.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-g..linetools.resources_31bf3856ad364e35_10.0.17763.1_en-us_84d8c08cfe8bdc4e\gpresult.exe.mui", hr=0x0 2026-02-04T11:00:42.429 Engine:Setting original file name "SSystemPropertiesProtection.EXE.MUI" for "c:\windows\system32\en-us\systempropertiesprotection.exe.mui", hr=0x0 2026-02-04T11:00:42.587 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-datetime-l1-1-1.dll", hr=0x0 2026-02-04T11:00:43.927 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\api-ms-win-crt-filesystem-l1-1-0.dll", hr=0x0 2026-02-04T11:00:44.007 Engine:Setting original file name "UNKNOWN_FILE" for "c:\windows\winsxs\x86_netfx-sys_windows_forms_tlb_b03f5f7f11d50a3a_10.0.17763.1_none_54001bc1d6d8ab30\system.windows.forms.tlb", hr=0x0 2026-02-04T11:00:45.346 Engine:Setting original file name "mpg4dmod.dll" for "c:\windows\system32\mp43decd.dll", hr=0x0 2026-02-04T11:00:46.476 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-sysinfo-l1-2-0.dll", hr=0x0 2026-02-04T11:00:46.705 Engine:Setting original file name "WMIC.exe" for "c:\windows\winsxs\wow64_microsoft-windows-w..ommand-line-utility_31bf3856ad364e35_10.0.17763.1_none_9cc4699659612012\wmic.exe", hr=0x0 2026-02-04T11:00:47.225 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-shutdown-l1-1-0.dll", hr=0x0 2026-02-04T11:00:49.125 Engine:Setting original file name "ndisimplatwmi.DLL.MUI" for "c:\windows\syswow64\wbem\en-us\ndisimplatcim.dll.mui", hr=0x0 2026-02-04T11:00:49.743 Engine:Setting original file name "mscordaccore.dll" for "c:\users\administrator\downloads\compressed\managerserver-win-x64_10\mscordaccore_amd64_amd64_8.0.724.31311.dll", hr=0x0 2026-02-04T11:00:49.956 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-stringansi-l1-1-0.dll", hr=0x0 2026-02-04T11:00:51.038 Engine:Setting original file name "KSLDriver.sys" for "c:\windows\system32\mpenginestore\mpksldrv.sys", hr=0x0 2026-02-04T11:00:52.627 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\pt-br\msprivs.dll.mui", hr=0x0 2026-02-04T11:00:54.482 Engine:Setting original file name "Tally Setup" for "c:\program files\tallyprimeeditlog (1)\setup.exe", hr=0x0 2026-02-04T11:00:54.989 Engine:Setting original file name "SaveAsWebVML.vsl" for "c:\program files\microsoft office\root\office16\savwbras.dll", hr=0x0 2026-02-04T11:00:55.514 Engine:Setting original file name "msedgeupdate.dll" for "c:\program files (x86)\microsoft\edgeupdate\1.3.217.3\psmachine_64.dll", hr=0x0 2026-02-04T11:00:56.686 Engine:Setting original file name "devinfoset.DLL" for "c:\windows\syswow64\devobj.dll", hr=0x0 2026-02-04T11:00:56.735 Engine:Setting original file name "Ribbons" for "c:\windows\winsxs\amd64_microsoft-windows-ribbons.resources_31bf3856ad364e35_10.0.17763.1_en-us_ec3052a9df5f4b2c\ribbons.scr.mui", hr=0x0 2026-02-04T11:01:02.455 Engine:Setting original file name "Mystify" for "c:\windows\winsxs\amd64_microsoft-windows-mystify.resources_31bf3856ad364e35_10.0.17763.1_en-us_3eaef1343edc066c\mystify.scr.mui", hr=0x0 2026-02-04T11:01:03.162 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-memory-l1-1-0.dll", hr=0x0 2026-02-04T11:01:05.024 Engine:Setting original file name "SETUP.EXE.MUI" for "c:\windows\syswow64\en-us\setup16.exe.mui", hr=0x0 2026-02-04T11:01:05.899 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-xstate-l1-1-0.dll", hr=0x0 2026-02-04T11:01:07.207 Engine:Setting original file name "FontCacheService" for "c:\windows\system32\en-us\fntcache.dll.mui", hr=0x0 2026-02-04T11:01:09.011 Engine:Setting original file name "BITS_DiagPackage.dll.mui" for "c:\windows\diagnostics\system\bits\en-us\diagpackage.dll.mui", hr=0x0 2026-02-04T11:01:13.634 Engine:Setting original file name "SOA1000.DLL" for "c:\program files\microsoft office\root\office16\soa.dll", hr=0x0 2026-02-04T11:01:13.882 Engine:Setting original file name "MPRDIM.DLL.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-rasserver.resources_31bf3856ad364e35_10.0.17763.1_en-us_6c06fe2b1464c7cc_mprdim.dll.mui_11b5ef08", hr=0x0 2026-02-04T11:01:14.401 Engine:Setting original file name "msvcr100_clr0400.dll" for "c:\program files\microsoft office\root\vfs\system\msvcr100.dll", hr=0x0 2026-02-04T11:01:15.184 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-localization-obsolete-l1-2-0.dll", hr=0x0 2026-02-04T11:01:15.684 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-crt-private-l1-1-0.dll", hr=0x0 2026-02-04T11:01:18.873 Engine:Setting original file name "memdiag.exe" for "c:\windows\winsxs\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.17763.107_ru-ru_7f54e2c195f987c6\memtest.exe.mui", hr=0x0 2026-02-04T11:01:19.122 Engine:Setting original file name "MSJINT40.DLL" for "c:\windows\syswow64\en-us\msjint40.dll.mui", hr=0x0 2026-02-04T11:01:20.427 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\el-gr\msprivs.dll.mui", hr=0x0 2026-02-04T11:01:21.318 Engine:Setting original file name "MediumIL" for "c:\program files (x86)\internet download manager\mediumilstart.exe", hr=0x0 2026-02-04T11:01:21.635 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-crt-conio-l1-1-0.dll", hr=0x0 2026-02-04T11:01:22.902 Engine:Setting original file name "CMMIGR.DLL" for "c:\windows\syswow64\setup\pbkmigr.dll", hr=0x0 2026-02-04T11:01:23.334 Engine:Setting original file name "digsig32.dll" for "c:\program files\microsoft office\root\office16\exsec32.dll", hr=0x0 2026-02-04T11:01:24.431 Engine:Setting original file name "DeviceCategories.dll.mui" for "c:\windows\system32\en-us\ddores.dll.mui", hr=0x0 2026-02-04T11:01:24.844 Engine:Setting original file name "EtwEseProviderResources" for "c:\windows\winsxs\wow64_microsoft-etw-ese.resources_31bf3856ad364e35_10.0.17763.1_en-us_ef6d6d2b6c07370c\etweseproviderresources.dll.mui", hr=0x0 2026-02-04T11:01:29.274 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-processenvironment-l1-2-0.dll", hr=0x0 2026-02-04T11:01:31.714 Engine:Setting original file name "WUDFPf.sys.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-d..-usermode.resources_31bf3856ad364e35_10.0.17763.1_en-us_b7aa707aafd4e071_wudfpf.sys.mui_f61e9e86", hr=0x0 2026-02-04T11:01:32.369 Engine:Setting original file name "TSThemeS.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-t..ces-theme.resources_31bf3856ad364e35_10.0.17763.1_en-us_c2c2ce7a9a17fba3\tstheme.exe.mui", hr=0x0 2026-02-04T11:01:35.357 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-memory-l1-1-1.dll", hr=0x0 2026-02-04T11:01:35.428 Engine:Setting original file name "Microsoft.RightsManagementServices.Admin.SnapinAbout.dll.MUI" for "c:\windows\winsxs\amd64_microsoft-windows-r..resources.resources_31bf3856ad364e35_10.0.17763.1_en-us_55b81315ae52fc40\microsoft.rightsmanagementservices.admin.snapinaboutresource.dll.mui", hr=0x0 2026-02-04T11:01:35.675 Engine:Setting original file name "DynaMon.dll.mui" for "c:\windows\system32\en-us\usbmon.dll.mui", hr=0x0 2026-02-04T11:01:36.605 Engine:Setting original file name "ISOLMIG.DLL" for "c:\windows\syswow64\migisol.dll", hr=0x0 2026-02-04T11:01:36.848 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\pcat\el-gr\memtest.exe.mui", hr=0x0 2026-02-04T11:01:36.995 Engine:Setting original file name "Device_DiagPackage.dll.mui" for "c:\windows\diagnostics\system\device\en-us\diagpackage.dll.mui", hr=0x0 2026-02-04T11:01:41.753 Engine:Setting original file name "Microsoft.JScript.dll" for "c:\windows\winsxs\amd64_netfx-scripting_engine_tlb_b03f5f7f11d50a3a_10.0.17763.1_none_29fc1fee5bcc4465\microsoft.jscript.tlb", hr=0x0 2026-02-04T11:01:41.774 Engine:Setting original file name "ProMgr.dll" for "c:\program files\microsoft office\root\office16\propmgr.dll", hr=0x0 2026-02-04T11:01:42.113 Engine:Setting original file name "WLRMNDR.EXE.MUI" for "c:\windows\winsxs\amd64_microsoft-windows-w..gon-tools.resources_31bf3856ad364e35_10.0.17763.1_en-us_06727a76e9dd94de\wlrmdr.exe.mui", hr=0x0 2026-02-04T11:01:44.699 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\sv-se\memtest.efi.mui", hr=0x0 2026-02-04T11:01:45.123 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-base-util-l1-1-0.dll", hr=0x0 2026-02-04T11:01:46.698 Engine:Setting original file name "SaveAsWebHF.vsl" for "c:\program files\microsoft office\root\office16\savwbhf.dll", hr=0x0 2026-02-04T11:01:47.687 Engine:Setting original file name "libcrypto" for "c:\program files (x86)\internet download manager\libcrypto.dll", hr=0x0 2026-02-04T11:01:47.985 Engine:Setting original file name "Register-CimProvider2.exe.mui" for "c:\windows\winsxs\wow64_microsoft-windows-w..vider-exe.resources_31bf3856ad364e35_10.0.17763.1_en-us_25273528434aea61\register-cimprovider.exe.mui", hr=0x0 2026-02-04T11:01:48.799 Engine:Setting original file name "ProjectModel.dll" for "c:\program files\microsoft office\root\office16\projmodl.dll", hr=0x0 2026-02-04T11:01:49.329 Engine:Setting original file name "gdi32" for "c:\windows\system32\gdi32.dll", hr=0x0 2026-02-04T11:01:49.617 Engine:Setting original file name "schtasks.exe" for "c:\windows\system32\schtasks.exe", hr=0x0 2026-02-04T11:01:50.217 Engine:Setting original file name "utilman2.exe.mui" for "c:\windows\system32\en-us\utilman.exe.mui", hr=0x0 2026-02-04T11:01:52.867 Engine:Setting original file name "dwmcore" for "c:\windows\winsxs\amd64_microsoft-windows-d..ompositor.resources_31bf3856ad364e35_10.0.17763.1_en-us_54404e4dd1f94676\dwmcore.dll.mui", hr=0x0 2026-02-04T11:01:54.759 Engine:Setting original file name " " for "c:\users\administrator\downloads\composer-setup.exe", hr=0x0 2026-02-04T11:01:55.402 Engine:Setting original file name "mapistub.dll" for "c:\windows\system32\mapi32.dll", hr=0x0 2026-02-04T11:01:55.682 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-security-sddl-l1-1-0.dll", hr=0x0 2026-02-04T11:01:56.284 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-threadpool-private-l1-1-0.dll", hr=0x0 2026-02-04T11:01:56.538 Engine:Setting original file name "LyncHtmlConvPxy.cnv" for "c:\program files\microsoft office\root\office16\lynchtmlconvpxy.dll", hr=0x0 2026-02-04T11:01:57.582 Engine:Setting original file name "Adobe PDF Toolbar for IE" for "c:\program files\common files\adobe\acrobat\wcieactivex\dc\x64\acroiefavclient.dll", hr=0x0 2026-02-04T11:01:59.829 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-file-l1-2-1.dll", hr=0x0 2026-02-04T11:02:07.568 Engine:Setting original file name "WindowsUpdate_DiagPackage.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_10.0.17763.1_en-us_72c71197add3cdc6\diagpackage.dll.mui", hr=0x0 2026-02-04T11:02:08.118 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-stringloader-l1-1-1.dll", hr=0x0 2026-02-04T11:02:08.585 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-crt-multibyte-l1-1-0.dll", hr=0x0 2026-02-04T11:02:09.059 Engine:Setting original file name "sbscmp10.dll" for "c:\windows\winsxs\x86_netfx-sbs_wminet_utils_dll_31bf3856ad364e35_10.0.17763.1_none_9542401b25897567\sbs_wminet_utils.dll", hr=0x0 2026-02-04T11:02:09.628 Engine:Setting original file name "Windows.Security.Credentials.UI.CredentialPicker.exe" for "c:\windows\winsxs\wow64_microsoft-windows-s..y-credential-picker_31bf3856ad364e35_10.0.17763.1697_none_0851a88541e7c4ce\windows.security.credentials.ui.credentialpicker.dll", hr=0x0 2026-02-04T11:02:11.799 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\it-it\msprivs.dll.mui", hr=0x0 2026-02-04T11:02:11.893 Engine:Setting original file name "netiougc.exe.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-tcpip.resources_31bf3856ad364e35_10.0.17763.1_en-us_bd08633e254d6a99_netiougc.exe.mui_ad7a9e4d", hr=0x0 2026-02-04T11:02:11.956 Engine:Setting original file name "SR.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-narrator.resources_31bf3856ad364e35_10.0.17763.1_en-us_b71b946ba89732f6\narrator.exe.mui", hr=0x0 2026-02-04T11:02:15.124 Engine:Setting original file name "wersvc" for "c:\windows\system32\en-us\wersvc.dll.mui", hr=0x0 2026-02-04T11:02:16.418 Engine:Setting original file name "spwizres.dll" for "c:\windows\syswow64\spwizimg.dll", hr=0x0 2026-02-04T11:02:16.910 Engine:Setting original file name ".NET Host Resolver - 5.0.0" for "c:\manager\licence\bin\hostfxr.dll", hr=0x0 2026-02-04T11:02:17.261 Engine:Setting original file name "IPRTRMGR.DLL.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-rasserver.resources_31bf3856ad364e35_10.0.17763.1_en-us_6c06fe2b1464c7cc_iprtrmgr.dll.mui_eb023b92", hr=0x0 2026-02-04T11:02:19.726 Engine:Setting original file name "git.exe" for "c:\program files\git\git-cmd.exe", hr=0x0 2026-02-04T11:02:19.969 Engine:Setting original file name "OLBNAME" for "c:\program files\microsoft office\root\office16\msprj.olb", hr=0x0 2026-02-04T11:02:20.085 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-security-lsalookup-l2-1-1.dll", hr=0x0 2026-02-04T11:02:20.718 Engine:Setting original file name "System.Drawing.dll" for "c:\windows\winsxs\amd64_netfx4-system_drawing_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_0c09af3eb391f312\system.drawing.tlb", hr=0x0 2026-02-04T11:02:21.173 Engine:Setting original file name "DefaultGPOFix" for "c:\windows\winsxs\amd64_microsoft-windows-g..o-restore.resources_31bf3856ad364e35_10.0.17763.1_en-us_bf4059b20212ecf7\dcgpofix.exe.mui", hr=0x0 2026-02-04T11:02:21.825 Engine:Setting original file name "iismui" for "c:\windows\winsxs\amd64_microsoft-windows-i..acysnapin.resources_31bf3856ad364e35_10.0.17763.1_en-us_a8454c1deaba74c1\iismui.dll.mui", hr=0x0 2026-02-04T11:02:22.213 Engine:Setting original file name "SgrmEnclave.dll" for "c:\windows\system32\sgrmenclave_secure.dll", hr=0x0 2026-02-04T11:02:25.089 Engine:Setting original file name "idmcchandler.dll" for "c:\program files (x86)\internet download manager\idmcchandler2_64.dll", hr=0x0 2026-02-04T11:02:28.392 Engine:Setting original file name "rasauto.dll.mui" for "c:\windows\winsxs\backup\wow64_microsoft-windows-rasauto-mui.resources_31bf3856ad364e35_10.0.17763.1_en-us_c24c30edd2c9a5f1_rasauto.dll.mui_12fa2c50", hr=0x0 2026-02-04T11:02:28.958 Engine:Setting original file name "MicrosoftEdgeUpdateSetup.exe" for "c:\users\administrator\downloads\programs\microsoftedgesetup.exe", hr=0x0 2026-02-04T11:02:29.342 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\fi-fi\msprivs.dll.mui", hr=0x0 2026-02-04T11:02:29.559 Engine:Setting original file name "davsvc.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-w..r-webclnt.resources_31bf3856ad364e35_10.0.17763.1_en-us_3030de7428c7c284\webclnt.dll.mui", hr=0x0 2026-02-04T11:02:30.715 Engine:Setting original file name "WindowsMediaPlayerPlayDVD_DiagPackage.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_10.0.17763.1_en-us_9181baef114b29b6\diagpackage.dll.mui", hr=0x0 2026-02-04T11:02:31.409 Engine:Setting original file name "WIASERVC.DLL.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-w..eservices.resources_31bf3856ad364e35_10.0.17763.1_en-us_ca1d7e44124f7a48_wiaservc.dll.mui_54051b53", hr=0x0 2026-02-04T11:02:32.391 Engine:Setting original file name "Vulkan Runtime" for "c:\program files\google\chrome\application\144.0.7559.112\vulkan-1.dll", hr=0x0 2026-02-04T11:02:33.939 Engine:Setting original file name "LicProtectorEXE" for "c:\program files\vs revo group\revo uninstaller pro\ruplp.exe", hr=0x0 2026-02-04T11:02:36.366 Engine:Setting original file name "IEBrowseWeb_DiagPackage.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-i..iagnostic.resources_31bf3856ad364e35_10.0.17763.1_en-us_e34220f01fb2b602\diagpackage.dll.mui", hr=0x0 2026-02-04T11:02:36.845 Engine:Setting original file name "OGL" for "c:\program files\microsoft office\root\office16\ocogl.dll", hr=0x0 2026-02-04T11:02:37.276 Engine:Setting original file name "DrvInst.EXE.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-pnp-drvinst.resources_31bf3856ad364e35_10.0.17763.1_en-us_a6aff57dee6bf902_drvinst.exe.mui_e88f4c73", hr=0x0 2026-02-04T11:02:37.521 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-threadpool-legacy-l1-1-0.dll", hr=0x0 2026-02-04T11:02:38.428 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-heap-obsolete-l1-1-0.dll", hr=0x0 2026-02-04T11:02:39.375 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-kernel32-legacy-l1-1-1.dll", hr=0x0 2026-02-04T11:02:40.259 Engine:Setting original file name "partmgr.sys.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-p..onmanager.resources_31bf3856ad364e35_10.0.17763.1_en-us_eef1af88a2cfbd4e_partmgr.sys.mui_b800c491", hr=0x0 2026-02-04T11:02:41.079 Engine:Setting original file name "MPX Interface.DLL" for "c:\program files\microsoft office\root\office16\mpxint.dll", hr=0x0 2026-02-04T11:02:41.098 Engine:Setting original file name "intldate" for "c:\program files\microsoft office\root\office16\ocintldate.dll", hr=0x0 2026-02-04T11:02:41.546 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-string-obsolete-l1-1-0.dll", hr=0x0 2026-02-04T11:02:42.126 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-libraryloader-l1-1-0.dll", hr=0x0 2026-02-04T11:02:42.173 Engine:Setting original file name "pwsh.dll" for "c:\program files\powershell\7\pwsh.exe", hr=0x0 2026-02-04T11:02:42.217 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-processthreads-l1-1-1.dll", hr=0x0 2026-02-04T11:02:46.363 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-service-management-l2-1-0.dll", hr=0x0 2026-02-04T11:02:46.364 OriginalFileName Maintenance::8834 files in Moac, 0 skipped (cached), 319 filename set 2026-02-04T11:02:46.364 [AutoPurge] Routine task for Cache Maintenance has ended. 2026-02-04T11:08:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T11:13:56.015 CheckProductDisabled(fWaitWSC: 0, fRemoveConfigs: 1) ... 2026-02-04T11:13:56.070 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-04T11:13:56.070 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-04T11:13:56.070 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-04T11:13:56.070 [RTP] [RtpConfig] Config change detected, type: 4 2026-02-04T11:13:56.070 [RTP] [RtpConfig] Config change detected, type: 8 2026-02-04T11:13:56.070 [RTP] [RtpConfig] Config change detected, type: 16 2026-02-04T11:13:56.070 [RTP] [RtpConfig] Config change detected, type: 1024 2026-02-04T11:13:56.070 [RTP] [RtpConfig] Config change detected, type: 2048 2026-02-04T11:13:56.070 [RTP] Setting DisableAsyncScanOnClose to 0 (hr=0). 2026-02-04T11:13:56.070 [RTP] Setting DisableAsyncScanOnOpen to 0 in wdfilter (hr=0). 2026-02-04T11:13:56.070 [RTP] Setting FilterExperimentMode to 0 (hr=0). 2026-02-04T11:13:56.155 [NRI] Stopping NIS service ... 2026-02-04T11:13:56.156 [NRI] Stopping NIS service ... 2026-02-04T11:13:56.156 [NRI] Stopping NIS service ... 2026-02-04T11:13:56.157 [NRI] Stopping NIS service ... 2026-02-04T11:13:56.157 [NRI] Stopping NIS service ... 2026-02-04T11:13:56.183 [RTP] Setting DisableDriverUnload to 1 (hr=0). 2026-02-04T11:13:56.183 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-04T11:13:56.183 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-04T11:13:56.223 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-04T11:13:56.223 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-04T11:13:56.223 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-04T11:13:56.238 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-04T11:13:56.238 [RTP] [RTP] LastAccessTimeSuppression for network files is enabled by configuration. 2026-02-04T11:13:56.238 [RTP] [RtpConfig] Config change detected, type: 64 2026-02-04T11:13:58.574 [RTP] Duplicating the current plugin configuration object... 2026-02-04T11:13:58.574 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-04T11:13:58.574 [RTP] Updating plugin configuration due to recent config changes (0x43e) ... 2026-02-04T11:13:58.574 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-04T11:13:58.574 [RTP] Calling GenerateEngineConfigStruct (0x18) ... 2026-02-04T11:13:58.629 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x43e, Changed: 0x218 2026-02-04T11:23:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T11:38:15.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T11:53:20.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T12:08:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T12:23:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T12:38:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T12:53:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T13:08:45.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T13:23:50.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T13:38:55.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T13:54:00.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T14:09:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T14:24:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T14:39:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T14:54:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T15:09:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T15:24:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T15:39:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T15:54:40.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T16:09:45.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T16:24:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T16:39:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T16:55:00.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T17:10:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T17:25:10.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T17:40:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T17:55:20.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T18:10:25.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T18:25:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T18:40:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T18:55:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T19:10:45.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T19:23:55.386 [AutoPurge] AutoPurgeWorker triggered with dwWork=0x3 2026-02-04T19:23:55.387 Job Notification: New process added to job (6712) 2026-02-04T19:23:55.389 Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) launched 2026-02-04T19:23:55.390 Aggressive catchup quick scan threshold: 728649100311 / 25920000000000 2026-02-04T19:23:55.449 Job Notification: New process added to job (13616) 2026-02-04T19:23:55.607 [RTP] [Mini-filter] Denied OB operation OpenProcess[\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe][Pid:6712] from process [\Device\HarddiskVolume4\Windows\System32\conhost.exe][Pid:13616]. OriginalDesiredAccess: [0x1fffff] ResultingAccess: [0x1ff7d4] 2026-02-04T19:23:55.660 Job Notification: New process added to job (13044) 2026-02-04T19:23:55.660 Task(SignaturesUpdateService -ScheduleJob -UnmanagedUpdate) launched 2026-02-04T19:23:55.661 Job Notification: New process added to job (9084) 2026-02-04T19:23:55.665 [RTP] [Mini-filter] Denied OB operation OpenProcess[\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe][Pid:13044] from process [\Device\HarddiskVolume4\Windows\System32\conhost.exe][Pid:9084]. OriginalDesiredAccess: [0x1fffff] ResultingAccess: [0x1ff7d4] 2026-02-04T19:23:55.894 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-04T19:23:55.894 [RTP] Duplicating the current plugin configuration object... 2026-02-04T19:23:55.894 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-04T19:23:55.894 [RTP] Updating plugin configuration due to recent config changes (0x20) ... 2026-02-04T19:23:55.894 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-04T19:23:55.894 [RTP] No config change detected. Not updating plugin configuration. 2026-02-04T19:23:55.894 [RTP] No config changes found. No configuration switch. 2026-02-04T19:23:55.894 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x20, Changed: 0 2026-02-04T19:25:28.267 UpdateEngine start: Source: 1, szUpdateDirectory: C:\Windows\Temp\4AF7973C-13F3-4FFA-ABE7-65886D92815E348c.1dc960c01ef669d 2026-02-04T19:25:28.581 Verifying engine and signature files (source: 0) ... 2026-02-04T19:25:28.581 Skipped verification of [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B8D69759-CC25-4C55-94D5-4806425F3D4C}\mpengine.dll] due to PPL. 2026-02-04T19:25:28.581 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B8D69759-CC25-4C55-94D5-4806425F3D4C}\mpasbase.vdm] (file in cache) 2026-02-04T19:25:28.581 MpCacheManagerIsTrustedFile [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B8D69759-CC25-4C55-94D5-4806425F3D4C}\mpasdlta.vdm]. File not in cache (0x1) 2026-02-04T19:25:28.832 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B8D69759-CC25-4C55-94D5-4806425F3D4C}\mpasdlta.vdm] 2026-02-04T19:25:28.832 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B8D69759-CC25-4C55-94D5-4806425F3D4C}\mpavbase.vdm] (file in cache) 2026-02-04T19:25:28.832 MpCacheManagerIsTrustedFile [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B8D69759-CC25-4C55-94D5-4806425F3D4C}\mpavdlta.vdm]. File not in cache (0x1) 2026-02-04T19:25:28.856 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B8D69759-CC25-4C55-94D5-4806425F3D4C}\mpavdlta.vdm] 2026-02-04T19:25:29.127 [Engine] IsHybridMode: 0 2026-02-04T19:25:29.200 [KSL]KSL(1.1.25080.5) Is available via CAMP. KslDevice : KslD, TDTDevice : TDT 2026-02-04T19:25:29.333 Database:Can't find offline cache cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-44B346D250A719AC805FA53CEE249D6ED6B950E9.bin): 0x00000002 2026-02-04T19:25:29.334 Database:Creating offline cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-44B346D250A719AC805FA53CEE249D6ED6B950E9.bin) 2026-02-04T19:25:29.334 Database:Product:1, ProductVersion:5, Platform:6, PlatformVersion:19, IsBeta:0, IsAdvancedAtLoad:0, IsParanoid: 0, IsOffline: 0 2026-02-04T19:25:29.334 Database:IsEmbedded: 0, IsIEVEnabled: 0, IsServerSku: 1, IsRsdhSku: 1, IsEnterpriseProduct: 0, IsMsft: 0, IsSeville: 0, IsMsSense: 0, IsImmune: 0, IsMba: 0, IsPus: 0, IsManaged: 0, IsSmode: 0 2026-02-04T19:25:29.334 Database:IsAutoSubmit:0, IsPusRem:0, LoadedAS:1, LoadedAV:1, LoadedInternal: 0, PassiveMode: 0, SxsPassiveMode:0, IsDevMode:0, IsTestSigning:0, IsWCOS: 0, IsInsideContainer: 0, IsHybridMode: 0 2026-02-04T19:25:29.334 Database:kLCID:1033, kOsVersion:655360, kProcessorArch:9, dwIsTest:0, fTdtCapable:0, fTdtUVE:0, dwTDTSiloType:0, kOOsVersion:655360, kOsSP:0, kOsBld:17763, dwPvpRing=0xffffffff 2026-02-04T19:25:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) IDynamicConfig::ReportError value=BruteForceProtectionIPExclusion hr=0x8007007b IDynamicConfig::ReportError value=BruteForceProtectionStatus hr=0x8007007b IDynamicConfig::ReportError value=DisableGradualRelease hr=0x8007007b IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007b IDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000d IDynamicConfig::ReportError value=MpCampRingThrottled hr=0x8007007b IDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d IDynamicConfig::ReportError value=MpEngineRingThrottled hr=0x8007007b 2026-02-04T19:25:51.455 Geo ID not found using standard default set: :SOAP:https://wdcp.microsoft.com/WdCpSrvc.asmx 2026-02-04T19:25:51.975 [AutoExclusion] Applied roles from cache. 2026-02-04T19:25:51.975 [AutoExclusion] Started roles monitoring. IDynamicConfig::ReportError ECS value=EnableAdsSymlinkMitigation_MpRamp hr=0x8007007b IDynamicConfig::ReportError ECS value=EnableBmProcessInfoMetastoreMaintenance_MpRamp hr=0x800700d4 IDynamicConfig::ReportError ECS value=EnableCIWorkaroundOnCFAEnabled_MpRamp hr=0x8007007b IDynamicConfig::ReportError ECS value=MdDisableResController hr=0x800700d4 IDynamicConfig::ReportError ECS value=MdTimerInitalDelay hr=0x800700d4 IDynamicConfig::ReportError ECS value=MdTimerMonitorInterval hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpCopyAcceleratorCancellableCopyState hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpDisablePropBagNotification hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpEnableNoMetaStoreProcessInfoContainer hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpEnablePurgeHipsCache hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpForceDllHostScanExeOnOpen hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpDisableResourceMonitoring hr=0x8007007b IDynamicConfig::ReportError ECS value=EnableThreatIdKeyForSigExpiry_MpRamp hr=0x800700d4 IDynamicConfig::ReportError ECS value=NIS_DisableTransportCallouts hr=0x8007007b IDynamicConfig::ReportError ECS value=MpDlpClipboardSettings hr=0x8007007b IDynamicConfig::ReportError ECS value=MpFC_SupportThreatActionDetectionOnly hr=0x8007007b IDynamicConfig::ReportChange ECS value=MpFC_EnableCommonMetricsEvents new=1 old0 IDynamicConfig::ReportChange ECS value=MpDisableBmHealthOneDsEvent new=True oldFalse 2026-02-04T19:25:53.585 [Engine] RSIG_ENGINE_PRE_SHUTDOWN, 0x00007FF926446240, lRefCount: 5, hr=0 2026-02-04T19:25:53.618 [Engine] New active engine 00007FF916666240 replacing engine 00007FF926446240. Number of active engines: 2 2026-02-04T19:25:53.802 EngineInit:Global ASOC is enabled 2026-02-04T19:25:53.802 EngineInit:ASOO is enabled for developer volumes 2026-02-04T19:25:54.373 Engine-HIPS:Loaded ASR vdm rule "Block use of copied or impersonated system tools", State=5, Action=0, Type=9, Duplicates(Interval=288000000000, scope=0x100) 2026-02-04T19:25:54.374 Engine-HIPS:Loaded ASR vdm rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-04T19:25:54.415 Engine-HIPS:Loaded ASR vdm rule "Block credential stealing from the Windows local security authority subsystem (lsass.exe)", State=5, Action=7, Type=1, Duplicates(Interval=288000000000, scope=0x380) 2026-02-04T19:25:54.416 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from injecting code into other processes", State=5, Action=2, Type=24, Duplicates(Interval=144000000000, scope=0x380) 2026-02-04T19:25:54.418 Engine-HIPS:Loaded ASR vdm rule "Controlled folder access", State=0, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-04T19:25:54.419 Engine-HIPS:Loaded ASR vdm rule "Block untrusted and unsigned processes that run from USB", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-04T19:25:54.420 Engine-HIPS:Loaded ASR vdm rule "Block Adobe Reader from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-04T19:25:54.421 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from creating executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-04T19:25:54.422 Engine-HIPS:Loaded ASR vdm rule "Block Webshell creation for Servers", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-04T19:25:54.424 Engine-HIPS:Loaded ASR vdm rule "Block Office communication application from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-04T19:25:54.425 Engine-HIPS:Loaded ASR vdm rule "Block abuse of in-the-wild exploited vulnerable signed drivers", State=5, Action=0, Type=1, Duplicates(Interval=36000000000, scope=0x100) 2026-02-04T19:25:54.426 Engine-HIPS:Loaded ASR vdm rule "Block all Office applications from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-04T19:25:54.428 Engine-HIPS:Loaded ASR vdm rule "Use advanced protection against ransomware", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-04T19:25:54.429 Engine-HIPS:Loaded ASR vdm rule "Block Process Creations originating from PSExec & WMI commands", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-04T19:25:54.430 Engine-HIPS:Loaded ASR vdm rule "Block Launching of executable content from email attachment", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-04T19:25:54.431 Engine-HIPS:Loaded ASR vdm rule "Block JavaScript or VBScript from launching downloaded executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-04T19:25:54.433 Engine-HIPS:Loaded ASR vdm rule "Block persistence through WMI event subscription", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-04T19:25:54.434 Engine-HIPS:Loaded ASR vdm rule "Block rebooting machine in Safe Mode", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-04T19:25:54.435 Engine-HIPS:Loaded ASR vdm rule "Block execution of potentially obfuscated scripts", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-04T19:25:54.524 MpWriteUupSignatureVersion 1.443.1003.0, hr = 0 2026-02-04T19:25:54.525 ForceSyncMoacInsertion config from engine is 0, hr = 0x0 2026-02-04T19:25:54.565 [RTP] [Mini-filter] MpFC: MpFC_Kernel_HardenUxProcesses=0;MpFC_Kernel_SystemIoRequestWorkOnBehalfOf=0x1;MpFC_Kernel_PreventBindfltAbuse=0x1;MpFC_Kernel_ParentProcessObHardeningAllow=0;MpFC_Kernel_ReduceOfficeInjectRuleFP=0x1;MPC_Kernel_CheckValidityOfProcessFilterFlagsInASR=0x1;MpFc_Kernel_UseLowPrioThreadsForAsyncScans=0x1;MpFc_Kernel_DisableFileDirtyLogic=0;MpFC_Kernel_DisableDLPPort=0x1;MpFC_Kernel_DlpFeatures=0;MpFC_Kernel_EnableFolderGuardOnPostCreate=0x1;MpFC_Kernel_StrictTiChildrenMatch=0;MpFC_Kernel_PPLReduxMitigationFlags=0x3;MpFc_Kernel_UseLowPriAsyncScansDevDrvOnly=0x1;MpFc_Kernel_DisableOfficeInjectUevSuppression=0x1;MpFc_Kernel_CopyChunkFileHintMask=0;MpFc_Kernel_DisableScanOnCloseForNetworkFiles=0x1;MpFc_Kernel_MaxAsyncWorkQueue=0x400;MpFc_Kernel_DlpIgnoreSystemFolder=0x1;MpFc_Kernel_DlpPassThroughMode=0;MpFc_Kernel_L2StateCache_DefaultStreamsOnly=0x1;MpFc_Kernel_L2StateCache_SupportGenericFileState=0x1;MpFc_Kernel_CryptSvcPreScanFilter=0x1;MpFc_Kernel_SystemPreScanFilter=0x1;MpFC_Kernel_CheckValidit 2026-02-04T19:25:54.565 [HybridMode] HybridMode change notification isHybridModePolicyEnabled: 0, isVerifiedAndReputableTrustModeEnabled: 0 2026-02-04T19:25:54.565 Hybrid mode change notification called, no change detected in verified and reputable trust mode (0 -> 0)! 2026-02-04T19:25:54.565 Hybrid mode change notification called, no change detected in Hybrid mode (0 -> 0)!ApplyDefenderProcessTokenTrustLableAce succeeded to set. 2026-02-04T19:25:54.576 MpUpdateUpdateResiliencyConfiguration updated to 0 2026-02-04T19:25:54.576 [Plugin] Initializing RTP plugin state... 2026-02-04T19:25:54.576 [Plugin] Normal mode, or passive mode with shadow protection enabled. Will not force RTP off. 2026-02-04T19:25:54.576 [RTP] ****************************RTP Perf Log*************************** RTP Start:‎02‎-‎03‎-‎2026 22:25:12 Last Perf:‎02‎-‎03‎-‎2026 22:25:12 First RTP Scan:N/A Plugin States: AV:1 AS:1 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\OInstall_x64.exe C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\files C:\Users\Administrator\Downloads\InternetDownloadManager6.42Build3.c.taiwebs.com\Internet Download Manager 6.42 Build 3 Multilingual\Patch C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\OInstall.exe Ext Exclusions: Temp Exclusions: Worker Threads: AM:18 Async:4 Cache Flushes: RTP:1 System File Cache: Hits:0 Misses:0 BM Queue:0,1,0 Proc:0,1,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:1,3,0 SetEngine:1,1,0 SetState:0,1,0 SetUser:0,1,0 Config:0,2,0 ProcExcl:0,1,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:280640 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:260264 AsyncQCurrent:0 BMFlags:1160 ServiceMaj:0 ServiceMin:0 NumInstance:6 TotalStreamCon:3326 NTFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:-1482940208 TotalHits:0 InstanceCacheInserts:201343 InstanceCacheUpdates:0 InstanceCacheDeletes:72473 InstanceCacheHits:3143 InstanceCacheMisses:1477491 InstanceCacheOverflows:125243 CSVFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 SyncProcessCreateDuration:-1ms (0/0) Success: 0, failures: 0 (last code: 0x0), timeouts: 0, baddata: 0 **************************END RTP Perf Log************************* 2026-02-04T19:25:54.576 [Engine] Loaded C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B8D69759-CC25-4C55-94D5-4806425F3D4C} 2026-02-04T19:25:54.576 [Engine] Skip removing C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{112E9DD7-BD97-47FE-A5E0-55EE31DE8AF1}, C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{112E9DD7-BD97-47FE-A5E0-55EE31DE8AF1}\mpasbase.vdm in use, hr=0x80070020 2026-02-04T19:25:54.576 [SCC][CID=433831437_11120] [1DS] SCCState hr=0x0 msg={"error":"","hr":"0x0","init":false,"source":"None","state":"None"} 2026-02-04T19:25:54.577 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-04T19:25:54.577 Failed to retrieve config value from engine or configurations for config key (MdCpuSensorCollectionLag) hr = 0x8050800f 2026-02-04T19:25:54.577 Failed to retrieve config value from engine or configurations for config key (MdCrashSensorCollectionLag) hr = 0x8050800f 2026-02-04T19:25:54.577 Failed to retrieve config value from engine or configurations for config key (MdDiskSensorCollectionLag) hr = 0x8050800f 2026-02-04T19:25:54.577 Failed to retrieve config value from engine or configurations for config key (MdMemorySensorCollectionLag) hr = 0x8050800f 2026-02-04T19:25:54.577 MdCoreSvc is supported in this platform and OS Beginning quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Target: Flags:131074 Start time:02-04-2026 19:25:54 Finished quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Result:0 End time:02-04-2026 19:25:54 2026-02-04T19:25:54.579 MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0 2026-02-04T19:25:54.579 MpPlatformKillbitsFromEngineEx (0x0) (0x0) written, hr = 0 2026-02-04T19:25:54.580 [NRI] Stopping NIS service ... 2026-02-04T19:25:54.580 Failed to retrieve config value from engine or configurations for config key (MdCpuSensorCollectionLag) hr = 0x8050800f 2026-02-04T19:25:54.580 Failed to retrieve config value from engine or configurations for config key (MdCrashSensorCollectionLag) hr = 0x8050800f 2026-02-04T19:25:54.580 Failed to retrieve config value from engine or configurations for config key (MdDiskSensorCollectionLag) hr = 0x8050800f 2026-02-04T19:25:54.581 Failed to retrieve config value from engine or configurations for config key (MdMemorySensorCollectionLag) hr = 0x8050800f 2026-02-04T19:25:54.581 MdCoreSvc is supported in this platform and OS 2026-02-04T19:25:54.612 [TP] State change. FeatureAvialable: False, NewState: 0x2, OldState: 0x2, Scenario: Consumer, Source: Signatures, ConfigChange: Remove 2026-02-04T19:25:54.649 [TP] TP Enabled: 0, SecureConfigEnabled: 0, DisableTPExclusionBypass: 0, EnableTPExclusion via FC: 0, IsIntuneManagedDefender: 0, IsSCCMManagedDefender: 0, IsMDEAttachManagedDefender: 0, IsSCCMOnlyManagedDefender: 0, IsStrictPolicyModeEnabled: 0 (from snapshot: 0), Effective EnableTPExclusions: 0, Previous EnableTPExclusions: 0, Delayed call: 0 Signature updated on 02-04-2026 19:25:54 Product Version: 4.18.25110.6 Service Version: 4.18.25110.6 Engine Version: 1.1.25110.1 AS Signature Version: 1.443.1003.0 AV Signature Version: 1.443.1003.0 ************************************************************ 2026-02-04T19:25:54.668 [Update] Performing ScanOnUpdate, GetConfigHr: 0x0, dwDisableScanOnUpdate: 0, passiveMode: 0, killbit: 0 2026-02-04T19:25:54.668 UpdateEngine finished with 0: Source: 1, szUpdateDirectory: C:\Windows\Temp\4AF7973C-13F3-4FFA-ABE7-65886D92815E348c.1dc960c01ef669d 2026-02-04T19:25:54.670 Process scan (postsignatureupdatescan) started. 2026-02-04T19:25:54.749 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-04T19:25:54.749 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-04T19:25:54.749 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-04T19:25:54.749 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-04T19:25:54.749 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-04T19:25:55.030 CheckProductDisabled(fWaitWSC: 0, fRemoveConfigs: 1) ... IDynamicConfig::ReportError value=BruteForceProtectionIPExclusion hr=0x8007007b IDynamicConfig::ReportError value=BruteForceProtectionStatus hr=0x8007007b IDynamicConfig::ReportError value=DisableGradualRelease hr=0x8007007b IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007b IDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000d IDynamicConfig::ReportError value=MpCampRingThrottled hr=0x8007007b IDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d IDynamicConfig::ReportError value=MpEngineRingThrottled hr=0x8007007b IDynamicConfig::ReportChange value=MpFC_EnableCommonMetricsEvents new=0 old1 IDynamicConfig::ReportChange value=MpDisableBmHealthOneDsEvent new=False oldTrue IDynamicConfig::ReportError ECS value=EnableAdsSymlinkMitigation_MpRamp hr=0x8007007b IDynamicConfig::ReportError ECS value=EnableBmProcessInfoMetastoreMaintenance_MpRamp hr=0x800700d4 IDynamicConfig::ReportError ECS value=EnableCIWorkaroundOnCFAEnabled_MpRamp hr=0x8007007b IDynamicConfig::ReportError ECS value=MdDisableResController hr=0x800700d4 IDynamicConfig::ReportError ECS value=MdTimerInitalDelay hr=0x800700d4 IDynamicConfig::ReportError ECS value=MdTimerMonitorInterval hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpCopyAcceleratorCancellableCopyState hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpDisablePropBagNotification hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpEnableNoMetaStoreProcessInfoContainer hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpEnablePurgeHipsCache hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpForceDllHostScanExeOnOpen hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpDisableResourceMonitoring hr=0x8007007b IDynamicConfig::ReportError ECS value=EnableThreatIdKeyForSigExpiry_MpRamp hr=0x800700d4 IDynamicConfig::ReportError ECS value=NIS_DisableTransportCallouts hr=0x8007007b IDynamicConfig::ReportError ECS value=MpDlpClipboardSettings hr=0x8007007b IDynamicConfig::ReportError ECS value=MpFC_SupportThreatActionDetectionOnly hr=0x8007007b IDynamicConfig::ReportChange ECS value=MpFC_EnableCommonMetricsEvents new=1 old0 IDynamicConfig::ReportChange ECS value=MpDisableBmHealthOneDsEvent new=True oldFalse 2026-02-04T19:25:55.034 [KSL] Entering CKSLEngine::EnableKSL. State: [3] 2026-02-04T19:25:55.034 [KSL] CKSLEngine::EnableKSL feature is already enabled. 2026-02-04T19:25:55.034 [KSL] Leaving CKSLEngine::EnableKsl(0). 2026-02-04T19:25:55.034 [KSL] Entering CKSLEngine::EnableKSL. State: [3] 2026-02-04T19:25:55.034 [KSL] CKSLEngine::EnableKSL feature is already enabled. 2026-02-04T19:25:55.034 [KSL] Leaving CKSLEngine::EnableKsl(0). 2026-02-04T19:25:55.036 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-04T19:25:55.036 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-04T19:25:55.036 [RTP] [RtpConfig] Config change detected, type: 4 2026-02-04T19:25:55.036 [RTP] [RtpConfig] Config change detected, type: 8 2026-02-04T19:25:55.036 [RTP] [RtpConfig] Config change detected, type: 1024 2026-02-04T19:25:55.036 [RTP] [RtpConfig] Config change detected, type: 2048 2026-02-04T19:25:55.036 [RTP] Setting DisableAsyncScanOnClose to 0 (hr=0). 2026-02-04T19:25:55.036 [NRI] Stopping NIS service ... 2026-02-04T19:25:55.036 [RTP] Setting DisableAsyncScanOnOpen to 0 in wdfilter (hr=0). 2026-02-04T19:25:55.036 [RTP] Setting FilterExperimentMode to 0 (hr=0). 2026-02-04T19:25:55.036 [RTP] Setting DisableDriverUnload to 1 (hr=0). 2026-02-04T19:25:55.037 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-04T19:25:55.037 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-04T19:25:55.037 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-04T19:25:55.037 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-04T19:25:55.037 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-04T19:25:55.037 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-04T19:25:55.037 [RTP] [RTP] LastAccessTimeSuppression for network files is enabled by configuration. 2026-02-04T19:25:55.037 [RTP] [RtpConfig] Config change detected, type: 64 2026-02-04T19:25:55.037 [NRI] Stopping NIS service ... 2026-02-04T19:25:55.038 [NRI] Stopping NIS service ... 2026-02-04T19:25:55.038 [NRI] Stopping NIS service ... 2026-02-04T19:25:55.039 [NRI] Stopping NIS service ... 2026-02-04T19:25:55.194 [Engine] Engine 00007FF926446240 no longer in use. Number of active engines: 1 2026-02-04T19:25:55.194 [RTP] [RTP] FilterCommunicator object 0x00000200AE3185E0 StopCommunication (\MicrosoftMalwareProtectionPortWD, \MicrosoftMalwareProtectionVeryLowIoPortWD), threads: 8 normal, 2 very low, 0 alt, thread pool threads: 0 normal, 0 very low, 8 alt Signature updated via MicrosoftUpdateServer on 02-04-2026 19:25:56 ************************************************************ 2026-02-04T19:25:56.443 Job Notification: Process exited from job (13044) 2026-02-04T19:25:56.444 Job Notification: Process exited from job (9084) 2026-02-04T19:25:56.905 Job Notification: Process exited from job (6712) 2026-02-04T19:25:56.906 Job Notification: Process exited from job (13616) 2026-02-04T19:25:57.698 [RTP] Duplicating the current plugin configuration object... 2026-02-04T19:25:57.698 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-04T19:25:57.698 [RTP] Updating plugin configuration due to recent config changes (0x42e) ... 2026-02-04T19:25:57.698 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-04T19:25:57.698 [RTP] Calling GenerateEngineConfigStruct (0x18) ... 2026-02-04T19:25:57.917 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x42e, Changed: 0x218 2026-02-04T19:26:11.648 [Engine] RSIG_UNLOADENGINE, 00007FF926446240, err=0x0 2026-02-04T19:26:11.753 [Engine] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{112E9DD7-BD97-47FE-A5E0-55EE31DE8AF1} removed Internal signature match:subtype=Lowfi, sigseq=0x0000157E55A4A794, sigsha=0d6df75c878ae2057e5184c1c65cd97a922b0f0b, cached=false, source=0, resourceid=0xa865ed51 Internal signature match:subtype=Lowfi, sigseq=0x00004AE7F6712C36, sigsha=d96c66db50bb3adef460233484cf124f27fd61c2, cached=false, source=0, resourceid=0x49ced1a9 Internal signature match:subtype=Lowfi, sigseq=0x0000E6E7336DF01B, sigsha=be63f9765c0dd90c9044d12b0531e6ad0a7aa965, cached=false, source=0, resourceid=0x0e132b6d 2026-02-04T19:26:45.915 Process scan (postsignatureupdatescan) completed. 2026-02-04T19:30:53.864 [RbM] Setting Last known good engine candidate. hr = 0 2026-02-04T19:40:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T19:56:00.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T20:11:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T20:26:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T20:41:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T20:56:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T21:11:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T21:26:30.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T21:41:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T21:56:40.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T22:11:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T22:26:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T22:41:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T22:57:00.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T23:09:30.037 Created on demand scan context for ScanType:1. ScanTrigger:55, ScanId:C18952D0-3121-4B42-BA52-06E6DF5258D7, Source: MPSOURCE_SYSTEM(2), EngineSource: MP_SCANSOURCE_SCHEDULED(1) 2026-02-04T23:09:30.037 Scheduled scan with Id C18952D0-3121-4B42-BA52-06E6DF5258D7 configured CPU priority: normal (LowCpuPriority: 0) 2026-02-04T23:09:30.054 [SFC] MpCmIsBuildPermissible(1) returns S_OK. Start SFC build. 2026-02-04T23:09:30.054 [SFC] System file cache build is not needed (already completed) Internal signature match:subtype=Lowfi, sigseq=0x0000E6E7336DF01B, sigsha=be63f9765c0dd90c9044d12b0531e6ad0a7aa965, cached=false, source=0, resourceid=0x0e132b6d Internal signature match:subtype=Lowfi, sigseq=0x00001080BD474309, sigsha=12dcaa1fa061982b60965c79a12b1fa9857cd220, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x000010806C1FBEBC, sigsha=62d527f22a73e99676b1b698fda24d54631bc5e6, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x000010807F33016C, sigsha=3969d92ccecc920f2b38c26959c245b73df4cddd, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x00001080DCA721BD, sigsha=13bf421faa34d3dab1e680e23c46d4dcb5ca3d0a, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x00004AE7F6712C36, sigsha=d96c66db50bb3adef460233484cf124f27fd61c2, cached=false, source=0, resourceid=0xc8ebb48e 2026-02-04T23:11:05.339 Engine:Triggered AR EMS scan 2026-02-04T23:11:05.353 Engine:EMS scan for process: lsass pid: 748, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.391 Engine:EMS scan for process: svchost pid: 956, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.393 Engine:EMS scan for process: svchost pid: 980, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.405 Engine:EMS scan for process: svchost pid: 84, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.406 Engine:EMS scan for process: svchost pid: 396, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.408 Engine:EMS scan for process: svchost pid: 1048, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.415 Engine:EMS scan for process: svchost pid: 1132, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.419 Engine:EMS scan for process: svchost pid: 1164, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.421 Engine:EMS scan for process: svchost pid: 1316, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.422 Engine:EMS scan for process: svchost pid: 1324, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.423 Engine:EMS scan for process: svchost pid: 1332, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.424 Engine:EMS scan for process: svchost pid: 1340, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.427 Engine:EMS scan for process: svchost pid: 1452, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.428 Engine:EMS scan for process: svchost pid: 1476, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.440 Engine:EMS scan for process: svchost pid: 1584, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.449 Engine:EMS scan for process: svchost pid: 1612, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.455 Engine:EMS scan for process: svchost pid: 1668, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.463 Engine:EMS scan for process: svchost pid: 1732, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.468 Engine:EMS scan for process: svchost pid: 1780, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.472 Engine:EMS scan for process: svchost pid: 1788, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.474 Engine:EMS scan for process: svchost pid: 1796, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.475 Engine:EMS scan for process: svchost pid: 1912, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.476 Engine:EMS scan for process: svchost pid: 1960, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.478 Engine:EMS scan for process: svchost pid: 2020, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.490 Engine:EMS scan for process: svchost pid: 1564, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.510 Engine:EMS scan for process: svchost pid: 2068, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.514 Engine:EMS scan for process: svchost pid: 2144, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.518 Engine:EMS scan for process: svchost pid: 2152, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.519 Engine:EMS scan for process: svchost pid: 2340, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.521 Engine:EMS scan for process: svchost pid: 2356, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.526 Engine:EMS scan for process: svchost pid: 2444, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.528 Engine:EMS scan for process: svchost pid: 2792, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.529 Engine:EMS scan for process: svchost pid: 2860, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.531 Engine:EMS scan for process: svchost pid: 2948, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.534 Engine:EMS scan for process: svchost pid: 2632, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.537 Engine:EMS scan for process: svchost pid: 3268, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.542 Engine:EMS scan for process: svchost pid: 3308, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.549 Engine:EMS scan for process: svchost pid: 3316, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.552 Engine:EMS scan for process: services pid: 3324, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.586 Engine:EMS scan for process: svchost pid: 3356, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.589 Engine:EMS scan for process: svchost pid: 3364, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.602 Engine:EMS scan for process: svchost pid: 3376, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.612 Engine:EMS scan for process: svchost pid: 3384, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.624 Engine:EMS scan for process: svchost pid: 3392, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.632 Engine:EMS scan for process: svchost pid: 3400, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.638 Engine:EMS scan for process: svchost pid: 3408, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.644 Engine:EMS scan for process: svchost pid: 3416, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.648 Engine:EMS scan for process: svchost pid: 3584, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.654 Engine:EMS scan for process: svchost pid: 4148, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.661 Engine:EMS scan for process: svchost pid: 4320, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.667 Engine:EMS scan for process: svchost pid: 4396, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.670 Engine:EMS scan for process: svchost pid: 4568, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.672 Engine:EMS scan for process: svchost pid: 5448, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.675 Engine:EMS scan for process: dllhost pid: 2480, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.678 Engine:EMS scan for process: svchost pid: 7148, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.680 Engine:EMS scan for process: svchost pid: 1356, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.682 Engine:EMS scan for process: svchost pid: 1084, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.684 Engine:EMS scan for process: svchost pid: 6444, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.687 Engine:EMS scan for process: svchost pid: 1924, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.690 Engine:EMS scan for process: svchost pid: 7616, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.691 Engine:EMS scan for process: svchost pid: 7768, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.699 Engine:EMS scan for process: svchost pid: 1392, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.702 Engine:EMS scan for process: svchost pid: 3504, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.705 Engine:EMS scan for process: svchost pid: 8332, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.709 Engine:EMS scan for process: svchost pid: 8168, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.711 Engine:EMS scan for process: svchost pid: 7980, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.714 Engine:EMS scan for process: svchost pid: 7700, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.716 Engine:EMS scan for process: svchost pid: 12000, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.719 Engine:EMS scan for process: svchost pid: 7692, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.722 Engine:EMS scan for process: svchost pid: 13524, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.729 Engine:EMS scan for process: dllhost pid: 12048, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.730 Engine:EMS scan for process: dllhost pid: 13580, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.731 Engine:EMS scan for process: svchost pid: 7696, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.732 Engine:EMS scan for process: svchost pid: 12648, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.734 Engine:EMS scan for process: svchost pid: 8216, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.735 Engine:EMS scan for process: explorer pid: 12260, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.832 Engine:EMS scan for process: svchost pid: 7244, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.836 Engine:EMS scan for process: svchost pid: 12008, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.842 Engine:EMS scan for process: svchost pid: 14620, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.844 Engine:EMS scan for process: svchost pid: 14264, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.847 Engine:EMS scan for process: svchost pid: 15100, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.854 Engine:EMS scan for process: explorer pid: 13680, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-04T23:11:05.883 Engine:EMS scan for process: svchost pid: 12692, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 Internal signature match:subtype=Lowfi, sigseq=0x0000157EF1BEF48F, sigsha=88199b23bf19d286f43e8f883776ee295b1669db, cached=false, source=0, resourceid=0xdb500b9d Internal signature match:subtype=Lowfi, sigseq=0x0000AAE7671D16B6, sigsha=3c5f73131fd9b5bec7ddb911a1fa2acc81ec3877, cached=false, source=0, resourceid=0x0e3a6362 2026-02-04T23:12:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) Internal signature match:subtype=Lowfi, sigseq=0x0000157EF1BEF48F, sigsha=88199b23bf19d286f43e8f883776ee295b1669db, cached=false, source=0, resourceid=0xc742a477 Internal signature match:subtype=Lowfi, sigseq=0x000078E7B6D8B30B, sigsha=7e39caa16cef41cd13040adae6e049354306a445, cached=false, source=0, resourceid=0xc742a477 2026-02-04T23:15:22.503 QuickScan:ScanID:C18952D0-3121-4B42-BA52-06E6DF5258D7: Quick scan finished with error 0 2026-02-04T23:15:23.070 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-04T23:15:23.070 [RTP] Duplicating the current plugin configuration object... 2026-02-04T23:15:23.070 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-04T23:15:23.070 [RTP] Updating plugin configuration due to recent config changes (0x20) ... 2026-02-04T23:15:23.090 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-04T23:15:23.090 [RTP] No config change detected. Not updating plugin configuration. 2026-02-04T23:15:23.090 [RTP] No config changes found. No configuration switch. 2026-02-04T23:15:23.090 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x20, Changed: 0 2026-02-04T23:27:10.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T23:42:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-04T23:57:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T00:12:25.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T00:27:30.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T00:42:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T00:57:40.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T01:12:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T01:27:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T01:42:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T01:58:00.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T02:13:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T02:28:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T02:43:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T02:58:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T03:13:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T03:28:30.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T03:43:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T03:58:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T04:13:45.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T04:28:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T04:43:55.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T04:59:00.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T05:14:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T05:29:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T05:44:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T05:59:20.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T06:14:25.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T06:29:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T06:44:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T06:59:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T07:14:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T07:29:50.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T07:44:55.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T08:00:00.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T08:15:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T08:30:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T08:45:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T09:00:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T09:15:25.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T09:30:30.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T09:45:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T10:00:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T10:15:45.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T10:30:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T10:45:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T11:01:00.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T11:16:05.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T11:31:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T11:46:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T12:01:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T12:16:25.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T12:31:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T12:46:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T13:01:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T13:04:22.293 [AutoPurge] Routine task for Cache Maintenance has started. 2026-02-05T13:04:22.293 [AutoPurge] Cleanup Routine tasks have started. 2026-02-05T13:04:22.293 [AutoPurge] Verification Routine tasks have started. 2026-02-05T13:04:22.293 [AutoPurge] Routine task for Cache Maintenance ... 2026-02-05T13:04:22.293 [AutoPurge] Routine task for MpSFCBuild ... 2026-02-05T13:04:22.293 [AutoPurge] MpCmIsBuildCompleted() - S_OK 2026-02-05T13:04:22.293 [AutoPurge] MpSignalMaintenanceMode ...ApplyDefenderProcessTokenTrustLableAce succeeded to set. 2026-02-05T13:04:23.340 Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0) 2026-02-05T13:04:23.534 [AutoPurge] Purged 0 expired detection item(s) from a total of 0. 2026-02-05T13:04:23.551 [AutoPurge] 0 expired file(s) deleted under C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store (total: 0, expiration in 86400 seconds) Beginning quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Target: Flags:65538 Start time:02-05-2026 13:04:23 Finished quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Result:0 End time:02-05-2026 13:04:23 2026-02-05T13:04:23.812 [PlatUpd] Purging orphaned platform update directories under C:\ProgramData\Microsoft\Windows Defender\Platform ... 2026-02-05T13:04:23.812 [PlatUpd] Not purging current location C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0 ... 2026-02-05T13:04:23.812 [PlatUpd] Not purging backup location C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.5-0 ... 2026-02-05T13:04:23.812 [PlatUpd] Deleting orphaned platform update directory C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25100.9008-0 ... 2026-02-05T13:04:23.844 [PlatUpd] Purging orphaned platform update directories under C:\Program Files\Windows Defender\Platform ... 2026-02-05T13:04:23.845 [AutoPurge] Cleanup Routine tasks have ended. 2026-02-05T13:04:24.673 EnsureProtectedFolderAcls(), hr = 0x0 2026-02-05T13:04:24.674 [AutoPurge] MpReinforceServiceAcls: 0 2026-02-05T13:04:24.684 [AutoPurge] Readded platform files to MOAC after ACL enforcement. hr=0 2026-02-05T13:04:24.730 [AutoPurge] SendHeartbeatTelemetryIfDue failed. hr = 0x80508015 2026-02-05T13:04:24.750 [AutoPurge] Removing expired default signature package ... 2026-02-05T13:04:27.426 Job Notification: New process added to job (17216) 2026-02-05T13:04:29.360 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-shlwapi-legacy-l1-1-0.dll", hr=0x0 2026-02-05T13:04:29.668 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\pcat\pt-br\memtest.exe.mui", hr=0x0 2026-02-05T13:04:34.305 Job Notification: Process exited from job (17216) 2026-02-05T13:04:34.797 [AutoPurge] Verification Routine tasks have ended. 2026-02-05T13:04:35.177 Engine:Setting original file name "memdiag.exe" for "c:\windows\winsxs\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.17763.107_sv-se_1b4fcd368d229221\memtest.exe.mui", hr=0x0 2026-02-05T13:04:38.391 Engine:Setting original file name "MSIDENT.DLL.MUI" for "c:\windows\system32\en-us\msidntld.dll.mui", hr=0x0 2026-02-05T13:04:38.761 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-interlocked-l1-1-0.dll", hr=0x0 2026-02-05T13:04:38.975 Engine:Setting original file name "Windows SDK" for "c:\windows\system32\winmetadata\windows.services.winmd", hr=0x0 2026-02-05T13:04:42.253 Engine:Setting original file name "WIADSS DLL" for "c:\windows\syswow64\en-us\wiadss.dll.mui", hr=0x0 2026-02-05T13:04:42.712 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\pcat\fi-fi\memtest.exe.mui", hr=0x0 2026-02-05T13:04:46.185 Engine:Setting original file name ""MTF.DYNLINK"" for "c:\windows\winsxs\amd64_microsoft-windows-mtf_31bf3856ad364e35_10.0.17763.7919_none_f5cf7ad52d5df808\mtf.dll", hr=0x0 2026-02-05T13:04:48.161 Engine:Setting original file name "outllibr.dll" for "c:\program files\microsoft office\root\office16\outllibr.common.dll", hr=0x0 2026-02-05T13:04:56.281 Engine:Setting original file name "Audio_DiagPackage.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-a..iagnostic.resources_31bf3856ad364e35_10.0.17763.1_en-us_07405ada24951d3a\diagpackage.dll.mui", hr=0x0 2026-02-05T13:04:56.653 Engine:Setting original file name "ir41_32.ax.mui" for "c:\windows\winsxs\x86_microsoft-windows-i..o4-codecs.resources_31bf3856ad364e35_10.0.17763.1_en-us_92a66f78f66fddfc\ir41_32original.dll.mui", hr=0x0 2026-02-05T13:04:56.743 Engine:Setting original file name "Adobe PDF Toolbar for IE" for "c:\program files\common files\adobe\acrobat\wcieactivex\dc\acroiefavclient.dll", hr=0x0 2026-02-05T13:04:59.798 Engine:Setting original file name "DeviceCategories.dll" for "c:\windows\syswow64\ddores.dll", hr=0x0 2026-02-05T13:05:00.699 Engine:Setting original file name "SharedPC.CredentialProvider.dll.MUI" for "c:\windows\winsxs\amd64_microsoft-windows-s..lprovider.resources_31bf3856ad364e35_10.0.17763.1_en-us_dee4accf766e94d4\windows.sharedpc.credentialprovider.dll.mui", hr=0x0 2026-02-05T13:05:00.810 Engine:Setting original file name "AppSharingChromeHookController.exe" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\appsharinghookcontroller.exe", hr=0x0 2026-02-05T13:05:01.458 Engine:Setting original file name "msvcr100_clr0400.dll" for "c:\windows\syswow64\msvcr100.dll", hr=0x0 2026-02-05T13:05:01.917 Engine:Setting original file name "RasCredProv" for "c:\windows\winsxs\wow64_microsoft-windows-rasplap-mui.resources_31bf3856ad364e35_10.0.17763.1_en-us_8b7b75796fafa195\rasplap.dll.mui", hr=0x0 2026-02-05T13:05:02.970 Engine:Setting original file name "WMIC.exe" for "c:\windows\system32\wbem\wmic.exe", hr=0x0 2026-02-05T13:05:09.280 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-security-base-l1-1-0.dll", hr=0x0 2026-02-05T13:05:12.888 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-realtime-l1-1-0.dll", hr=0x0 2026-02-05T13:05:13.029 Engine:Setting original file name "aero.msstyles" for "c:\windows\resources\themes\aero\aerolite.msstyles", hr=0x0 2026-02-05T13:05:13.112 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\pcat\de-de\memtest.exe.mui", hr=0x0 2026-02-05T13:05:14.100 Engine:Setting original file name "WLRMNDR.EXE" for "c:\windows\winsxs\amd64_microsoft-windows-winlogon-tools_31bf3856ad364e35_10.0.17763.1697_none_e1e870c05edca249\wlrmdr.exe", hr=0x0 2026-02-05T13:05:15.908 Engine:Setting original file name "hiberrsm.exe" for "c:\windows\system32\boot\en-us\winresume.efi.mui", hr=0x0 2026-02-05T13:05:17.440 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\de-de\memtest.efi.mui", hr=0x0 2026-02-05T13:05:18.178 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_6208593b31ff9592\api-ms-win-security-lsapolicy-l1-1-0.dll", hr=0x0 2026-02-05T13:05:18.529 Engine:Setting original file name "hiberrsm.exe" for "c:\windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.17763.8146_none_a8cce3593e637340\winresume.exe", hr=0x0 2026-02-05T13:05:18.585 Engine:Setting original file name "dcficons.exe" for "c:\program files\microsoft office\root\vfs\windows\installer\{90160000-000f-0000-1000-0000000ff1ce}\dbcicons.exe", hr=0x0 2026-02-05T13:05:19.016 Engine:Setting original file name "LicensingWinRuntime.dll" for "c:\windows\winsxs\amd64_microsoft-windows-security-spp-ux_31bf3856ad364e35_10.0.17763.7919_none_a90e016670d2a7af\licensingwinrt.dll", hr=0x0 2026-02-05T13:05:20.018 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-comm-l1-1-0.dll", hr=0x0 2026-02-05T13:05:21.812 Engine:Setting original file name "Microsoft.JScript.dll" for "c:\windows\winsxs\x86_netfx-scripting_engine_tlb_b03f5f7f11d50a3a_10.0.17763.1_none_71a956c570486d6b\microsoft.jscript.tlb", hr=0x0 2026-02-05T13:05:23.240 Engine:Setting original file name "PresentationNative" for "c:\manager\licence\bin\presentationnative_cor3.dll", hr=0x0 2026-02-05T13:05:23.848 Engine:Setting original file name "dpmodemx.dll" for "c:\windows\syswow64\dplaysvr.exe", hr=0x0 2026-02-05T13:05:24.341 Engine:Setting original file name "lhdfrgui.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-d..g-adminui.resources_31bf3856ad364e35_10.0.17763.1_en-us_a91c08b0bd0d09ea\dfrgui.exe.mui", hr=0x0 2026-02-05T13:05:24.495 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.media.winmd", hr=0x0 2026-02-05T13:05:24.834 Engine:Setting original file name "msfltr32.acm" for "c:\windows\winsxs\amd64_microsoft-windows-audio-mmecore-acm_31bf3856ad364e35_10.0.17763.1_none_d1ab73043932dad7\msacm32.dll", hr=0x0 2026-02-05T13:05:26.257 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-crt-filesystem-l1-1-0.dll", hr=0x0 2026-02-05T13:05:27.344 Engine:Setting original file name "gdi32" for "c:\windows\syswow64\gdi32full.dll", hr=0x0 2026-02-05T13:05:29.551 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-kernel32-private-l1-1-0.dll", hr=0x0 2026-02-05T13:05:33.150 Engine:Setting original file name "setup" for "c:\users\administrator\downloads\programs\python-3.12.1-amd64.exe", hr=0x0 2026-02-05T13:05:34.472 Engine:Setting original file name "dpmodemx.dll" for "c:\windows\syswow64\dpnaddr.dll", hr=0x0 2026-02-05T13:05:35.514 Engine:Setting original file name "System.Drawing.dll" for "c:\windows\microsoft.net\framework64\v2.0.50727\system.drawing.tlb", hr=0x0 2026-02-05T13:05:35.849 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.perception.winmd", hr=0x0 2026-02-05T13:05:36.763 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-datetime-l1-1-1.dll", hr=0x0 2026-02-05T13:05:36.919 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.security.winmd", hr=0x0 2026-02-05T13:05:37.309 Engine:Setting original file name "RRASUPG.DLL" for "c:\windows\winsxs\amd64_microsoft-windows-rasserver_31bf3856ad364e35_10.0.17763.8024_none_f9585f663982f226\rasmigplugin.dll", hr=0x0 2026-02-05T13:05:38.072 Engine:Setting original file name "osloader.exe" for "c:\windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.17763.8146_none_a8cce3593e637340\winload.exe", hr=0x0 2026-02-05T13:05:40.290 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-heap-obsolete-l1-1-0.dll", hr=0x0 2026-02-05T13:05:40.892 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-threadpool-private-l1-1-0.dll", hr=0x0 2026-02-05T13:05:40.931 Engine:Setting original file name "Video_DiagPackage.dll.mui" for "c:\windows\diagnostics\system\video\en-us\diagpackage.dll.mui", hr=0x0 2026-02-05T13:05:42.908 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-io-l1-1-0.dll", hr=0x0 2026-02-05T13:05:44.533 Engine:Setting original file name "WEXTRACT.EXE .MUI" for "c:\windows\winsxs\amd64_microsoft-windows-ie-iexpress.resources_31bf3856ad364e35_11.0.17763.1_en-us_483cea70e7d68328\wextract.exe.mui", hr=0x0 2026-02-05T13:05:45.595 Engine:Setting original file name "msdxm.ocx" for "c:\windows\system32\dxmasf.dll", hr=0x0 2026-02-05T13:05:45.814 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\api-ms-win-crt-heap-l1-1-0.dll", hr=0x0 2026-02-05T13:05:46.448 Engine:Setting original file name "UccApp.dll" for "c:\program files\microsoft office\root\office16\uccapi.dll", hr=0x0 2026-02-05T13:05:48.042 Engine:Setting original file name "unpnhost.dll.mui" for "c:\windows\system32\en-us\upnphost.dll.mui", hr=0x0 2026-02-05T13:05:48.410 Engine:Setting original file name "mp4sdmod.dll" for "c:\windows\winsxs\amd64_microsoft-windows-mp4sdecd_31bf3856ad364e35_10.0.17763.7919_none_5c34cb3f3f29a7ed\mp4sdecd.dll", hr=0x0 2026-02-05T13:05:49.546 Engine:Setting original file name "UNKNOWN_FILE" for "c:\windows\winsxs\amd64_netfx4-scripting_engine_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_28bfff5fa28f873e\microsoft.jscript.tlb", hr=0x0 2026-02-05T13:05:51.466 Engine:Setting original file name "mscordaccore.dll" for "c:\users\administrator\downloads\compressed\managerserver\mscordaccore_amd64_amd64_8.0.624.26715.dll", hr=0x0 2026-02-05T13:05:51.789 Engine:Setting original file name "Tally Setup" for "c:\program files\tallyprimeeditlog (3)\setup.exe", hr=0x0 2026-02-05T13:05:51.948 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-libraryloader-l1-1-0.dll", hr=0x0 2026-02-05T13:05:53.582 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-eventing-legacy-l1-1-0.dll", hr=0x0 2026-02-05T13:05:58.495 Engine:Setting original file name "audioepb.dll.mui" for "c:\windows\system32\en-us\audioendpointbuilder.dll.mui", hr=0x0 2026-02-05T13:05:58.559 Engine:Setting original file name "ImagingDevices.cpl.mui" for "c:\windows\winsxs\x86_microsoft-windows-i..trolpanel.resources_31bf3856ad364e35_10.0.17763.1_en-us_6bdc508f71f0f023\imagingdevices.exe.mui", hr=0x0 2026-02-05T13:05:59.381 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-timezone-l1-1-0.dll", hr=0x0 2026-02-05T13:06:00.527 Engine:Setting original file name "penusa.dll" for "c:\program files (x86)\common files\microsoft shared\ink\penchs.dll", hr=0x0 2026-02-05T13:06:00.909 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-errorhandling-l1-1-0.dll", hr=0x0 2026-02-05T13:06:01.331 Engine:Setting original file name "MSVidCtl" for "c:\windows\system32\en-us\msvidctl.dll.mui", hr=0x0 2026-02-05T13:06:01.493 Engine:Setting original file name "sbscmp10.dll" for "c:\windows\winsxs\x86_netfx-sbs_sys_enterprisesvc_dll_31bf3856ad364e35_10.0.17763.1_none_f5d0a7ecc59d9f58\sbs_system.enterpriseservices.dll", hr=0x0 2026-02-05T13:06:01.625 Engine:Setting original file name "Windows SDK" for "c:\windows\system32\winmetadata\windows.media.winmd", hr=0x0 2026-02-05T13:06:02.032 Engine:Setting original file name "TARGET_NAME.dll" for "c:\program files\microsoft office\root\office16\cpprestsdk.dll", hr=0x0 2026-02-05T13:06:02.447 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-file-l1-2-1.dll", hr=0x0 2026-02-05T13:06:04.079 Engine:Setting original file name "powershell.exe" for "c:\windows\system32\windowspowershell\v1.0\powershell.exe", hr=0x0 2026-02-05T13:06:06.064 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-eventing-classicprovider-l1-1-0.dll", hr=0x0 2026-02-05T13:06:07.105 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-registry-l2-1-0.dll", hr=0x0 2026-02-05T13:06:07.310 Engine:Setting original file name "SensorsPerformanceEvents.dll.mui" for "c:\windows\system32\en-us\sensorperformanceevents.dll.mui", hr=0x0 2026-02-05T13:06:07.567 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-threadpool-l1-2-0.dll", hr=0x0 2026-02-05T13:06:07.608 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-memory-l1-1-1.dll", hr=0x0 2026-02-05T13:06:07.912 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\api-ms-win-core-file-l2-1-0.dll", hr=0x0 2026-02-05T13:06:08.489 Engine:Setting original file name "LODCTR.DLL.MUI" for "c:\windows\winsxs\amd64_microsoft-windows-p..xecutable.resources_31bf3856ad364e35_10.0.17763.1_en-us_5a008fb4bc58faa4\loadperf.dll.mui", hr=0x0 2026-02-05T13:06:10.054 Engine:Setting original file name "empty" for "c:\manager\licence\bin\clrcompression.dll", hr=0x0 2026-02-05T13:06:12.742 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-memory-l1-1-2.dll", hr=0x0 2026-02-05T13:06:13.180 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-fibers-l1-1-0.dll", hr=0x0 2026-02-05T13:06:14.166 Engine:Setting original file name "Microsoft® Windows® Operating System" for "c:\windows\system32\aitstatic.exe", hr=0x0 2026-02-05T13:06:16.408 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-io-l1-1-0.dll", hr=0x0 2026-02-05T13:06:17.796 Engine:Setting original file name "MSCOREE.DLL" for "c:\windows\winsxs\amd64_netfx-mscoree_tlb_b03f5f7f11d50a3a_10.0.17763.1_none_57db62d5ffb05363\mscoree.tlb", hr=0x0 2026-02-05T13:06:18.012 Engine:Setting original file name "setup" for "c:\programdata\package cache\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}\vc_redist.x86.exe", hr=0x0 2026-02-05T13:06:18.076 Engine:Setting original file name "System.EnterpriseServices.dll" for "c:\windows\winsxs\amd64_netfx4-system_enterpriseservices_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_18a048c882317d25\system.enterpriseservices.tlb", hr=0x0 2026-02-05T13:06:18.830 Engine:Setting original file name "targetmgr" for "c:\windows\winsxs\amd64_microsoft-windows-f..targetmgr.resources_31bf3856ad364e35_10.0.17763.1_en-us_61e66740e8f216f5\targetmgr.exe.mui", hr=0x0 2026-02-05T13:06:19.655 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-c..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_c8bf93a1ea0d4b2f\api-ms-win-core-com-l1-1-0.dll", hr=0x0 2026-02-05T13:06:20.612 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\it-it\memtest.efi.mui", hr=0x0 2026-02-05T13:06:21.023 Engine:Setting original file name "KMDDSP.TSP.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-rasbase.resources_31bf3856ad364e35_10.0.17763.1_en-us_4edd7b2b0dcac8a6_kmddsp.tsp.mui_80ddeedb", hr=0x0 2026-02-05T13:06:21.815 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.devices.winmd", hr=0x0 2026-02-05T13:06:21.972 Engine:Setting original file name "BCP47Lang.dll" for "c:\windows\system32\bcp47langs.dll", hr=0x0 2026-02-05T13:06:23.667 Engine:Setting original file name "HeidiSQL" for "c:\program files (x86)\common files\mariadbshared\heidisql\heidisql.exe", hr=0x0 2026-02-05T13:06:24.968 Engine:Setting original file name "git.exe" for "c:\program files\git\cmd\git-gui.exe", hr=0x0 2026-02-05T13:06:26.210 Engine:Setting original file name "Windows.Internal.ShellCommon.DevicePairingExperienceMEM.dll.MUI" for "c:\windows\system32\en-us\devicepairingexperiencemem.dll.mui", hr=0x0 2026-02-05T13:06:26.262 Engine:Setting original file name "winsqlite3" for "c:\windows\system32\winsqlite3.dll", hr=0x0 2026-02-05T13:06:28.627 Engine:Setting original file name "System.Drawing.dll" for "c:\windows\microsoft.net\framework\v2.0.50727\system.drawing.tlb", hr=0x0 2026-02-05T13:06:30.780 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\zh-tw\msprivs.dll.mui", hr=0x0 2026-02-05T13:06:32.698 Engine:Setting original file name "bootres" for "c:\windows\winsxs\amd64_microsoft-windows-bootres.resources_31bf3856ad364e35_10.0.17763.1_en-us_d28b5274aecae1e5\bootres.dll.mui", hr=0x0 2026-02-05T13:06:34.355 Engine:Setting original file name "Windows SDK" for "c:\windows\system32\winmetadata\windows.storage.winmd", hr=0x0 2026-02-05T13:06:36.070 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\zh-cn\memtest.efi.mui", hr=0x0 2026-02-05T13:06:36.100 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-timezone-l1-1-0.dll", hr=0x0 2026-02-05T13:06:37.472 Engine:Setting original file name "DeviceCategories.dll" for "c:\windows\system32\ddores.dll", hr=0x0 2026-02-05T13:06:37.725 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-url-l1-1-0.dll", hr=0x0 2026-02-05T13:06:37.817 Engine:Setting original file name "PSAPI" for "c:\windows\syswow64\psapi.dll", hr=0x0 2026-02-05T13:06:38.170 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-processthreads-l1-1-2.dll", hr=0x0 2026-02-05T13:06:39.455 Engine:Setting original file name "shimconsole.exe" for "c:\program files\common files\oracle\java\javapath_target_1206494656\java.exe", hr=0x0 2026-02-05T13:06:40.957 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-xstate-l2-1-0.dll", hr=0x0 2026-02-05T13:06:44.638 Engine:Setting original file name "sens.dll.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-sens-service.resources_31bf3856ad364e35_10.0.17763.1_en-us_0607cde57a2ea2cc_sens.dll.mui_64739194", hr=0x0 2026-02-05T13:06:45.145 Engine:Setting original file name "bootstr.exe.mui" for "c:\windows\system32\en-us\bootstr.dll.mui", hr=0x0 2026-02-05T13:06:47.651 Engine:Setting original file name "Adobe PDF Toolbar for IE" for "c:\program files\common files\adobe\acrobat\wcieactivex\dc\x64\acroiefavstub.dll", hr=0x0 2026-02-05T13:06:47.672 Engine:Setting original file name "nbtinfo.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-nbtstat.resources_31bf3856ad364e35_10.0.17763.1_en-us_ac36a91c73bfce21\nbtstat.exe.mui", hr=0x0 2026-02-05T13:06:47.881 Engine:Setting original file name "NearByShareExperience.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-i..xperience.resources_31bf3856ad364e35_10.0.17763.1_en-us_eca21517d6d5f82e\microsoft-windows-internal-shell-nearshareexperience.dll.mui", hr=0x0 2026-02-05T13:06:49.942 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-processthreads-l1-1-2.dll", hr=0x0 2026-02-05T13:06:50.621 Engine:Setting original file name ""mshwLatin.dll".mui" for "c:\program files (x86)\common files\microsoft shared\ink\en-us\mshwlatin.dll.mui", hr=0x0 2026-02-05T13:06:53.267 Engine:Setting original file name "WindowsSpeakerReco.dll" for "c:\program files\microsoft office\root\office16\windowsspeakerrecosdk.dll", hr=0x0 2026-02-05T13:06:53.421 Engine:Setting original file name "WIADSS DLL" for "c:\windows\winsxs\amd64_microsoft-windows-w..aincompat.resources_31bf3856ad364e35_10.0.17763.1_en-us_42a2f01362154e35\wiadss.dll.mui", hr=0x0 2026-02-05T13:06:53.733 Engine:Setting original file name "WerMgr" for "c:\windows\system32\wermgr.exe", hr=0x0 2026-02-05T13:06:54.033 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-eventlog-legacy-l1-1-0.dll", hr=0x0 2026-02-05T13:06:54.587 Engine:Setting original file name "ScreenMagnifier.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-magnify.resources_31bf3856ad364e35_10.0.17763.1_en-us_e652eaab44cc724a\magnify.exe.mui", hr=0x0 2026-02-05T13:06:55.308 Engine:Setting original file name "MMFUtil.exe.mui" for "c:\windows\winsxs\wow64_microsoft-windows-w..t-snapins.resources_31bf3856ad364e35_10.0.17763.1_en-us_d3fb56d7d58de414\mmfutil.dll.mui", hr=0x0 2026-02-05T13:06:58.689 Engine:Setting original file name "DefaultGPOFix" for "c:\windows\winsxs\x86_microsoft-windows-g..o-restore.resources_31bf3856ad364e35_10.0.17763.1_en-us_6321be2e49b57bc1\dcgpofix.exe.mui", hr=0x0 2026-02-05T13:06:59.293 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\qps-ploc\memtest.efi.mui", hr=0x0 2026-02-05T13:07:01.024 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\fi-fi\memtest.efi.mui", hr=0x0 2026-02-05T13:07:01.630 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\office16\api-ms-win-core-localization-l1-2-0.dll", hr=0x0 2026-02-05T13:07:02.635 Engine:Setting original file name "user32" for "c:\windows\syswow64\user32.dll", hr=0x0 2026-02-05T13:07:03.113 Engine:Setting original file name "Windows.StateRepositoryBroker.dll" for "c:\windows\system32\windows.staterepositoryclient.dll", hr=0x0 2026-02-05T13:07:05.905 Engine:Setting original file name "security.dll" for "c:\windows\syswow64\sspicli.dll", hr=0x0 2026-02-05T13:07:07.699 Engine:Setting original file name "Microsoft® Windows® Operating System" for "c:\windows\winsxs\amd64_microsoft-windows-a..on-logger.resources_31bf3856ad364e35_10.0.17763.1_en-us_8a5e32c180625499\aeevts.dll.mui", hr=0x0 2026-02-05T13:07:09.458 Engine:Setting original file name "clusapi" for "c:\windows\system32\en-us\clusapi.dll.mui", hr=0x0 2026-02-05T13:07:09.982 Engine:Setting original file name "filterLib.dll" for "c:\windows\syswow64\fltlib.dll", hr=0x0 2026-02-05T13:07:13.449 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-crt-stdio-l1-1-0.dll", hr=0x0 2026-02-05T13:07:14.456 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\office16\api-ms-win-crt-private-l1-1-0.dll", hr=0x0 2026-02-05T13:07:15.710 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-synch-l1-1-0.dll", hr=0x0 2026-02-05T13:07:15.809 Engine:Setting original file name "user32" for "c:\windows\system32\user32.dll", hr=0x0 2026-02-05T13:07:15.819 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_6208593b31ff9592\api-ms-win-eventing-controller-l1-1-0.dll", hr=0x0 2026-02-05T13:07:18.491 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-shlwapi-obsolete-l1-1-0.dll", hr=0x0 2026-02-05T13:07:18.622 Engine:Setting original file name "setup" for "c:\program files\google\chrome\application\144.0.7559.112\installer\setup.exe", hr=0x0 2026-02-05T13:07:19.694 Engine:Setting original file name "netcfgx.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-tcpip.resources_31bf3856ad364e35_10.0.17763.1_en-us_bd08633e254d6a99\tcpipcfg.dll.mui", hr=0x0 2026-02-05T13:07:21.123 Engine:Setting original file name " " for "c:\program files\microsoft vs code\unins000.exe", hr=0x0 2026-02-05T13:07:21.327 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-processenvironment-l1-2-0.dll", hr=0x0 2026-02-05T13:07:21.888 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\api-ms-win-crt-multibyte-l1-1-0.dll", hr=0x0 2026-02-05T13:07:22.050 Engine:Setting original file name "Tally Setup" for "c:\program files\tallyprimeeditlog (2)\setup.exe", hr=0x0 2026-02-05T13:07:22.405 Engine:Setting original file name "MSCOREE.DLL" for "c:\windows\winsxs\x86_netfx4-mscoree_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_d337c9373f0e13b8\mscoree.tlb", hr=0x0 2026-02-05T13:07:28.887 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\nl-nl\memtest.efi.mui", hr=0x0 2026-02-05T13:07:29.317 Engine:Setting original file name "CertPKICmdlet" for "c:\windows\winsxs\amd64_microsoft.certifica..ts.native.resources_31bf3856ad364e35_10.0.17763.1_en-us_c877ddc9c9d4decb\certpkicmdlet.dll.mui", hr=0x0 2026-02-05T13:07:30.389 Engine:Setting original file name "w32time.dll.mui" for "c:\windows\system32\en-us\w32tm.exe.mui", hr=0x0 2026-02-05T13:07:32.437 Engine:Setting original file name "sbscmp10.dll" for "c:\windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.17763.1_none_fb1eb83d06e1a353\sharedreg12.dll", hr=0x0 2026-02-05T13:07:32.732 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\x86_microsoft-windows-o..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_d5c4712a21f80a67\api-ms-win-shcore-stream-l1-1-0.dll", hr=0x0 2026-02-05T13:07:33.446 Engine:Setting original file name "DWrite" for "c:\windows\system32\en-us\dwrite.dll.mui", hr=0x0 2026-02-05T13:07:35.431 Engine:Setting original file name "XLCALL.DLL" for "c:\program files\microsoft office\root\office16\xlcall32.dll", hr=0x0 2026-02-05T13:07:35.859 Engine:Setting original file name ""EventTracingManagement.dll".mui" for "c:\windows\winsxs\amd64_microsoft-windows-e..2provider.resources_31bf3856ad364e35_10.0.17763.1_en-us_4338e3bad64c10c7\eventtracingmanagement.dll.mui", hr=0x0 2026-02-05T13:07:36.315 Engine:Setting original file name "Windows SDK" for "c:\windows\system32\winmetadata\windows.data.winmd", hr=0x0 2026-02-05T13:07:37.591 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-file-l2-1-1.dll", hr=0x0 2026-02-05T13:07:39.738 Engine:Setting original file name "libssl" for "c:\program files (x86)\internet download manager\libssl.dll", hr=0x0 2026-02-05T13:07:40.426 Engine:Setting original file name "sqlaccess" for "c:\windows\winsxs\amd64_microsoft-windows-wid_31bf3856ad364e35_10.0.17763.1_none_9870f12fb40ec83a\sqlaccess.dll", hr=0x0 2026-02-05T13:07:40.667 Engine:Setting original file name "MFC40.DLL.MUI" for "c:\windows\syswow64\en-us\mfc40u.dll.mui", hr=0x0 2026-02-05T13:07:40.766 Engine:Setting original file name "idmmzcc.dll" for "c:\program files (x86)\internet download manager\idmmzcc7_64.dll", hr=0x0 2026-02-05T13:07:40.856 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-debug-l1-1-1.dll", hr=0x0 2026-02-05T13:07:41.797 Engine:Setting original file name "URLRedirection.dll" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\urlredir.dll", hr=0x0 2026-02-05T13:07:41.902 Engine:Setting original file name "penusa.dll" for "c:\program files (x86)\common files\microsoft shared\ink\pipres.dll", hr=0x0 2026-02-05T13:07:42.432 Engine:Setting original file name "MSACC9.OLB" for "c:\program files\microsoft office\root\office16\msacc.olb", hr=0x0 2026-02-05T13:07:44.584 Engine:Setting original file name "Apphelp" for "c:\windows\winsxs\backup\wow64_microsoft-windows-a..structure.resources_31bf3856ad364e35_10.0.17763.1_en-us_f342dcde232b0063_apphelp.dll.mui_59096153", hr=0x0 2026-02-05T13:07:45.035 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_6208593b31ff9592\api-ms-win-security-cryptoapi-l1-1-0.dll", hr=0x0 2026-02-05T13:07:45.631 Engine:Setting original file name "imapi.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-i..egacyshim.resources_31bf3856ad364e35_10.0.17763.1_en-us_143a195f713bf014\imapi.dll.mui", hr=0x0 2026-02-05T13:07:46.775 Engine:Setting original file name "TSSignTool.exe.mui" for "c:\windows\system32\en-us\rdpsign.exe.mui", hr=0x0 2026-02-05T13:07:47.450 Engine:Setting original file name "msvcr100_clr0400.dll" for "c:\windows\system32\msvcr100.dll", hr=0x0 2026-02-05T13:07:50.477 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\office16\api-ms-win-core-processthreads-l1-1-1.dll", hr=0x0 2026-02-05T13:07:51.757 Engine:Setting original file name "Microsoft.Vsa.dll" for "c:\windows\microsoft.net\framework64\v2.0.50727\microsoft.vsa.tlb", hr=0x0 2026-02-05T13:07:52.154 Engine:Setting original file name "filterLib.dll.mui" for "c:\windows\system32\en-us\fltlib.dll.mui", hr=0x0 2026-02-05T13:07:52.904 Engine:Setting original file name ""TextInputFramework.DYNLINK"" for "c:\windows\system32\textinputframework.dll", hr=0x0 2026-02-05T13:07:53.201 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-processthreads-l1-1-1.dll", hr=0x0 2026-02-05T13:07:55.770 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-eventing-controller-l1-1-0.dll", hr=0x0 2026-02-05T13:07:56.098 Engine:Setting original file name "PCW_DiagPackage.dll.mui" for "c:\windows\diagnostics\system\pcw\en-us\diagpackage.dll.mui", hr=0x0 2026-02-05T13:08:00.016 Engine:Setting original file name "WUDFHost.exe.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-d..-usermode.resources_31bf3856ad364e35_10.0.17763.1_en-us_b7aa707aafd4e071_wudfhost.exe.mui_1fc689ff", hr=0x0 2026-02-05T13:08:00.520 Engine:Setting original file name "git.exe" for "c:\program files\git\cmd\scalar.exe", hr=0x0 2026-02-05T13:08:00.889 Engine:Setting original file name "sbscmp10.dll" for "c:\windows\winsxs\x86_netfx-sbs_mscorrc_dll_31bf3856ad364e35_10.0.17763.1_none_36012ac10d1b059e\sbs_mscorrc.dll", hr=0x0 2026-02-05T13:08:01.301 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\office16\api-ms-win-crt-stdio-l1-1-0.dll", hr=0x0 2026-02-05T13:08:01.839 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-service-management-l1-1-0.dll", hr=0x0 2026-02-05T13:08:02.168 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-delayload-l1-1-0.dll", hr=0x0 2026-02-05T13:08:03.136 Engine:Setting original file name "evcreate.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-eventcreate.resources_31bf3856ad364e35_10.0.17763.1_en-us_093c3fa01f64dd5f\eventcreate.exe.mui", hr=0x0 2026-02-05T13:08:08.759 Engine:Setting original file name "MSPPT12.OLB" for "c:\program files\microsoft office\root\office16\msppt.olb", hr=0x0 2026-02-05T13:08:09.845 Engine:Setting original file name "MrmCore.dll" for "c:\windows\syswow64\mrmcorer.dll", hr=0x0 2026-02-05T13:08:09.860 Engine:Setting original file name "penusa.dll" for "c:\program files (x86)\common files\microsoft shared\ink\skchobj.dll", hr=0x0 2026-02-05T13:08:10.923 Engine:Setting original file name "CLEANMGR.DLL.MUI" for "c:\windows\system32\en-us\cleanmgr.exe.mui", hr=0x0 2026-02-05T13:08:11.150 Engine:Setting original file name "Android Studio" for "c:\program files\android\android studio\uninstall.exe", hr=0x0 2026-02-05T13:08:11.875 Engine:Setting original file name "ServDeps.exe.mui" for "c:\windows\winsxs\wow64_microsoft-windows-w..t-snapins.resources_31bf3856ad364e35_10.0.17763.1_en-us_d3fb56d7d58de414\servdeps.dll.mui", hr=0x0 2026-02-05T13:08:15.258 Engine:Setting original file name "AppVEntSubsystems.dll" for "c:\windows\syswow64\appventsubsystems32.dll", hr=0x0 2026-02-05T13:08:15.553 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-profile-l1-1-0.dll", hr=0x0 2026-02-05T13:08:17.084 Engine:Setting original file name ".NET Host Policy - 5.0.0" for "c:\manager\licence\bin\hostpolicy.dll", hr=0x0 2026-02-05T13:08:17.732 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-handle-l1-1-0.dll", hr=0x0 2026-02-05T13:08:17.924 Engine:Setting original file name "oledsldp" for "c:\windows\system32\en-us\adsmsext.dll.mui", hr=0x0 2026-02-05T13:08:18.092 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-memory-l1-1-2.dll", hr=0x0 2026-02-05T13:08:18.256 Engine:Setting original file name "VpnSohDesktop.dll.mui" for "c:\windows\system32\en-us\windows.perception.stub.dll.mui", hr=0x0 2026-02-05T13:08:18.295 Engine:Setting original file name "CertCli" for "c:\windows\system32\en-us\certcli.dll.mui", hr=0x0 2026-02-05T13:08:20.582 Engine:Setting original file name "iccvid.drv.mui" for "c:\windows\syswow64\en-us\iccvid.dll.mui", hr=0x0 2026-02-05T13:08:20.922 Engine:Setting original file name "setup" for "c:\programdata\package cache\{e7a7b1c1-36dd-4cae-bfcb-8bc676ab68c3}\powershell-7.5.4-win-x64.exe", hr=0x0 2026-02-05T13:08:20.966 Engine:Setting original file name "mavinject64.exe" for "c:\windows\system32\mavinject.exe", hr=0x0 2026-02-05T13:08:21.087 Engine:Setting original file name "AppVEntSubsystems.dll" for "c:\windows\system32\appventsubsystems64.dll", hr=0x0 2026-02-05T13:08:21.436 Engine:Setting original file name "winsqlite3" for "c:\windows\winsxs\wow64_microsoft-windows-winsqlite3_31bf3856ad364e35_10.0.17763.5696_none_6e26d5082fb1d30b\winsqlite3.dll", hr=0x0 2026-02-05T13:08:22.404 Engine:Setting original file name "audioadg.exe.mui" for "c:\windows\system32\en-us\audiodg.exe.mui", hr=0x0 2026-02-05T13:08:22.519 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.data.winmd", hr=0x0 2026-02-05T13:08:23.483 Engine:Setting original file name "FX_VER_INTERNALNAME_STR" for "c:\manager\licence\bin\mscorrc.dll", hr=0x0 2026-02-05T13:08:25.182 Engine:Setting original file name "GitHub Desktop" for "c:\users\administrator\appdata\local\githubdesktop\githubdesktop.exe", hr=0x0 2026-02-05T13:08:25.339 Engine:Setting original file name "MSCORLIB.DLL" for "c:\windows\winsxs\x86_netfx4-mscorlib_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_53015c3aad4760ed\mscorlib.tlb", hr=0x0 2026-02-05T13:08:26.510 Engine:Setting original file name "dxmasf.dll" for "c:\windows\syswow64\msdxm.ocx", hr=0x0 2026-02-05T13:08:28.547 Engine:Setting original file name "gprslt.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-g..linetools.resources_31bf3856ad364e35_10.0.17763.1_en-us_84d8c08cfe8bdc4e\gpresult.exe.mui", hr=0x0 2026-02-05T13:08:30.051 Engine:Setting original file name "SSystemPropertiesProtection.EXE.MUI" for "c:\windows\system32\en-us\systempropertiesprotection.exe.mui", hr=0x0 2026-02-05T13:08:30.200 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-datetime-l1-1-1.dll", hr=0x0 2026-02-05T13:08:31.264 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\api-ms-win-crt-filesystem-l1-1-0.dll", hr=0x0 2026-02-05T13:08:31.344 Engine:Setting original file name "UNKNOWN_FILE" for "c:\windows\winsxs\x86_netfx-sys_windows_forms_tlb_b03f5f7f11d50a3a_10.0.17763.1_none_54001bc1d6d8ab30\system.windows.forms.tlb", hr=0x0 2026-02-05T13:08:32.650 Engine:Setting original file name "mpg4dmod.dll" for "c:\windows\system32\mp43decd.dll", hr=0x0 2026-02-05T13:08:33.834 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-sysinfo-l1-2-0.dll", hr=0x0 2026-02-05T13:08:34.038 Engine:Setting original file name "WMIC.exe" for "c:\windows\winsxs\wow64_microsoft-windows-w..ommand-line-utility_31bf3856ad364e35_10.0.17763.1_none_9cc4699659612012\wmic.exe", hr=0x0 2026-02-05T13:08:34.339 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-shutdown-l1-1-0.dll", hr=0x0 2026-02-05T13:08:36.188 Engine:Setting original file name "ndisimplatwmi.DLL.MUI" for "c:\windows\syswow64\wbem\en-us\ndisimplatcim.dll.mui", hr=0x0 2026-02-05T13:08:36.860 Engine:Setting original file name "mscordaccore.dll" for "c:\users\administrator\downloads\compressed\managerserver-win-x64_10\mscordaccore_amd64_amd64_8.0.724.31311.dll", hr=0x0 2026-02-05T13:08:37.076 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-stringansi-l1-1-0.dll", hr=0x0 2026-02-05T13:08:38.161 Engine:Setting original file name "KSLDriver.sys" for "c:\windows\system32\mpenginestore\mpksldrv.sys", hr=0x0 2026-02-05T13:08:39.662 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\pt-br\msprivs.dll.mui", hr=0x0 2026-02-05T13:08:41.550 Engine:Setting original file name "Tally Setup" for "c:\program files\tallyprimeeditlog (1)\setup.exe", hr=0x0 2026-02-05T13:08:42.195 Engine:Setting original file name "SaveAsWebVML.vsl" for "c:\program files\microsoft office\root\office16\savwbras.dll", hr=0x0 2026-02-05T13:08:42.662 Engine:Setting original file name "msedgeupdate.dll" for "c:\program files (x86)\microsoft\edgeupdate\1.3.217.3\psmachine_64.dll", hr=0x0 2026-02-05T13:08:44.072 Engine:Setting original file name "devinfoset.DLL" for "c:\windows\winsxs\wow64_microsoft-onecore-pnp-devicemanagement_31bf3856ad364e35_10.0.17763.2145_none_9b5bd494641118e6\devobj.dll", hr=0x0 2026-02-05T13:08:44.140 Engine:Setting original file name "Ribbons" for "c:\windows\winsxs\amd64_microsoft-windows-ribbons.resources_31bf3856ad364e35_10.0.17763.1_en-us_ec3052a9df5f4b2c\ribbons.scr.mui", hr=0x0 2026-02-05T13:08:48.676 Engine:Setting original file name "Mystify" for "c:\windows\winsxs\amd64_microsoft-windows-mystify.resources_31bf3856ad364e35_10.0.17763.1_en-us_3eaef1343edc066c\mystify.scr.mui", hr=0x0 2026-02-05T13:08:49.374 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-memory-l1-1-0.dll", hr=0x0 2026-02-05T13:08:51.052 Engine:Setting original file name "SETUP.EXE.MUI" for "c:\windows\syswow64\en-us\setup16.exe.mui", hr=0x0 2026-02-05T13:08:52.139 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-xstate-l1-1-0.dll", hr=0x0 2026-02-05T13:08:53.314 Engine:Setting original file name "FontCacheService" for "c:\windows\system32\en-us\fntcache.dll.mui", hr=0x0 2026-02-05T13:08:55.031 Engine:Setting original file name "BITS_DiagPackage.dll.mui" for "c:\windows\diagnostics\system\bits\en-us\diagpackage.dll.mui", hr=0x0 2026-02-05T13:09:00.018 Engine:Setting original file name "SOA1000.DLL" for "c:\program files\microsoft office\root\office16\soa.dll", hr=0x0 2026-02-05T13:09:00.403 Engine:Setting original file name "MPRDIM.DLL.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-rasserver.resources_31bf3856ad364e35_10.0.17763.1_en-us_6c06fe2b1464c7cc_mprdim.dll.mui_11b5ef08", hr=0x0 2026-02-05T13:09:00.864 Engine:Setting original file name "msvcr100_clr0400.dll" for "c:\program files\microsoft office\root\vfs\system\msvcr100.dll", hr=0x0 2026-02-05T13:09:01.713 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-localization-obsolete-l1-2-0.dll", hr=0x0 2026-02-05T13:09:02.058 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-crt-private-l1-1-0.dll", hr=0x0 2026-02-05T13:09:05.523 Engine:Setting original file name "memdiag.exe" for "c:\windows\winsxs\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.17763.107_ru-ru_7f54e2c195f987c6\memtest.exe.mui", hr=0x0 2026-02-05T13:09:05.755 Engine:Setting original file name "MSJINT40.DLL" for "c:\windows\syswow64\en-us\msjint40.dll.mui", hr=0x0 2026-02-05T13:09:07.084 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\el-gr\msprivs.dll.mui", hr=0x0 2026-02-05T13:09:08.127 Engine:Setting original file name "MediumIL" for "c:\program files (x86)\internet download manager\mediumilstart.exe", hr=0x0 2026-02-05T13:09:08.399 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-crt-conio-l1-1-0.dll", hr=0x0 2026-02-05T13:09:09.830 Engine:Setting original file name "CMMIGR.DLL" for "c:\windows\syswow64\setup\pbkmigr.dll", hr=0x0 2026-02-05T13:09:10.249 Engine:Setting original file name "digsig32.dll" for "c:\program files\microsoft office\root\office16\exsec32.dll", hr=0x0 2026-02-05T13:09:11.419 Engine:Setting original file name "DeviceCategories.dll.mui" for "c:\windows\system32\en-us\ddores.dll.mui", hr=0x0 2026-02-05T13:09:11.789 Engine:Setting original file name "EtwEseProviderResources" for "c:\windows\winsxs\wow64_microsoft-etw-ese.resources_31bf3856ad364e35_10.0.17763.1_en-us_ef6d6d2b6c07370c\etweseproviderresources.dll.mui", hr=0x0 2026-02-05T13:09:16.432 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-processenvironment-l1-2-0.dll", hr=0x0 2026-02-05T13:09:18.542 Engine:Setting original file name "WUDFPf.sys.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-d..-usermode.resources_31bf3856ad364e35_10.0.17763.1_en-us_b7aa707aafd4e071_wudfpf.sys.mui_f61e9e86", hr=0x0 2026-02-05T13:09:19.156 Engine:Setting original file name "TSThemeS.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-t..ces-theme.resources_31bf3856ad364e35_10.0.17763.1_en-us_c2c2ce7a9a17fba3\tstheme.exe.mui", hr=0x0 2026-02-05T13:09:21.382 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-memory-l1-1-1.dll", hr=0x0 2026-02-05T13:09:21.481 Engine:Setting original file name "Microsoft.RightsManagementServices.Admin.SnapinAbout.dll.MUI" for "c:\windows\winsxs\amd64_microsoft-windows-r..resources.resources_31bf3856ad364e35_10.0.17763.1_en-us_55b81315ae52fc40\microsoft.rightsmanagementservices.admin.snapinaboutresource.dll.mui", hr=0x0 2026-02-05T13:09:21.790 Engine:Setting original file name "DynaMon.dll.mui" for "c:\windows\system32\en-us\usbmon.dll.mui", hr=0x0 2026-02-05T13:09:23.572 Engine:Setting original file name "ISOLMIG.DLL" for "c:\windows\syswow64\migisol.dll", hr=0x0 2026-02-05T13:09:23.901 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\pcat\el-gr\memtest.exe.mui", hr=0x0 2026-02-05T13:09:24.104 Engine:Setting original file name "Device_DiagPackage.dll.mui" for "c:\windows\diagnostics\system\device\en-us\diagpackage.dll.mui", hr=0x0 2026-02-05T13:09:28.806 Engine:Setting original file name "Microsoft.JScript.dll" for "c:\windows\winsxs\amd64_netfx-scripting_engine_tlb_b03f5f7f11d50a3a_10.0.17763.1_none_29fc1fee5bcc4465\microsoft.jscript.tlb", hr=0x0 2026-02-05T13:09:28.827 Engine:Setting original file name "ProMgr.dll" for "c:\program files\microsoft office\root\office16\propmgr.dll", hr=0x0 2026-02-05T13:09:29.134 Engine:Setting original file name "WLRMNDR.EXE.MUI" for "c:\windows\winsxs\amd64_microsoft-windows-w..gon-tools.resources_31bf3856ad364e35_10.0.17763.1_en-us_06727a76e9dd94de\wlrmdr.exe.mui", hr=0x0 2026-02-05T13:09:31.862 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\sv-se\memtest.efi.mui", hr=0x0 2026-02-05T13:09:32.152 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-base-util-l1-1-0.dll", hr=0x0 2026-02-05T13:09:33.802 Engine:Setting original file name "SaveAsWebHF.vsl" for "c:\program files\microsoft office\root\office16\savwbhf.dll", hr=0x0 2026-02-05T13:09:34.795 Engine:Setting original file name "libcrypto" for "c:\program files (x86)\internet download manager\libcrypto.dll", hr=0x0 2026-02-05T13:09:35.119 Engine:Setting original file name "Register-CimProvider2.exe.mui" for "c:\windows\winsxs\wow64_microsoft-windows-w..vider-exe.resources_31bf3856ad364e35_10.0.17763.1_en-us_25273528434aea61\register-cimprovider.exe.mui", hr=0x0 2026-02-05T13:09:36.055 Engine:Setting original file name "ProjectModel.dll" for "c:\program files\microsoft office\root\office16\projmodl.dll", hr=0x0 2026-02-05T13:09:36.856 Engine:Setting original file name "gdi32" for "c:\windows\system32\gdi32.dll", hr=0x0 2026-02-05T13:09:37.036 Engine:Setting original file name "schtasks.exe" for "c:\windows\system32\schtasks.exe", hr=0x0 2026-02-05T13:09:37.522 Engine:Setting original file name "utilman2.exe.mui" for "c:\windows\system32\en-us\utilman.exe.mui", hr=0x0 2026-02-05T13:09:40.005 Engine:Setting original file name "dwmcore" for "c:\windows\winsxs\amd64_microsoft-windows-d..ompositor.resources_31bf3856ad364e35_10.0.17763.1_en-us_54404e4dd1f94676\dwmcore.dll.mui", hr=0x0 2026-02-05T13:09:41.911 Engine:Setting original file name " " for "c:\users\administrator\downloads\composer-setup.exe", hr=0x0 2026-02-05T13:09:42.548 Engine:Setting original file name "mapistub.dll" for "c:\windows\system32\mapi32.dll", hr=0x0 2026-02-05T13:09:42.869 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-security-sddl-l1-1-0.dll", hr=0x0 2026-02-05T13:09:43.529 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-threadpool-private-l1-1-0.dll", hr=0x0 2026-02-05T13:09:43.700 Engine:Setting original file name "LyncHtmlConvPxy.cnv" for "c:\program files\microsoft office\root\office16\lynchtmlconvpxy.dll", hr=0x0 2026-02-05T13:09:45.031 Engine:Setting original file name "Adobe PDF Toolbar for IE" for "c:\program files\common files\adobe\acrobat\wcieactivex\dc\x64\acroiefavclient.dll", hr=0x0 2026-02-05T13:09:47.144 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-file-l1-2-1.dll", hr=0x0 2026-02-05T13:09:54.806 Engine:Setting original file name "WindowsUpdate_DiagPackage.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_10.0.17763.1_en-us_72c71197add3cdc6\diagpackage.dll.mui", hr=0x0 2026-02-05T13:09:55.329 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-stringloader-l1-1-1.dll", hr=0x0 2026-02-05T13:09:55.942 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-crt-multibyte-l1-1-0.dll", hr=0x0 2026-02-05T13:09:56.280 Engine:Setting original file name "sbscmp10.dll" for "c:\windows\winsxs\x86_netfx-sbs_wminet_utils_dll_31bf3856ad364e35_10.0.17763.1_none_9542401b25897567\sbs_wminet_utils.dll", hr=0x0 2026-02-05T13:09:57.032 Engine:Setting original file name "Windows.Security.Credentials.UI.CredentialPicker.exe" for "c:\windows\winsxs\wow64_microsoft-windows-s..y-credential-picker_31bf3856ad364e35_10.0.17763.1697_none_0851a88541e7c4ce\windows.security.credentials.ui.credentialpicker.dll", hr=0x0 2026-02-05T13:09:58.953 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\it-it\msprivs.dll.mui", hr=0x0 2026-02-05T13:09:59.037 Engine:Setting original file name "netiougc.exe.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-tcpip.resources_31bf3856ad364e35_10.0.17763.1_en-us_bd08633e254d6a99_netiougc.exe.mui_ad7a9e4d", hr=0x0 2026-02-05T13:09:59.122 Engine:Setting original file name "SR.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-narrator.resources_31bf3856ad364e35_10.0.17763.1_en-us_b71b946ba89732f6\narrator.exe.mui", hr=0x0 2026-02-05T13:10:03.287 Engine:Setting original file name "wersvc" for "c:\windows\system32\en-us\wersvc.dll.mui", hr=0x0 2026-02-05T13:10:05.044 Engine:Setting original file name "spwizres.dll" for "c:\windows\syswow64\spwizimg.dll", hr=0x0 2026-02-05T13:10:05.479 Engine:Setting original file name ".NET Host Resolver - 5.0.0" for "c:\manager\licence\bin\hostfxr.dll", hr=0x0 2026-02-05T13:10:05.648 Engine:Setting original file name "IPRTRMGR.DLL.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-rasserver.resources_31bf3856ad364e35_10.0.17763.1_en-us_6c06fe2b1464c7cc_iprtrmgr.dll.mui_eb023b92", hr=0x0 2026-02-05T13:10:07.638 Engine:Setting original file name "git.exe" for "c:\program files\git\git-cmd.exe", hr=0x0 2026-02-05T13:10:07.938 Engine:Setting original file name "OLBNAME" for "c:\program files\microsoft office\root\office16\msprj.olb", hr=0x0 2026-02-05T13:10:08.039 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-security-lsalookup-l2-1-1.dll", hr=0x0 2026-02-05T13:10:08.699 Engine:Setting original file name "System.Drawing.dll" for "c:\windows\winsxs\amd64_netfx4-system_drawing_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_0c09af3eb391f312\system.drawing.tlb", hr=0x0 2026-02-05T13:10:08.953 Engine:Setting original file name "DefaultGPOFix" for "c:\windows\winsxs\amd64_microsoft-windows-g..o-restore.resources_31bf3856ad364e35_10.0.17763.1_en-us_bf4059b20212ecf7\dcgpofix.exe.mui", hr=0x0 2026-02-05T13:10:09.512 Engine:Setting original file name "iismui" for "c:\windows\winsxs\amd64_microsoft-windows-i..acysnapin.resources_31bf3856ad364e35_10.0.17763.1_en-us_a8454c1deaba74c1\iismui.dll.mui", hr=0x0 2026-02-05T13:10:10.009 Engine:Setting original file name "SgrmEnclave.dll" for "c:\windows\system32\sgrmenclave_secure.dll", hr=0x0 2026-02-05T13:10:12.976 Engine:Setting original file name "idmcchandler.dll" for "c:\program files (x86)\internet download manager\idmcchandler2_64.dll", hr=0x0 2026-02-05T13:10:15.821 Engine:Setting original file name "rasauto.dll.mui" for "c:\windows\winsxs\backup\wow64_microsoft-windows-rasauto-mui.resources_31bf3856ad364e35_10.0.17763.1_en-us_c24c30edd2c9a5f1_rasauto.dll.mui_12fa2c50", hr=0x0 2026-02-05T13:10:16.449 Engine:Setting original file name "MicrosoftEdgeUpdateSetup.exe" for "c:\users\administrator\downloads\programs\microsoftedgesetup.exe", hr=0x0 2026-02-05T13:10:16.819 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\fi-fi\msprivs.dll.mui", hr=0x0 2026-02-05T13:10:17.030 Engine:Setting original file name "davsvc.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-w..r-webclnt.resources_31bf3856ad364e35_10.0.17763.1_en-us_3030de7428c7c284\webclnt.dll.mui", hr=0x0 2026-02-05T13:10:18.061 Engine:Setting original file name "WindowsMediaPlayerPlayDVD_DiagPackage.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_10.0.17763.1_en-us_9181baef114b29b6\diagpackage.dll.mui", hr=0x0 2026-02-05T13:10:18.809 Engine:Setting original file name "WIASERVC.DLL.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-w..eservices.resources_31bf3856ad364e35_10.0.17763.1_en-us_ca1d7e44124f7a48_wiaservc.dll.mui_54051b53", hr=0x0 2026-02-05T13:10:19.761 Engine:Setting original file name "Vulkan Runtime" for "c:\program files\google\chrome\application\144.0.7559.112\vulkan-1.dll", hr=0x0 2026-02-05T13:10:21.630 Engine:Setting original file name "LicProtectorEXE" for "c:\program files\vs revo group\revo uninstaller pro\ruplp.exe", hr=0x0 2026-02-05T13:10:23.945 Engine:Setting original file name "IEBrowseWeb_DiagPackage.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-i..iagnostic.resources_31bf3856ad364e35_10.0.17763.1_en-us_e34220f01fb2b602\diagpackage.dll.mui", hr=0x0 2026-02-05T13:10:24.473 Engine:Setting original file name "OGL" for "c:\program files\microsoft office\root\office16\ocogl.dll", hr=0x0 2026-02-05T13:10:24.886 Engine:Setting original file name "DrvInst.EXE.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-pnp-drvinst.resources_31bf3856ad364e35_10.0.17763.1_en-us_a6aff57dee6bf902_drvinst.exe.mui_e88f4c73", hr=0x0 2026-02-05T13:10:25.054 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-threadpool-legacy-l1-1-0.dll", hr=0x0 2026-02-05T13:10:25.840 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-heap-obsolete-l1-1-0.dll", hr=0x0 2026-02-05T13:10:26.879 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-kernel32-legacy-l1-1-1.dll", hr=0x0 2026-02-05T13:10:28.105 Engine:Setting original file name "partmgr.sys.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-p..onmanager.resources_31bf3856ad364e35_10.0.17763.1_en-us_eef1af88a2cfbd4e_partmgr.sys.mui_b800c491", hr=0x0 2026-02-05T13:10:29.116 Engine:Setting original file name "MPX Interface.DLL" for "c:\program files\microsoft office\root\office16\mpxint.dll", hr=0x0 2026-02-05T13:10:29.141 Engine:Setting original file name "intldate" for "c:\program files\microsoft office\root\office16\ocintldate.dll", hr=0x0 2026-02-05T13:10:29.575 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-string-obsolete-l1-1-0.dll", hr=0x0 2026-02-05T13:10:30.021 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-libraryloader-l1-1-0.dll", hr=0x0 2026-02-05T13:10:30.043 Engine:Setting original file name "pwsh.dll" for "c:\program files\powershell\7\pwsh.exe", hr=0x0 2026-02-05T13:10:30.088 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-processthreads-l1-1-1.dll", hr=0x0 2026-02-05T13:10:34.313 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-service-management-l2-1-0.dll", hr=0x0 2026-02-05T13:10:34.333 OriginalFileName Maintenance::8835 files in Moac, 0 skipped (cached), 319 filename set 2026-02-05T13:10:34.333 [AutoPurge] Routine task for Cache Maintenance has ended. 2026-02-05T13:13:56.139 CheckProductDisabled(fWaitWSC: 0, fRemoveConfigs: 1) ... 2026-02-05T13:13:56.344 [NRI] Stopping NIS service ... 2026-02-05T13:13:56.345 [NRI] Stopping NIS service ... 2026-02-05T13:13:56.345 [NRI] Stopping NIS service ... 2026-02-05T13:13:56.346 [NRI] Stopping NIS service ... 2026-02-05T13:13:56.346 [NRI] Stopping NIS service ... 2026-02-05T13:13:56.395 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-05T13:13:56.395 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-05T13:13:56.395 [RTP] Duplicating the current plugin configuration object... 2026-02-05T13:13:56.395 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-05T13:13:56.395 [RTP] Updating plugin configuration due to recent config changes (0x20) ... 2026-02-05T13:13:56.395 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-05T13:13:56.395 [RTP] [RtpConfig] Config change detected, type: 4 2026-02-05T13:13:56.395 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-05T13:13:56.395 [RTP] No config change detected. Not updating plugin configuration. 2026-02-05T13:13:56.395 [RTP] No config changes found. No configuration switch. 2026-02-05T13:13:56.395 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x20, Changed: 0 2026-02-05T13:13:56.395 [RTP] [RtpConfig] Config change detected, type: 8 2026-02-05T13:13:56.395 [RTP] [RtpConfig] Config change detected, type: 16 2026-02-05T13:13:56.395 [RTP] [RtpConfig] Config change detected, type: 1024 2026-02-05T13:13:56.395 [RTP] [RtpConfig] Config change detected, type: 2048 2026-02-05T13:13:56.395 [RTP] Setting DisableAsyncScanOnClose to 0 (hr=0). 2026-02-05T13:13:56.395 [RTP] Setting DisableAsyncScanOnOpen to 0 in wdfilter (hr=0). 2026-02-05T13:13:56.395 [RTP] Setting FilterExperimentMode to 0 (hr=0). 2026-02-05T13:13:56.447 [RTP] Setting DisableDriverUnload to 1 (hr=0). 2026-02-05T13:13:56.447 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-05T13:13:56.447 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-05T13:13:56.447 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-05T13:13:56.447 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-05T13:13:56.447 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-05T13:13:56.461 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-05T13:13:56.461 [RTP] [RTP] LastAccessTimeSuppression for network files is enabled by configuration. 2026-02-05T13:13:56.461 [RTP] [RtpConfig] Config change detected, type: 64 2026-02-05T13:13:58.898 [RTP] Duplicating the current plugin configuration object... 2026-02-05T13:13:58.898 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-05T13:13:58.898 [RTP] Updating plugin configuration due to recent config changes (0x41e) ... 2026-02-05T13:13:58.898 [RTP] Calling GenerateEngineConfigStruct (0x18) ... 2026-02-05T13:13:58.949 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x41e, Changed: 0x218 2026-02-05T13:16:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T13:31:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T13:46:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T14:02:00.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T14:17:05.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T14:32:10.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T14:47:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T15:02:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T15:17:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T15:32:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T15:47:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T16:02:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T16:17:45.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T16:32:50.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T16:47:55.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T17:03:00.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T17:18:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T17:33:10.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T17:48:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T18:03:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T18:18:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T18:33:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T18:48:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T19:03:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T19:18:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T19:23:55.386 [AutoPurge] AutoPurgeWorker triggered with dwWork=0x3 2026-02-05T19:23:55.387 Job Notification: New process added to job (15728) 2026-02-05T19:23:55.389 Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) launched 2026-02-05T19:23:55.390 Aggressive catchup quick scan threshold: 728653353517 / 25920000000000 2026-02-05T19:23:55.456 Job Notification: New process added to job (10392) 2026-02-05T19:23:55.470 [RTP] [Mini-filter] Denied OB operation OpenProcess[\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe][Pid:15728] from process [\Device\HarddiskVolume4\Windows\System32\conhost.exe][Pid:10392]. OriginalDesiredAccess: [0x1fffff] ResultingAccess: [0x1ff7d4] 2026-02-05T19:23:55.563 Job Notification: New process added to job (15572) 2026-02-05T19:23:55.563 Task(SignaturesUpdateService -ScheduleJob -UnmanagedUpdate) launched 2026-02-05T19:23:55.564 Job Notification: New process added to job (18364) 2026-02-05T19:23:55.568 [RTP] [Mini-filter] Denied OB operation OpenProcess[\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe][Pid:15572] from process [\Device\HarddiskVolume4\Windows\System32\conhost.exe][Pid:18364]. OriginalDesiredAccess: [0x1fffff] ResultingAccess: [0x1ff7d4] 2026-02-05T19:23:55.896 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-05T19:23:55.896 [RTP] Duplicating the current plugin configuration object... 2026-02-05T19:23:55.896 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-05T19:23:55.896 [RTP] Updating plugin configuration due to recent config changes (0x20) ... 2026-02-05T19:23:55.897 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-05T19:23:55.897 [RTP] No config change detected. Not updating plugin configuration. 2026-02-05T19:23:55.897 [RTP] No config changes found. No configuration switch. 2026-02-05T19:23:55.897 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x20, Changed: 0 2026-02-05T19:26:09.676 UpdateEngine start: Source: 1, szUpdateDirectory: C:\Windows\Temp\61627740-7A07-4D1B-AA82-1ED5D97B7BF040ec.1dc96d54544170c 2026-02-05T19:26:10.074 Verifying engine and signature files (source: 0) ... 2026-02-05T19:26:10.074 Skipped verification of [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F425C1D5-7997-4210-BFA5-62A321BA45D2}\mpengine.dll] due to PPL. 2026-02-05T19:26:10.074 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F425C1D5-7997-4210-BFA5-62A321BA45D2}\mpasbase.vdm] (file in cache) 2026-02-05T19:26:10.074 MpCacheManagerIsTrustedFile [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F425C1D5-7997-4210-BFA5-62A321BA45D2}\mpasdlta.vdm]. File not in cache (0x1) 2026-02-05T19:26:10.124 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F425C1D5-7997-4210-BFA5-62A321BA45D2}\mpasdlta.vdm] 2026-02-05T19:26:10.124 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F425C1D5-7997-4210-BFA5-62A321BA45D2}\mpavbase.vdm] (file in cache) 2026-02-05T19:26:10.124 MpCacheManagerIsTrustedFile [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F425C1D5-7997-4210-BFA5-62A321BA45D2}\mpavdlta.vdm]. File not in cache (0x1) 2026-02-05T19:26:10.152 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F425C1D5-7997-4210-BFA5-62A321BA45D2}\mpavdlta.vdm] 2026-02-05T19:26:10.439 [Engine] IsHybridMode: 0 2026-02-05T19:26:10.497 [KSL]KSL(1.1.25080.5) Is available via CAMP. KslDevice : KslD, TDTDevice : TDT 2026-02-05T19:26:10.858 Database:Can't find offline cache cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-BBBE1B02A0C308B68492CB06AFBA67DD051DF6CB.bin): 0x00000002 2026-02-05T19:26:10.874 Database:Creating offline cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-BBBE1B02A0C308B68492CB06AFBA67DD051DF6CB.bin) 2026-02-05T19:26:10.874 Database:Product:1, ProductVersion:5, Platform:6, PlatformVersion:19, IsBeta:0, IsAdvancedAtLoad:0, IsParanoid: 0, IsOffline: 0 2026-02-05T19:26:10.874 Database:IsEmbedded: 0, IsIEVEnabled: 0, IsServerSku: 1, IsRsdhSku: 1, IsEnterpriseProduct: 0, IsMsft: 0, IsSeville: 0, IsMsSense: 0, IsImmune: 0, IsMba: 0, IsPus: 0, IsManaged: 0, IsSmode: 0 2026-02-05T19:26:10.874 Database:IsAutoSubmit:0, IsPusRem:0, LoadedAS:1, LoadedAV:1, LoadedInternal: 0, PassiveMode: 0, SxsPassiveMode:0, IsDevMode:0, IsTestSigning:0, IsWCOS: 0, IsInsideContainer: 0, IsHybridMode: 0 2026-02-05T19:26:10.874 Database:kLCID:1033, kOsVersion:655360, kProcessorArch:9, dwIsTest:0, fTdtCapable:0, fTdtUVE:0, dwTDTSiloType:0, kOOsVersion:655360, kOsSP:0, kOsBld:17763, dwPvpRing=0xffffffff IDynamicConfig::ReportError value=BruteForceProtectionIPExclusion hr=0x8007007b IDynamicConfig::ReportError value=BruteForceProtectionStatus hr=0x8007007b IDynamicConfig::ReportError value=DisableGradualRelease hr=0x8007007b IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007b IDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000d IDynamicConfig::ReportError value=MpCampRingThrottled hr=0x8007007b IDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d IDynamicConfig::ReportError value=MpEngineRingThrottled hr=0x8007007b 2026-02-05T19:26:31.939 Geo ID not found using standard default set: :SOAP:https://wdcp.microsoft.com/WdCpSrvc.asmx 2026-02-05T19:26:31.950 [AutoExclusion] Applied roles from cache. 2026-02-05T19:26:31.950 [AutoExclusion] Started roles monitoring. 2026-02-05T19:26:32.016 [Engine] RSIG_ENGINE_PRE_SHUTDOWN, 0x00007FF916666240, lRefCount: 5, hr=0 2026-02-05T19:26:32.018 [Engine] New active engine 00007FF926286240 replacing engine 00007FF916666240. Number of active engines: 2 2026-02-05T19:26:32.032 EngineInit:Global ASOC is enabled 2026-02-05T19:26:32.032 EngineInit:ASOO is enabled for developer volumes 2026-02-05T19:26:32.202 Engine-HIPS:Loaded ASR vdm rule "Block use of copied or impersonated system tools", State=5, Action=0, Type=9, Duplicates(Interval=288000000000, scope=0x100) 2026-02-05T19:26:32.203 Engine-HIPS:Loaded ASR vdm rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-05T19:26:32.203 Engine-HIPS:Loaded ASR vdm rule "Block credential stealing from the Windows local security authority subsystem (lsass.exe)", State=5, Action=7, Type=1, Duplicates(Interval=288000000000, scope=0x380) 2026-02-05T19:26:32.203 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from injecting code into other processes", State=5, Action=2, Type=24, Duplicates(Interval=144000000000, scope=0x380) 2026-02-05T19:26:32.204 Engine-HIPS:Loaded ASR vdm rule "Controlled folder access", State=0, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-05T19:26:32.204 Engine-HIPS:Loaded ASR vdm rule "Block untrusted and unsigned processes that run from USB", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-05T19:26:32.204 Engine-HIPS:Loaded ASR vdm rule "Block Adobe Reader from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-05T19:26:32.205 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from creating executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-05T19:26:32.205 Engine-HIPS:Loaded ASR vdm rule "Block Webshell creation for Servers", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-05T19:26:32.205 Engine-HIPS:Loaded ASR vdm rule "Block Office communication application from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-05T19:26:32.206 Engine-HIPS:Loaded ASR vdm rule "Block abuse of in-the-wild exploited vulnerable signed drivers", State=5, Action=0, Type=1, Duplicates(Interval=36000000000, scope=0x100) 2026-02-05T19:26:32.206 Engine-HIPS:Loaded ASR vdm rule "Block all Office applications from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-05T19:26:32.206 Engine-HIPS:Loaded ASR vdm rule "Use advanced protection against ransomware", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-05T19:26:32.207 Engine-HIPS:Loaded ASR vdm rule "Block Process Creations originating from PSExec & WMI commands", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-05T19:26:32.207 Engine-HIPS:Loaded ASR vdm rule "Block Launching of executable content from email attachment", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-05T19:26:32.207 Engine-HIPS:Loaded ASR vdm rule "Block JavaScript or VBScript from launching downloaded executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-05T19:26:32.208 Engine-HIPS:Loaded ASR vdm rule "Block persistence through WMI event subscription", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-05T19:26:32.208 Engine-HIPS:Loaded ASR vdm rule "Block rebooting machine in Safe Mode", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-05T19:26:32.208 Engine-HIPS:Loaded ASR vdm rule "Block execution of potentially obfuscated scripts", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-05T19:26:32.213 MpWriteUupSignatureVersion 1.443.1018.0, hr = 0 2026-02-05T19:26:32.214 ForceSyncMoacInsertion config from engine is 0, hr = 0x0 2026-02-05T19:26:32.222 [RTP] [Mini-filter] MpFC: MpFC_Kernel_HardenUxProcesses=0;MpFC_Kernel_SystemIoRequestWorkOnBehalfOf=0x1;MpFC_Kernel_PreventBindfltAbuse=0x1;MpFC_Kernel_ParentProcessObHardeningAllow=0;MpFC_Kernel_ReduceOfficeInjectRuleFP=0x1;MPC_Kernel_CheckValidityOfProcessFilterFlagsInASR=0x1;MpFc_Kernel_UseLowPrioThreadsForAsyncScans=0x1;MpFc_Kernel_DisableFileDirtyLogic=0;MpFC_Kernel_DisableDLPPort=0x1;MpFC_Kernel_DlpFeatures=0;MpFC_Kernel_EnableFolderGuardOnPostCreate=0x1;MpFC_Kernel_StrictTiChildrenMatch=0;MpFC_Kernel_PPLReduxMitigationFlags=0x3;MpFc_Kernel_UseLowPriAsyncScansDevDrvOnly=0x1;MpFc_Kernel_DisableOfficeInjectUevSuppression=0x1;MpFc_Kernel_CopyChunkFileHintMask=0;MpFc_Kernel_DisableScanOnCloseForNetworkFiles=0x1;MpFc_Kernel_MaxAsyncWorkQueue=0x400;MpFc_Kernel_DlpIgnoreSystemFolder=0x1;MpFc_Kernel_DlpPassThroughMode=0;MpFc_Kernel_L2StateCache_DefaultStreamsOnly=0x1;MpFc_Kernel_L2StateCache_SupportGenericFileState=0x1;MpFc_Kernel_CryptSvcPreScanFilter=0x1;MpFc_Kernel_SystemPreScanFilter=0x1;MpFC_Kernel_CheckValidit 2026-02-05T19:26:32.222 [HybridMode] HybridMode change notification isHybridModePolicyEnabled: 0, isVerifiedAndReputableTrustModeEnabled: 0 2026-02-05T19:26:32.222 Hybrid mode change notification called, no change detected in verified and reputable trust mode (0 -> 0)! 2026-02-05T19:26:32.222 Hybrid mode change notification called, no change detected in Hybrid mode (0 -> 0)!ApplyDefenderProcessTokenTrustLableAce succeeded to set. 2026-02-05T19:26:32.233 MpUpdateUpdateResiliencyConfiguration updated to 0 2026-02-05T19:26:32.233 [Plugin] Initializing RTP plugin state... 2026-02-05T19:26:32.233 [Plugin] Normal mode, or passive mode with shadow protection enabled. Will not force RTP off. 2026-02-05T19:26:32.233 [RTP] ****************************RTP Perf Log*************************** RTP Start:‎02‎-‎04‎-‎2026 22:25:55 Last Perf:‎02‎-‎04‎-‎2026 22:25:54 First RTP Scan:N/A Plugin States: AV:1 AS:1 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\OInstall_x64.exe C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\files C:\Users\Administrator\Downloads\InternetDownloadManager6.42Build3.c.taiwebs.com\Internet Download Manager 6.42 Build 3 Multilingual\Patch C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\OInstall.exe Ext Exclusions: Temp Exclusions: Worker Threads: AM:18 Async:4 Cache Flushes: RTP:1 System File Cache: Hits:0 Misses:0 BM Queue:0,1,0 Proc:0,1,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:1,5,0 SetEngine:1,1,0 SetState:0,1,0 SetUser:0,0,0 Config:0,2,0 ProcExcl:0,1,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:280640 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:265168 AsyncQCurrent:0 BMFlags:1160 ServiceMaj:0 ServiceMin:0 NumInstance:6 TotalStreamCon:3314 NTFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:-1424087820 TotalHits:0 InstanceCacheInserts:202609 InstanceCacheUpdates:0 InstanceCacheDeletes:73423 InstanceCacheHits:3207 InstanceCacheMisses:1492559 InstanceCacheOverflows:125243 CSVFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 SyncProcessCreateDuration:-1ms (0/0) Success: 0, failures: 0 (last code: 0x0), timeouts: 0, baddata: 0 **************************END RTP Perf Log************************* 2026-02-05T19:26:32.233 [Engine] Loaded C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F425C1D5-7997-4210-BFA5-62A321BA45D2} 2026-02-05T19:26:32.233 [Engine] Skip removing C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B8D69759-CC25-4C55-94D5-4806425F3D4C}, C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B8D69759-CC25-4C55-94D5-4806425F3D4C}\mpasbase.vdm in use, hr=0x80070020 2026-02-05T19:26:32.234 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-05T19:26:32.237 [SCC][CID=865806671_10724] [1DS] SCCState hr=0x0 msg={"error":"","hr":"0x0","init":false,"source":"None","state":"None"} 2026-02-05T19:26:32.237 Failed to retrieve config value from engine or configurations for config key (MdCpuSensorCollectionLag) hr = 0x8050800f 2026-02-05T19:26:32.237 Failed to retrieve config value from engine or configurations for config key (MdCrashSensorCollectionLag) hr = 0x8050800f 2026-02-05T19:26:32.237 Failed to retrieve config value from engine or configurations for config key (MdDiskSensorCollectionLag) hr = 0x8050800f 2026-02-05T19:26:32.237 Failed to retrieve config value from engine or configurations for config key (MdMemorySensorCollectionLag) hr = 0x8050800f 2026-02-05T19:26:32.237 MdCoreSvc is supported in this platform and OS Beginning quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Target: Flags:131074 Start time:02-05-2026 19:26:32 Finished quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Result:0 End time:02-05-2026 19:26:32 2026-02-05T19:26:32.239 MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0 2026-02-05T19:26:32.239 MpPlatformKillbitsFromEngineEx (0x0) (0x0) written, hr = 0 2026-02-05T19:26:32.240 [NRI] Stopping NIS service ... 2026-02-05T19:26:32.241 Failed to retrieve config value from engine or configurations for config key (MdCpuSensorCollectionLag) hr = 0x8050800f 2026-02-05T19:26:32.241 Failed to retrieve config value from engine or configurations for config key (MdCrashSensorCollectionLag) hr = 0x8050800f 2026-02-05T19:26:32.241 Failed to retrieve config value from engine or configurations for config key (MdDiskSensorCollectionLag) hr = 0x8050800f 2026-02-05T19:26:32.241 Failed to retrieve config value from engine or configurations for config key (MdMemorySensorCollectionLag) hr = 0x8050800f 2026-02-05T19:26:32.241 MdCoreSvc is supported in this platform and OS Signature updated on 02-05-2026 19:26:32 Product Version: 4.18.25110.6 Service Version: 4.18.25110.6 Engine Version: 1.1.25110.1 AS Signature Version: 1.443.1018.0 AV Signature Version: 1.443.1018.0 ************************************************************ 2026-02-05T19:26:32.243 [Update] Performing ScanOnUpdate, GetConfigHr: 0x0, dwDisableScanOnUpdate: 0, passiveMode: 0, killbit: 0 2026-02-05T19:26:32.243 UpdateEngine finished with 0: Source: 1, szUpdateDirectory: C:\Windows\Temp\61627740-7A07-4D1B-AA82-1ED5D97B7BF040ec.1dc96d54544170c 2026-02-05T19:26:32.245 Process scan (postsignatureupdatescan) started. 2026-02-05T19:26:32.266 [TP] State change. FeatureAvialable: False, NewState: 0x2, OldState: 0x2, Scenario: Consumer, Source: Signatures, ConfigChange: Remove 2026-02-05T19:26:32.266 [TP] TP Enabled: 0, SecureConfigEnabled: 0, DisableTPExclusionBypass: 0, EnableTPExclusion via FC: 0, IsIntuneManagedDefender: 0, IsSCCMManagedDefender: 0, IsMDEAttachManagedDefender: 0, IsSCCMOnlyManagedDefender: 0, IsStrictPolicyModeEnabled: 0 (from snapshot: 0), Effective EnableTPExclusions: 0, Previous EnableTPExclusions: 0, Delayed call: 0 2026-02-05T19:26:32.367 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-05T19:26:32.367 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-05T19:26:32.367 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-05T19:26:32.367 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-05T19:26:32.367 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-05T19:26:32.718 CheckProductDisabled(fWaitWSC: 0, fRemoveConfigs: 1) ... IDynamicConfig::ReportError value=BruteForceProtectionIPExclusion hr=0x8007007b IDynamicConfig::ReportError value=BruteForceProtectionStatus hr=0x8007007b IDynamicConfig::ReportError value=DisableGradualRelease hr=0x8007007b IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007b IDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000d IDynamicConfig::ReportError value=MpCampRingThrottled hr=0x8007007b IDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d IDynamicConfig::ReportError value=MpEngineRingThrottled hr=0x8007007b 2026-02-05T19:26:32.721 [KSL] Entering CKSLEngine::EnableKSL. State: [3] 2026-02-05T19:26:32.721 [KSL] CKSLEngine::EnableKSL feature is already enabled. 2026-02-05T19:26:32.721 [KSL] Leaving CKSLEngine::EnableKsl(0). 2026-02-05T19:26:32.722 [KSL] Entering CKSLEngine::EnableKSL. State: [3] 2026-02-05T19:26:32.722 [KSL] CKSLEngine::EnableKSL feature is already enabled. 2026-02-05T19:26:32.722 [KSL] Leaving CKSLEngine::EnableKsl(0). 2026-02-05T19:26:32.723 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-05T19:26:32.723 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-05T19:26:32.723 [RTP] [RtpConfig] Config change detected, type: 4 2026-02-05T19:26:32.723 [RTP] [RtpConfig] Config change detected, type: 8 2026-02-05T19:26:32.724 [RTP] [RtpConfig] Config change detected, type: 1024 2026-02-05T19:26:32.724 [RTP] [RtpConfig] Config change detected, type: 2048 2026-02-05T19:26:32.724 [RTP] Setting DisableAsyncScanOnClose to 0 (hr=0). 2026-02-05T19:26:32.724 [RTP] Setting DisableAsyncScanOnOpen to 0 in wdfilter (hr=0). 2026-02-05T19:26:32.724 [NRI] Stopping NIS service ... 2026-02-05T19:26:32.724 [RTP] Setting FilterExperimentMode to 0 (hr=0). 2026-02-05T19:26:32.724 [RTP] Setting DisableDriverUnload to 1 (hr=0). 2026-02-05T19:26:32.724 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-05T19:26:32.724 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-05T19:26:32.724 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-05T19:26:32.724 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-05T19:26:32.724 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-05T19:26:32.724 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-05T19:26:32.724 [RTP] [RTP] LastAccessTimeSuppression for network files is enabled by configuration. 2026-02-05T19:26:32.724 [RTP] [RtpConfig] Config change detected, type: 64 2026-02-05T19:26:32.724 [NRI] Stopping NIS service ... 2026-02-05T19:26:32.725 [NRI] Stopping NIS service ... 2026-02-05T19:26:32.726 [NRI] Stopping NIS service ... 2026-02-05T19:26:32.727 [NRI] Stopping NIS service ... Signature updated via MicrosoftUpdateServer on 02-05-2026 19:26:32 ************************************************************ 2026-02-05T19:26:33.127 [Engine] Engine 00007FF916666240 no longer in use. Number of active engines: 1 2026-02-05T19:26:33.127 [RTP] [RTP] FilterCommunicator object 0x00000200AE3185E0 StopCommunication (\MicrosoftMalwareProtectionPortWD, \MicrosoftMalwareProtectionVeryLowIoPortWD), threads: 8 normal, 2 very low, 0 alt, thread pool threads: 0 normal, 0 very low, 8 alt 2026-02-05T19:26:33.146 Job Notification: Process exited from job (15728) 2026-02-05T19:26:33.147 Job Notification: Process exited from job (10392) 2026-02-05T19:26:33.534 Job Notification: Process exited from job (15572) 2026-02-05T19:26:33.535 Job Notification: Process exited from job (18364) 2026-02-05T19:26:35.630 [RTP] Duplicating the current plugin configuration object... 2026-02-05T19:26:35.630 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-05T19:26:35.630 [RTP] Updating plugin configuration due to recent config changes (0x42e) ... 2026-02-05T19:26:35.630 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-05T19:26:35.630 [RTP] Calling GenerateEngineConfigStruct (0x18) ... 2026-02-05T19:26:35.630 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x42e, Changed: 0x218 2026-02-05T19:26:45.489 [Engine] RSIG_UNLOADENGINE, 00007FF916666240, err=0x0 2026-02-05T19:26:45.577 [Engine] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B8D69759-CC25-4C55-94D5-4806425F3D4C} removed Internal signature match:subtype=Lowfi, sigseq=0x0000157E55A4A794, sigsha=0d6df75c878ae2057e5184c1c65cd97a922b0f0b, cached=false, source=0, resourceid=0xa865ed51 Internal signature match:subtype=Lowfi, sigseq=0x00004AE7F6712C36, sigsha=d96c66db50bb3adef460233484cf124f27fd61c2, cached=false, source=0, resourceid=0x49ced1a9 Internal signature match:subtype=Lowfi, sigseq=0x0000E6E7336DF01B, sigsha=be63f9765c0dd90c9044d12b0531e6ad0a7aa965, cached=false, source=0, resourceid=0x0e132b6d 2026-02-05T19:27:16.723 Process scan (postsignatureupdatescan) completed. 2026-02-05T19:31:32.179 [RbM] Setting Last known good engine candidate. hr = 0 2026-02-05T19:33:50.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T19:48:55.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T20:04:00.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T20:19:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T20:34:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T20:49:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T21:04:20.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T21:19:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T21:34:30.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T21:49:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T22:04:40.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T22:19:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T22:34:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T22:49:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T23:05:00.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T23:09:30.075 Created on demand scan context for ScanType:1. ScanTrigger:55, ScanId:CF12BE60-3C9E-49E7-95F5-2E557D7ED698, Source: MPSOURCE_SYSTEM(2), EngineSource: MP_SCANSOURCE_SCHEDULED(1) 2026-02-05T23:09:30.075 Scheduled scan with Id CF12BE60-3C9E-49E7-95F5-2E557D7ED698 configured CPU priority: normal (LowCpuPriority: 0) 2026-02-05T23:09:30.090 [SFC] MpCmIsBuildPermissible(1) returns S_OK. Start SFC build. 2026-02-05T23:09:30.090 [SFC] System file cache build is not needed (already completed) Internal signature match:subtype=Lowfi, sigseq=0x0000E6E7336DF01B, sigsha=be63f9765c0dd90c9044d12b0531e6ad0a7aa965, cached=false, source=0, resourceid=0x0e132b6d Internal signature match:subtype=Lowfi, sigseq=0x00001080BD474309, sigsha=12dcaa1fa061982b60965c79a12b1fa9857cd220, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x000010806C1FBEBC, sigsha=62d527f22a73e99676b1b698fda24d54631bc5e6, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x000010807F33016C, sigsha=3969d92ccecc920f2b38c26959c245b73df4cddd, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x00001080DCA721BD, sigsha=13bf421faa34d3dab1e680e23c46d4dcb5ca3d0a, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x00004AE7F6712C36, sigsha=d96c66db50bb3adef460233484cf124f27fd61c2, cached=false, source=0, resourceid=0xc8ebb48e 2026-02-05T23:11:01.627 Engine:Triggered AR EMS scan 2026-02-05T23:11:01.638 Engine:EMS scan for process: lsass pid: 748, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.684 Engine:EMS scan for process: svchost pid: 956, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.690 Engine:EMS scan for process: svchost pid: 980, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.717 Engine:EMS scan for process: svchost pid: 84, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.723 Engine:EMS scan for process: svchost pid: 396, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.730 Engine:EMS scan for process: svchost pid: 1048, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.755 Engine:EMS scan for process: svchost pid: 1132, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.760 Engine:EMS scan for process: svchost pid: 1164, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.762 Engine:EMS scan for process: svchost pid: 1316, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.763 Engine:EMS scan for process: svchost pid: 1324, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.764 Engine:EMS scan for process: svchost pid: 1332, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.765 Engine:EMS scan for process: svchost pid: 1340, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.768 Engine:EMS scan for process: svchost pid: 1452, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.769 Engine:EMS scan for process: svchost pid: 1476, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.770 Engine:EMS scan for process: svchost pid: 1584, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.772 Engine:EMS scan for process: svchost pid: 1612, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.774 Engine:EMS scan for process: svchost pid: 1668, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.776 Engine:EMS scan for process: svchost pid: 1732, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.779 Engine:EMS scan for process: svchost pid: 1780, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.782 Engine:EMS scan for process: svchost pid: 1788, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.784 Engine:EMS scan for process: svchost pid: 1796, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.785 Engine:EMS scan for process: svchost pid: 1912, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.786 Engine:EMS scan for process: svchost pid: 1960, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.788 Engine:EMS scan for process: svchost pid: 2020, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.808 Engine:EMS scan for process: svchost pid: 1564, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.827 Engine:EMS scan for process: svchost pid: 2068, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.831 Engine:EMS scan for process: svchost pid: 2144, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.834 Engine:EMS scan for process: svchost pid: 2152, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.835 Engine:EMS scan for process: svchost pid: 2340, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.836 Engine:EMS scan for process: svchost pid: 2356, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.840 Engine:EMS scan for process: svchost pid: 2444, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.842 Engine:EMS scan for process: svchost pid: 2792, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.858 Engine:EMS scan for process: svchost pid: 2860, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.859 Engine:EMS scan for process: svchost pid: 2948, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.863 Engine:EMS scan for process: svchost pid: 2632, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.866 Engine:EMS scan for process: svchost pid: 3268, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.871 Engine:EMS scan for process: svchost pid: 3308, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.877 Engine:EMS scan for process: svchost pid: 3316, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.879 Engine:EMS scan for process: services pid: 3324, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.907 Engine:EMS scan for process: svchost pid: 3356, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.908 Engine:EMS scan for process: svchost pid: 3364, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.912 Engine:EMS scan for process: svchost pid: 3376, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.914 Engine:EMS scan for process: svchost pid: 3384, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.917 Engine:EMS scan for process: svchost pid: 3392, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.919 Engine:EMS scan for process: svchost pid: 3400, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.920 Engine:EMS scan for process: svchost pid: 3408, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.921 Engine:EMS scan for process: svchost pid: 3416, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.922 Engine:EMS scan for process: svchost pid: 3584, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.924 Engine:EMS scan for process: svchost pid: 4148, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.927 Engine:EMS scan for process: svchost pid: 4320, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.931 Engine:EMS scan for process: svchost pid: 4396, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.933 Engine:EMS scan for process: svchost pid: 4568, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.936 Engine:EMS scan for process: svchost pid: 5448, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.938 Engine:EMS scan for process: dllhost pid: 2480, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.941 Engine:EMS scan for process: svchost pid: 7148, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.942 Engine:EMS scan for process: svchost pid: 1356, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.944 Engine:EMS scan for process: svchost pid: 1084, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.947 Engine:EMS scan for process: svchost pid: 6444, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.949 Engine:EMS scan for process: svchost pid: 1924, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.952 Engine:EMS scan for process: svchost pid: 7616, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.953 Engine:EMS scan for process: svchost pid: 7768, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.960 Engine:EMS scan for process: svchost pid: 1392, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.962 Engine:EMS scan for process: svchost pid: 3504, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.965 Engine:EMS scan for process: svchost pid: 8332, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.968 Engine:EMS scan for process: svchost pid: 8168, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.970 Engine:EMS scan for process: svchost pid: 7980, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.972 Engine:EMS scan for process: svchost pid: 7700, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.974 Engine:EMS scan for process: svchost pid: 12000, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.977 Engine:EMS scan for process: svchost pid: 7692, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.979 Engine:EMS scan for process: svchost pid: 13524, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.982 Engine:EMS scan for process: dllhost pid: 12048, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.984 Engine:EMS scan for process: dllhost pid: 13580, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.985 Engine:EMS scan for process: svchost pid: 7696, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.987 Engine:EMS scan for process: svchost pid: 12648, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.990 Engine:EMS scan for process: svchost pid: 8216, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.991 Engine:EMS scan for process: svchost pid: 7244, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.993 Engine:EMS scan for process: svchost pid: 12008, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:01.998 Engine:EMS scan for process: svchost pid: 14264, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:02.000 Engine:EMS scan for process: svchost pid: 15100, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:02.005 Engine:EMS scan for process: explorer pid: 13680, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:02.049 Engine:EMS scan for process: svchost pid: 12692, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:02.052 Engine:EMS scan for process: svchost pid: 10648, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:02.053 Engine:EMS scan for process: explorer pid: 6376, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-05T23:11:02.089 Engine:EMS scan for process: svchost pid: 16036, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 Internal signature match:subtype=Lowfi, sigseq=0x0000157EF1BEF48F, sigsha=88199b23bf19d286f43e8f883776ee295b1669db, cached=false, source=0, resourceid=0xdb500b9d Internal signature match:subtype=Lowfi, sigseq=0x0000AAE7671D16B6, sigsha=3c5f73131fd9b5bec7ddb911a1fa2acc81ec3877, cached=false, source=0, resourceid=0x0e3a6362 Internal signature match:subtype=Lowfi, sigseq=0x0000157EF1BEF48F, sigsha=88199b23bf19d286f43e8f883776ee295b1669db, cached=false, source=0, resourceid=0xc742a477 Internal signature match:subtype=Lowfi, sigseq=0x000078E7B6D8B30B, sigsha=7e39caa16cef41cd13040adae6e049354306a445, cached=false, source=0, resourceid=0xc742a477 2026-02-05T23:15:13.146 QuickScan:ScanID:CF12BE60-3C9E-49E7-95F5-2E557D7ED698: Quick scan finished with error 0 2026-02-05T23:15:13.705 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-05T23:15:13.705 [RTP] Duplicating the current plugin configuration object... 2026-02-05T23:15:13.705 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-05T23:15:13.705 [RTP] Updating plugin configuration due to recent config changes (0x20) ... 2026-02-05T23:15:13.706 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-05T23:15:13.706 [RTP] No config change detected. Not updating plugin configuration. 2026-02-05T23:15:13.706 [RTP] No config changes found. No configuration switch. 2026-02-05T23:15:13.706 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x20, Changed: 0 2026-02-05T23:20:05.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T23:35:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-05T23:50:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T00:05:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T00:20:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T00:35:30.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T00:50:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T01:05:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T01:20:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T01:35:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T01:50:55.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T02:06:00.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T02:21:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T02:36:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T02:51:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T03:06:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T03:21:25.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T03:36:30.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T03:51:35.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T04:06:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T04:21:45.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T04:36:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T04:51:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T05:07:00.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T05:22:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T05:37:10.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T05:52:15.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T06:07:20.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T06:22:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T06:37:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T06:52:35.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T07:07:40.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T07:22:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T07:37:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T07:52:55.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T08:08:00.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T08:23:05.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T08:38:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T08:53:15.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T09:08:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T09:23:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T09:38:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T09:53:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T10:08:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T10:23:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T10:38:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T10:53:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T11:09:00.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T11:24:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T11:39:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T11:54:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T12:09:20.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T12:24:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T12:39:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T12:54:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T13:09:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T13:24:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T13:39:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T13:54:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T14:10:00.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T14:25:05.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T14:40:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T14:55:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T15:04:21.788 [AutoPurge] Cleanup Routine tasks have started. 2026-02-06T15:04:21.788 [AutoPurge] Routine task for Cache Maintenance has started. 2026-02-06T15:04:21.788 [AutoPurge] Verification Routine tasks have started. 2026-02-06T15:04:21.789 [AutoPurge] Routine task for Cache Maintenance ... 2026-02-06T15:04:21.789 [AutoPurge] Routine task for MpSFCBuild ... 2026-02-06T15:04:21.789 [AutoPurge] MpCmIsBuildCompleted() - S_OK 2026-02-06T15:04:21.789 [AutoPurge] MpSignalMaintenanceMode ...ApplyDefenderProcessTokenTrustLableAce succeeded to set. 2026-02-06T15:04:22.877 Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0) 2026-02-06T15:04:23.020 [AutoPurge] Purged 0 expired detection item(s) from a total of 0. 2026-02-06T15:04:23.037 [AutoPurge] 0 expired file(s) deleted under C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store (total: 0, expiration in 86400 seconds) Beginning quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Target: Flags:65538 Start time:02-06-2026 15:04:23 Finished quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Result:0 End time:02-06-2026 15:04:23 2026-02-06T15:04:23.257 [PlatUpd] Purging orphaned platform update directories under C:\ProgramData\Microsoft\Windows Defender\Platform ... 2026-02-06T15:04:23.257 [PlatUpd] Not purging current location C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0 ... 2026-02-06T15:04:23.257 [PlatUpd] Not purging backup location C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.5-0 ... 2026-02-06T15:04:23.257 [PlatUpd] Deleting orphaned platform update directory C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25100.9008-0 ... 2026-02-06T15:04:23.257 [PlatUpd] Purging orphaned platform update directories under C:\Program Files\Windows Defender\Platform ... 2026-02-06T15:04:23.258 [AutoPurge] Cleanup Routine tasks have ended. 2026-02-06T15:04:23.772 EnsureProtectedFolderAcls(), hr = 0x0 2026-02-06T15:04:23.790 [AutoPurge] MpReinforceServiceAcls: 0 2026-02-06T15:04:23.800 [AutoPurge] Readded platform files to MOAC after ACL enforcement. hr=0 2026-02-06T15:04:23.825 [AutoPurge] SendHeartbeatTelemetryIfDue failed. hr = 0x80508015 2026-02-06T15:04:23.836 [AutoPurge] Removing expired default signature package ... 2026-02-06T15:04:24.332 CheckProductDisabled(fWaitWSC: 0, fRemoveConfigs: 1) ... 2026-02-06T15:04:24.541 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-06T15:04:24.541 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-06T15:04:24.541 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-06T15:04:24.541 [RTP] Duplicating the current plugin configuration object... 2026-02-06T15:04:24.541 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-06T15:04:24.541 [RTP] Updating plugin configuration due to recent config changes (0x22) ... 2026-02-06T15:04:24.541 [RTP] [RtpConfig] Config change detected, type: 4 2026-02-06T15:04:24.541 [RTP] [RtpConfig] Config change detected, type: 8 2026-02-06T15:04:24.541 [RTP] [RtpConfig] Config change detected, type: 16 2026-02-06T15:04:24.541 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-06T15:04:24.541 [RTP] No config change detected. Not updating plugin configuration. 2026-02-06T15:04:24.541 [RTP] No config changes found. No configuration switch. 2026-02-06T15:04:24.541 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x22, Changed: 0 2026-02-06T15:04:24.541 [RTP] [RtpConfig] Config change detected, type: 1024 2026-02-06T15:04:24.541 [RTP] [RtpConfig] Config change detected, type: 2048 2026-02-06T15:04:24.542 [RTP] Setting DisableAsyncScanOnClose to 0 (hr=0). 2026-02-06T15:04:24.542 [RTP] Setting DisableAsyncScanOnOpen to 0 in wdfilter (hr=0). 2026-02-06T15:04:24.542 [RTP] Setting FilterExperimentMode to 0 (hr=0). 2026-02-06T15:04:24.640 [NRI] Stopping NIS service ... 2026-02-06T15:04:24.641 [NRI] Stopping NIS service ... 2026-02-06T15:04:24.641 [NRI] Stopping NIS service ... 2026-02-06T15:04:24.642 [RTP] Setting DisableDriverUnload to 1 (hr=0). 2026-02-06T15:04:24.642 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-06T15:04:24.642 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-06T15:04:24.642 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-06T15:04:24.642 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-06T15:04:24.642 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-06T15:04:24.642 [NRI] Stopping NIS service ... 2026-02-06T15:04:24.643 [NRI] Stopping NIS service ... 2026-02-06T15:04:24.753 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-06T15:04:24.753 [RTP] [RTP] LastAccessTimeSuppression for network files is enabled by configuration. 2026-02-06T15:04:24.753 [RTP] [RtpConfig] Config change detected, type: 64 2026-02-06T15:04:26.557 Job Notification: New process added to job (9596) 2026-02-06T15:04:27.045 [RTP] Duplicating the current plugin configuration object... 2026-02-06T15:04:27.045 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-06T15:04:27.045 [RTP] Updating plugin configuration due to recent config changes (0x41e) ... 2026-02-06T15:04:27.045 [RTP] Calling GenerateEngineConfigStruct (0x18) ... 2026-02-06T15:04:27.160 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x41e, Changed: 0x218 2026-02-06T15:04:28.012 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-shlwapi-legacy-l1-1-0.dll", hr=0x0 2026-02-06T15:04:28.212 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\pcat\pt-br\memtest.exe.mui", hr=0x0 2026-02-06T15:04:33.007 Engine:Setting original file name "memdiag.exe" for "c:\windows\winsxs\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.17763.107_sv-se_1b4fcd368d229221\memtest.exe.mui", hr=0x0 2026-02-06T15:04:33.314 Job Notification: Process exited from job (9596) 2026-02-06T15:04:33.598 [AutoPurge] Verification Routine tasks have ended. 2026-02-06T15:04:36.435 Engine:Setting original file name "MSIDENT.DLL.MUI" for "c:\windows\system32\en-us\msidntld.dll.mui", hr=0x0 2026-02-06T15:04:37.055 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-interlocked-l1-1-0.dll", hr=0x0 2026-02-06T15:04:37.290 Engine:Setting original file name "Windows SDK" for "c:\windows\system32\winmetadata\windows.services.winmd", hr=0x0 2026-02-06T15:04:39.898 Engine:Setting original file name "WIADSS DLL" for "c:\windows\syswow64\en-us\wiadss.dll.mui", hr=0x0 2026-02-06T15:04:40.322 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\pcat\fi-fi\memtest.exe.mui", hr=0x0 2026-02-06T15:04:43.714 Engine:Setting original file name ""MTF.DYNLINK"" for "c:\windows\winsxs\amd64_microsoft-windows-mtf_31bf3856ad364e35_10.0.17763.7919_none_f5cf7ad52d5df808\mtf.dll", hr=0x0 2026-02-06T15:04:46.054 Engine:Setting original file name "outllibr.dll" for "c:\program files\microsoft office\root\office16\outllibr.common.dll", hr=0x0 2026-02-06T15:04:53.524 Engine:Setting original file name "Audio_DiagPackage.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-a..iagnostic.resources_31bf3856ad364e35_10.0.17763.1_en-us_07405ada24951d3a\diagpackage.dll.mui", hr=0x0 2026-02-06T15:04:53.936 Engine:Setting original file name "ir41_32.ax.mui" for "c:\windows\winsxs\x86_microsoft-windows-i..o4-codecs.resources_31bf3856ad364e35_10.0.17763.1_en-us_92a66f78f66fddfc\ir41_32original.dll.mui", hr=0x0 2026-02-06T15:04:54.061 Engine:Setting original file name "Adobe PDF Toolbar for IE" for "c:\program files\common files\adobe\acrobat\wcieactivex\dc\acroiefavclient.dll", hr=0x0 2026-02-06T15:04:56.841 Engine:Setting original file name "DeviceCategories.dll" for "c:\windows\syswow64\ddores.dll", hr=0x0 2026-02-06T15:04:57.860 Engine:Setting original file name "SharedPC.CredentialProvider.dll.MUI" for "c:\windows\winsxs\amd64_microsoft-windows-s..lprovider.resources_31bf3856ad364e35_10.0.17763.1_en-us_dee4accf766e94d4\windows.sharedpc.credentialprovider.dll.mui", hr=0x0 2026-02-06T15:04:57.983 Engine:Setting original file name "AppSharingChromeHookController.exe" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\appsharinghookcontroller.exe", hr=0x0 2026-02-06T15:04:58.608 Engine:Setting original file name "msvcr100_clr0400.dll" for "c:\windows\syswow64\msvcr100.dll", hr=0x0 2026-02-06T15:04:59.019 Engine:Setting original file name "RasCredProv" for "c:\windows\winsxs\wow64_microsoft-windows-rasplap-mui.resources_31bf3856ad364e35_10.0.17763.1_en-us_8b7b75796fafa195\rasplap.dll.mui", hr=0x0 2026-02-06T15:04:59.798 Engine:Setting original file name "WMIC.exe" for "c:\windows\system32\wbem\wmic.exe", hr=0x0 2026-02-06T15:05:05.845 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-security-base-l1-1-0.dll", hr=0x0 2026-02-06T15:05:09.879 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-realtime-l1-1-0.dll", hr=0x0 2026-02-06T15:05:10.056 Engine:Setting original file name "aero.msstyles" for "c:\windows\resources\themes\aero\aerolite.msstyles", hr=0x0 2026-02-06T15:05:10.131 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\pcat\de-de\memtest.exe.mui", hr=0x0 2026-02-06T15:05:11.219 Engine:Setting original file name "WLRMNDR.EXE" for "c:\windows\system32\wlrmdr.exe", hr=0x0 2026-02-06T15:05:13.085 Engine:Setting original file name "hiberrsm.exe" for "c:\windows\system32\boot\en-us\winresume.efi.mui", hr=0x0 2026-02-06T15:05:14.283 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\de-de\memtest.efi.mui", hr=0x0 2026-02-06T15:05:14.899 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_6208593b31ff9592\api-ms-win-security-lsapolicy-l1-1-0.dll", hr=0x0 2026-02-06T15:05:15.200 Engine:Setting original file name "hiberrsm.exe" for "c:\windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.17763.8146_none_a8cce3593e637340\winresume.exe", hr=0x0 2026-02-06T15:05:15.218 Engine:Setting original file name "dcficons.exe" for "c:\program files\microsoft office\root\vfs\windows\installer\{90160000-000f-0000-1000-0000000ff1ce}\dbcicons.exe", hr=0x0 2026-02-06T15:05:15.485 Engine:Setting original file name "LicensingWinRuntime.dll" for "c:\windows\winsxs\amd64_microsoft-windows-security-spp-ux_31bf3856ad364e35_10.0.17763.7919_none_a90e016670d2a7af\licensingwinrt.dll", hr=0x0 2026-02-06T15:05:16.487 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-comm-l1-1-0.dll", hr=0x0 2026-02-06T15:05:17.889 Engine:Setting original file name "Microsoft.JScript.dll" for "c:\windows\winsxs\x86_netfx-scripting_engine_tlb_b03f5f7f11d50a3a_10.0.17763.1_none_71a956c570486d6b\microsoft.jscript.tlb", hr=0x0 2026-02-06T15:05:19.129 Engine:Setting original file name "PresentationNative" for "c:\manager\licence\bin\presentationnative_cor3.dll", hr=0x0 2026-02-06T15:05:19.768 Engine:Setting original file name "dpmodemx.dll" for "c:\windows\syswow64\dplaysvr.exe", hr=0x0 2026-02-06T15:05:20.200 Engine:Setting original file name "lhdfrgui.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-d..g-adminui.resources_31bf3856ad364e35_10.0.17763.1_en-us_a91c08b0bd0d09ea\dfrgui.exe.mui", hr=0x0 2026-02-06T15:05:20.330 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.media.winmd", hr=0x0 2026-02-06T15:05:20.619 Engine:Setting original file name "msfltr32.acm" for "c:\windows\winsxs\amd64_microsoft-windows-audio-mmecore-acm_31bf3856ad364e35_10.0.17763.1_none_d1ab73043932dad7\msacm32.dll", hr=0x0 2026-02-06T15:05:21.762 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-crt-filesystem-l1-1-0.dll", hr=0x0 2026-02-06T15:05:23.188 Engine:Setting original file name "gdi32" for "c:\windows\syswow64\gdi32full.dll", hr=0x0 2026-02-06T15:05:25.061 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-kernel32-private-l1-1-0.dll", hr=0x0 2026-02-06T15:05:28.202 Engine:Setting original file name "setup" for "c:\users\administrator\downloads\programs\python-3.12.1-amd64.exe", hr=0x0 2026-02-06T15:05:29.243 Engine:Setting original file name "dpmodemx.dll" for "c:\windows\syswow64\dpnaddr.dll", hr=0x0 2026-02-06T15:05:30.226 Engine:Setting original file name "System.Drawing.dll" for "c:\windows\microsoft.net\framework64\v2.0.50727\system.drawing.tlb", hr=0x0 2026-02-06T15:05:30.553 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.perception.winmd", hr=0x0 2026-02-06T15:05:31.505 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-datetime-l1-1-1.dll", hr=0x0 2026-02-06T15:05:31.636 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.security.winmd", hr=0x0 2026-02-06T15:05:32.005 Engine:Setting original file name "RRASUPG.DLL" for "c:\windows\winsxs\amd64_microsoft-windows-rasserver_31bf3856ad364e35_10.0.17763.8024_none_f9585f663982f226\rasmigplugin.dll", hr=0x0 2026-02-06T15:05:32.660 Engine:Setting original file name "osloader.exe" for "c:\windows\system32\winload.exe", hr=0x0 2026-02-06T15:05:34.842 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-heap-obsolete-l1-1-0.dll", hr=0x0 2026-02-06T15:05:35.410 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-threadpool-private-l1-1-0.dll", hr=0x0 2026-02-06T15:05:35.450 Engine:Setting original file name "Video_DiagPackage.dll.mui" for "c:\windows\diagnostics\system\video\en-us\diagpackage.dll.mui", hr=0x0 2026-02-06T15:05:37.147 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-io-l1-1-0.dll", hr=0x0 2026-02-06T15:05:38.679 Engine:Setting original file name "WEXTRACT.EXE .MUI" for "c:\windows\winsxs\amd64_microsoft-windows-ie-iexpress.resources_31bf3856ad364e35_11.0.17763.1_en-us_483cea70e7d68328\wextract.exe.mui", hr=0x0 2026-02-06T15:05:39.744 Engine:Setting original file name "msdxm.ocx" for "c:\windows\system32\dxmasf.dll", hr=0x0 2026-02-06T15:05:39.973 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\api-ms-win-crt-heap-l1-1-0.dll", hr=0x0 2026-02-06T15:05:40.482 Engine:Setting original file name "UccApp.dll" for "c:\program files\microsoft office\root\office16\uccapi.dll", hr=0x0 2026-02-06T15:05:41.843 Engine:Setting original file name "unpnhost.dll.mui" for "c:\windows\system32\en-us\upnphost.dll.mui", hr=0x0 2026-02-06T15:05:42.438 Engine:Setting original file name "mp4sdmod.dll" for "c:\windows\winsxs\amd64_microsoft-windows-mp4sdecd_31bf3856ad364e35_10.0.17763.7919_none_5c34cb3f3f29a7ed\mp4sdecd.dll", hr=0x0 2026-02-06T15:05:43.605 Engine:Setting original file name "UNKNOWN_FILE" for "c:\windows\winsxs\amd64_netfx4-scripting_engine_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_28bfff5fa28f873e\microsoft.jscript.tlb", hr=0x0 2026-02-06T15:05:45.513 Engine:Setting original file name "mscordaccore.dll" for "c:\users\administrator\downloads\compressed\managerserver\mscordaccore_amd64_amd64_8.0.624.26715.dll", hr=0x0 2026-02-06T15:05:45.738 Engine:Setting original file name "Tally Setup" for "c:\program files\tallyprimeeditlog (3)\setup.exe", hr=0x0 2026-02-06T15:05:45.887 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-libraryloader-l1-1-0.dll", hr=0x0 2026-02-06T15:05:47.351 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-eventing-legacy-l1-1-0.dll", hr=0x0 2026-02-06T15:05:50.920 Engine:Setting original file name "audioepb.dll.mui" for "c:\windows\system32\en-us\audioendpointbuilder.dll.mui", hr=0x0 2026-02-06T15:05:50.988 Engine:Setting original file name "ImagingDevices.cpl.mui" for "c:\windows\winsxs\x86_microsoft-windows-i..trolpanel.resources_31bf3856ad364e35_10.0.17763.1_en-us_6bdc508f71f0f023\imagingdevices.exe.mui", hr=0x0 2026-02-06T15:05:52.048 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-timezone-l1-1-0.dll", hr=0x0 2026-02-06T15:05:53.036 Engine:Setting original file name "penusa.dll" for "c:\program files (x86)\common files\microsoft shared\ink\penchs.dll", hr=0x0 2026-02-06T15:05:53.442 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-errorhandling-l1-1-0.dll", hr=0x0 2026-02-06T15:05:53.689 Engine:Setting original file name "MSVidCtl" for "c:\windows\system32\en-us\msvidctl.dll.mui", hr=0x0 2026-02-06T15:05:53.856 Engine:Setting original file name "sbscmp10.dll" for "c:\windows\winsxs\x86_netfx-sbs_sys_enterprisesvc_dll_31bf3856ad364e35_10.0.17763.1_none_f5d0a7ecc59d9f58\sbs_system.enterpriseservices.dll", hr=0x0 2026-02-06T15:05:54.012 Engine:Setting original file name "Windows SDK" for "c:\windows\system32\winmetadata\windows.media.winmd", hr=0x0 2026-02-06T15:05:54.709 Engine:Setting original file name "TARGET_NAME.dll" for "c:\program files\microsoft office\root\office16\cpprestsdk.dll", hr=0x0 2026-02-06T15:05:54.994 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-file-l1-2-1.dll", hr=0x0 2026-02-06T15:05:56.421 Engine:Setting original file name "powershell.exe" for "c:\windows\system32\windowspowershell\v1.0\powershell.exe", hr=0x0 2026-02-06T15:05:58.198 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-eventing-classicprovider-l1-1-0.dll", hr=0x0 2026-02-06T15:05:59.263 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-registry-l2-1-0.dll", hr=0x0 2026-02-06T15:05:59.403 Engine:Setting original file name "SensorsPerformanceEvents.dll.mui" for "c:\windows\system32\en-us\sensorperformanceevents.dll.mui", hr=0x0 2026-02-06T15:05:59.581 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-threadpool-l1-2-0.dll", hr=0x0 2026-02-06T15:05:59.688 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-memory-l1-1-1.dll", hr=0x0 2026-02-06T15:06:00.015 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\api-ms-win-core-file-l2-1-0.dll", hr=0x0 2026-02-06T15:06:00.614 Engine:Setting original file name "LODCTR.DLL.MUI" for "c:\windows\winsxs\amd64_microsoft-windows-p..xecutable.resources_31bf3856ad364e35_10.0.17763.1_en-us_5a008fb4bc58faa4\loadperf.dll.mui", hr=0x0 2026-02-06T15:06:02.149 Engine:Setting original file name "empty" for "c:\manager\licence\bin\clrcompression.dll", hr=0x0 2026-02-06T15:06:04.092 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-memory-l1-1-2.dll", hr=0x0 2026-02-06T15:06:04.596 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-fibers-l1-1-0.dll", hr=0x0 2026-02-06T15:06:05.408 Engine:Setting original file name "Microsoft® Windows® Operating System" for "c:\windows\system32\aitstatic.exe", hr=0x0 2026-02-06T15:06:07.325 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-io-l1-1-0.dll", hr=0x0 2026-02-06T15:06:08.805 Engine:Setting original file name "MSCOREE.DLL" for "c:\windows\winsxs\amd64_netfx-mscoree_tlb_b03f5f7f11d50a3a_10.0.17763.1_none_57db62d5ffb05363\mscoree.tlb", hr=0x0 2026-02-06T15:06:09.075 Engine:Setting original file name "setup" for "c:\programdata\package cache\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}\vc_redist.x86.exe", hr=0x0 2026-02-06T15:06:09.294 Engine:Setting original file name "System.EnterpriseServices.dll" for "c:\windows\winsxs\amd64_netfx4-system_enterpriseservices_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_18a048c882317d25\system.enterpriseservices.tlb", hr=0x0 2026-02-06T15:06:10.033 Engine:Setting original file name "targetmgr" for "c:\windows\winsxs\amd64_microsoft-windows-f..targetmgr.resources_31bf3856ad364e35_10.0.17763.1_en-us_61e66740e8f216f5\targetmgr.exe.mui", hr=0x0 2026-02-06T15:06:10.889 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-c..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_c8bf93a1ea0d4b2f\api-ms-win-core-com-l1-1-0.dll", hr=0x0 2026-02-06T15:06:11.630 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\it-it\memtest.efi.mui", hr=0x0 2026-02-06T15:06:12.043 Engine:Setting original file name "KMDDSP.TSP.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-rasbase.resources_31bf3856ad364e35_10.0.17763.1_en-us_4edd7b2b0dcac8a6_kmddsp.tsp.mui_80ddeedb", hr=0x0 2026-02-06T15:06:12.766 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.devices.winmd", hr=0x0 2026-02-06T15:06:12.941 Engine:Setting original file name "BCP47Lang.dll" for "c:\windows\system32\bcp47langs.dll", hr=0x0 2026-02-06T15:06:14.677 Engine:Setting original file name "HeidiSQL" for "c:\program files (x86)\common files\mariadbshared\heidisql\heidisql.exe", hr=0x0 2026-02-06T15:06:16.187 Engine:Setting original file name "git.exe" for "c:\program files\git\cmd\git-gui.exe", hr=0x0 2026-02-06T15:06:17.276 Engine:Setting original file name "Windows.Internal.ShellCommon.DevicePairingExperienceMEM.dll.MUI" for "c:\windows\system32\en-us\devicepairingexperiencemem.dll.mui", hr=0x0 2026-02-06T15:06:17.390 Engine:Setting original file name "winsqlite3" for "c:\windows\system32\winsqlite3.dll", hr=0x0 2026-02-06T15:06:19.057 Engine:Setting original file name "System.Drawing.dll" for "c:\windows\microsoft.net\framework\v2.0.50727\system.drawing.tlb", hr=0x0 2026-02-06T15:06:21.148 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\zh-tw\msprivs.dll.mui", hr=0x0 2026-02-06T15:06:23.172 Engine:Setting original file name "bootres" for "c:\windows\winsxs\amd64_microsoft-windows-bootres.resources_31bf3856ad364e35_10.0.17763.1_en-us_d28b5274aecae1e5\bootres.dll.mui", hr=0x0 2026-02-06T15:06:24.641 Engine:Setting original file name "Windows SDK" for "c:\windows\system32\winmetadata\windows.storage.winmd", hr=0x0 2026-02-06T15:06:26.128 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\zh-cn\memtest.efi.mui", hr=0x0 2026-02-06T15:06:26.139 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-timezone-l1-1-0.dll", hr=0x0 2026-02-06T15:06:27.378 Engine:Setting original file name "DeviceCategories.dll" for "c:\windows\system32\ddores.dll", hr=0x0 2026-02-06T15:06:27.650 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-url-l1-1-0.dll", hr=0x0 2026-02-06T15:06:27.667 Engine:Setting original file name "PSAPI" for "c:\windows\syswow64\psapi.dll", hr=0x0 2026-02-06T15:06:27.864 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-processthreads-l1-1-2.dll", hr=0x0 2026-02-06T15:06:28.920 Engine:Setting original file name "shimconsole.exe" for "c:\program files\common files\oracle\java\javapath_target_1206494656\java.exe", hr=0x0 2026-02-06T15:06:30.665 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-xstate-l2-1-0.dll", hr=0x0 2026-02-06T15:06:33.679 Engine:Setting original file name "sens.dll.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-sens-service.resources_31bf3856ad364e35_10.0.17763.1_en-us_0607cde57a2ea2cc_sens.dll.mui_64739194", hr=0x0 2026-02-06T15:06:34.157 Engine:Setting original file name "bootstr.exe.mui" for "c:\windows\system32\en-us\bootstr.dll.mui", hr=0x0 2026-02-06T15:06:36.919 Engine:Setting original file name "Adobe PDF Toolbar for IE" for "c:\program files\common files\adobe\acrobat\wcieactivex\dc\x64\acroiefavstub.dll", hr=0x0 2026-02-06T15:06:36.962 Engine:Setting original file name "nbtinfo.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-nbtstat.resources_31bf3856ad364e35_10.0.17763.1_en-us_ac36a91c73bfce21\nbtstat.exe.mui", hr=0x0 2026-02-06T15:06:37.227 Engine:Setting original file name "NearByShareExperience.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-i..xperience.resources_31bf3856ad364e35_10.0.17763.1_en-us_eca21517d6d5f82e\microsoft-windows-internal-shell-nearshareexperience.dll.mui", hr=0x0 2026-02-06T15:06:38.937 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-processthreads-l1-1-2.dll", hr=0x0 2026-02-06T15:06:39.977 Engine:Setting original file name ""mshwLatin.dll".mui" for "c:\program files (x86)\common files\microsoft shared\ink\en-us\mshwlatin.dll.mui", hr=0x0 2026-02-06T15:06:42.599 Engine:Setting original file name "WindowsSpeakerReco.dll" for "c:\program files\microsoft office\root\office16\windowsspeakerrecosdk.dll", hr=0x0 2026-02-06T15:06:42.740 Engine:Setting original file name "WIADSS DLL" for "c:\windows\winsxs\amd64_microsoft-windows-w..aincompat.resources_31bf3856ad364e35_10.0.17763.1_en-us_42a2f01362154e35\wiadss.dll.mui", hr=0x0 2026-02-06T15:06:43.033 Engine:Setting original file name "WerMgr" for "c:\windows\system32\wermgr.exe", hr=0x0 2026-02-06T15:06:43.491 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-eventlog-legacy-l1-1-0.dll", hr=0x0 2026-02-06T15:06:43.967 Engine:Setting original file name "ScreenMagnifier.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-magnify.resources_31bf3856ad364e35_10.0.17763.1_en-us_e652eaab44cc724a\magnify.exe.mui", hr=0x0 2026-02-06T15:06:44.722 Engine:Setting original file name "MMFUtil.exe.mui" for "c:\windows\winsxs\wow64_microsoft-windows-w..t-snapins.resources_31bf3856ad364e35_10.0.17763.1_en-us_d3fb56d7d58de414\mmfutil.dll.mui", hr=0x0 2026-02-06T15:06:47.847 Engine:Setting original file name "DefaultGPOFix" for "c:\windows\winsxs\x86_microsoft-windows-g..o-restore.resources_31bf3856ad364e35_10.0.17763.1_en-us_6321be2e49b57bc1\dcgpofix.exe.mui", hr=0x0 2026-02-06T15:06:48.406 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\qps-ploc\memtest.efi.mui", hr=0x0 2026-02-06T15:06:49.702 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\fi-fi\memtest.efi.mui", hr=0x0 2026-02-06T15:06:50.458 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\office16\api-ms-win-core-localization-l1-2-0.dll", hr=0x0 2026-02-06T15:06:51.300 Engine:Setting original file name "user32" for "c:\windows\syswow64\user32.dll", hr=0x0 2026-02-06T15:06:51.844 Engine:Setting original file name "Windows.StateRepositoryBroker.dll" for "c:\windows\system32\windows.staterepositoryclient.dll", hr=0x0 2026-02-06T15:06:54.049 Engine:Setting original file name "security.dll" for "c:\windows\syswow64\sspicli.dll", hr=0x0 2026-02-06T15:06:55.947 Engine:Setting original file name "Microsoft® Windows® Operating System" for "c:\windows\winsxs\amd64_microsoft-windows-a..on-logger.resources_31bf3856ad364e35_10.0.17763.1_en-us_8a5e32c180625499\aeevts.dll.mui", hr=0x0 2026-02-06T15:06:57.703 Engine:Setting original file name "clusapi" for "c:\windows\system32\en-us\clusapi.dll.mui", hr=0x0 2026-02-06T15:06:58.206 Engine:Setting original file name "filterLib.dll" for "c:\windows\syswow64\fltlib.dll", hr=0x0 2026-02-06T15:07:01.563 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-crt-stdio-l1-1-0.dll", hr=0x0 2026-02-06T15:07:02.647 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\office16\api-ms-win-crt-private-l1-1-0.dll", hr=0x0 2026-02-06T15:07:03.798 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-synch-l1-1-0.dll", hr=0x0 2026-02-06T15:07:03.891 Engine:Setting original file name "user32" for "c:\windows\system32\user32.dll", hr=0x0 2026-02-06T15:07:03.902 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_6208593b31ff9592\api-ms-win-eventing-controller-l1-1-0.dll", hr=0x0 2026-02-06T15:07:06.208 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-shlwapi-obsolete-l1-1-0.dll", hr=0x0 2026-02-06T15:07:07.336 Engine:Setting original file name "netcfgx.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-tcpip.resources_31bf3856ad364e35_10.0.17763.1_en-us_bd08633e254d6a99\tcpipcfg.dll.mui", hr=0x0 2026-02-06T15:07:08.450 Engine:Setting original file name " " for "c:\program files\microsoft vs code\unins000.exe", hr=0x0 2026-02-06T15:07:08.652 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-processenvironment-l1-2-0.dll", hr=0x0 2026-02-06T15:07:09.235 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\api-ms-win-crt-multibyte-l1-1-0.dll", hr=0x0 2026-02-06T15:07:09.366 Engine:Setting original file name "Tally Setup" for "c:\program files\tallyprimeeditlog (2)\setup.exe", hr=0x0 2026-02-06T15:07:09.704 Engine:Setting original file name "MSCOREE.DLL" for "c:\windows\winsxs\x86_netfx4-mscoree_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_d337c9373f0e13b8\mscoree.tlb", hr=0x0 2026-02-06T15:07:15.882 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\nl-nl\memtest.efi.mui", hr=0x0 2026-02-06T15:07:16.399 Engine:Setting original file name "CertPKICmdlet" for "c:\windows\winsxs\amd64_microsoft.certifica..ts.native.resources_31bf3856ad364e35_10.0.17763.1_en-us_c877ddc9c9d4decb\certpkicmdlet.dll.mui", hr=0x0 2026-02-06T15:07:17.423 Engine:Setting original file name "w32time.dll.mui" for "c:\windows\system32\en-us\w32tm.exe.mui", hr=0x0 2026-02-06T15:07:19.496 Engine:Setting original file name "sbscmp10.dll" for "c:\windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.17763.1_none_fb1eb83d06e1a353\sharedreg12.dll", hr=0x0 2026-02-06T15:07:19.736 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\x86_microsoft-windows-o..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_d5c4712a21f80a67\api-ms-win-shcore-stream-l1-1-0.dll", hr=0x0 2026-02-06T15:07:20.461 Engine:Setting original file name "DWrite" for "c:\windows\system32\en-us\dwrite.dll.mui", hr=0x0 2026-02-06T15:07:22.505 Engine:Setting original file name "XLCALL.DLL" for "c:\program files\microsoft office\root\office16\xlcall32.dll", hr=0x0 2026-02-06T15:07:22.980 Engine:Setting original file name ""EventTracingManagement.dll".mui" for "c:\windows\winsxs\amd64_microsoft-windows-e..2provider.resources_31bf3856ad364e35_10.0.17763.1_en-us_4338e3bad64c10c7\eventtracingmanagement.dll.mui", hr=0x0 2026-02-06T15:07:23.294 Engine:Setting original file name "Windows SDK" for "c:\windows\system32\winmetadata\windows.data.winmd", hr=0x0 2026-02-06T15:07:24.515 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-file-l2-1-1.dll", hr=0x0 2026-02-06T15:07:26.408 Engine:Setting original file name "libssl" for "c:\program files (x86)\internet download manager\libssl.dll", hr=0x0 2026-02-06T15:07:27.040 Engine:Setting original file name "sqlaccess" for "c:\windows\winsxs\amd64_microsoft-windows-wid_31bf3856ad364e35_10.0.17763.1_none_9870f12fb40ec83a\sqlaccess.dll", hr=0x0 2026-02-06T15:07:27.173 Engine:Setting original file name "MFC40.DLL.MUI" for "c:\windows\syswow64\en-us\mfc40u.dll.mui", hr=0x0 2026-02-06T15:07:27.256 Engine:Setting original file name "idmmzcc.dll" for "c:\program files (x86)\internet download manager\idmmzcc7_64.dll", hr=0x0 2026-02-06T15:07:27.321 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-debug-l1-1-1.dll", hr=0x0 2026-02-06T15:07:28.540 Engine:Setting original file name "URLRedirection.dll" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\urlredir.dll", hr=0x0 2026-02-06T15:07:28.617 Engine:Setting original file name "penusa.dll" for "c:\program files (x86)\common files\microsoft shared\ink\pipres.dll", hr=0x0 2026-02-06T15:07:29.149 Engine:Setting original file name "MSACC9.OLB" for "c:\program files\microsoft office\root\office16\msacc.olb", hr=0x0 2026-02-06T15:07:31.208 Engine:Setting original file name "Apphelp" for "c:\windows\winsxs\backup\wow64_microsoft-windows-a..structure.resources_31bf3856ad364e35_10.0.17763.1_en-us_f342dcde232b0063_apphelp.dll.mui_59096153", hr=0x0 2026-02-06T15:07:31.529 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_6208593b31ff9592\api-ms-win-security-cryptoapi-l1-1-0.dll", hr=0x0 2026-02-06T15:07:32.146 Engine:Setting original file name "imapi.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-i..egacyshim.resources_31bf3856ad364e35_10.0.17763.1_en-us_143a195f713bf014\imapi.dll.mui", hr=0x0 2026-02-06T15:07:32.996 Engine:Setting original file name "TSSignTool.exe.mui" for "c:\windows\system32\en-us\rdpsign.exe.mui", hr=0x0 2026-02-06T15:07:33.525 Engine:Setting original file name "msvcr100_clr0400.dll" for "c:\windows\system32\msvcr100.dll", hr=0x0 2026-02-06T15:07:36.859 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\office16\api-ms-win-core-processthreads-l1-1-1.dll", hr=0x0 2026-02-06T15:07:38.124 Engine:Setting original file name "Microsoft.Vsa.dll" for "c:\windows\microsoft.net\framework64\v2.0.50727\microsoft.vsa.tlb", hr=0x0 2026-02-06T15:07:38.559 Engine:Setting original file name "filterLib.dll.mui" for "c:\windows\system32\en-us\fltlib.dll.mui", hr=0x0 2026-02-06T15:07:39.473 Engine:Setting original file name ""TextInputFramework.DYNLINK"" for "c:\windows\system32\textinputframework.dll", hr=0x0 2026-02-06T15:07:39.743 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-processthreads-l1-1-1.dll", hr=0x0 2026-02-06T15:07:42.203 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-eventing-controller-l1-1-0.dll", hr=0x0 2026-02-06T15:07:42.548 Engine:Setting original file name "PCW_DiagPackage.dll.mui" for "c:\windows\diagnostics\system\pcw\en-us\diagpackage.dll.mui", hr=0x0 2026-02-06T15:07:45.875 Engine:Setting original file name "WUDFHost.exe.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-d..-usermode.resources_31bf3856ad364e35_10.0.17763.1_en-us_b7aa707aafd4e071_wudfhost.exe.mui_1fc689ff", hr=0x0 2026-02-06T15:07:46.484 Engine:Setting original file name "git.exe" for "c:\program files\git\cmd\scalar.exe", hr=0x0 2026-02-06T15:07:46.863 Engine:Setting original file name "sbscmp10.dll" for "c:\windows\winsxs\x86_netfx-sbs_mscorrc_dll_31bf3856ad364e35_10.0.17763.1_none_36012ac10d1b059e\sbs_mscorrc.dll", hr=0x0 2026-02-06T15:07:47.212 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\office16\api-ms-win-crt-stdio-l1-1-0.dll", hr=0x0 2026-02-06T15:07:47.727 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-service-management-l1-1-0.dll", hr=0x0 2026-02-06T15:07:48.153 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-delayload-l1-1-0.dll", hr=0x0 2026-02-06T15:07:49.251 Engine:Setting original file name "evcreate.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-eventcreate.resources_31bf3856ad364e35_10.0.17763.1_en-us_093c3fa01f64dd5f\eventcreate.exe.mui", hr=0x0 2026-02-06T15:07:54.031 Engine:Setting original file name "MSPPT12.OLB" for "c:\program files\microsoft office\root\office16\msppt.olb", hr=0x0 2026-02-06T15:07:54.869 Engine:Setting original file name "MrmCore.dll" for "c:\windows\syswow64\mrmcorer.dll", hr=0x0 2026-02-06T15:07:54.884 Engine:Setting original file name "penusa.dll" for "c:\program files (x86)\common files\microsoft shared\ink\skchobj.dll", hr=0x0 2026-02-06T15:07:56.005 Engine:Setting original file name "CLEANMGR.DLL.MUI" for "c:\windows\system32\en-us\cleanmgr.exe.mui", hr=0x0 2026-02-06T15:07:56.185 Engine:Setting original file name "Android Studio" for "c:\program files\android\android studio\uninstall.exe", hr=0x0 2026-02-06T15:07:57.040 Engine:Setting original file name "ServDeps.exe.mui" for "c:\windows\winsxs\wow64_microsoft-windows-w..t-snapins.resources_31bf3856ad364e35_10.0.17763.1_en-us_d3fb56d7d58de414\servdeps.dll.mui", hr=0x0 2026-02-06T15:08:00.848 Engine:Setting original file name "AppVEntSubsystems.dll" for "c:\windows\syswow64\appventsubsystems32.dll", hr=0x0 2026-02-06T15:08:01.219 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-profile-l1-1-0.dll", hr=0x0 2026-02-06T15:08:02.783 Engine:Setting original file name ".NET Host Policy - 5.0.0" for "c:\manager\licence\bin\hostpolicy.dll", hr=0x0 2026-02-06T15:08:03.221 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-handle-l1-1-0.dll", hr=0x0 2026-02-06T15:08:03.407 Engine:Setting original file name "oledsldp" for "c:\windows\system32\en-us\adsmsext.dll.mui", hr=0x0 2026-02-06T15:08:03.564 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-memory-l1-1-2.dll", hr=0x0 2026-02-06T15:08:03.829 Engine:Setting original file name "VpnSohDesktop.dll.mui" for "c:\windows\system32\en-us\windows.perception.stub.dll.mui", hr=0x0 2026-02-06T15:08:03.969 Engine:Setting original file name "CertCli" for "c:\windows\system32\en-us\certcli.dll.mui", hr=0x0 2026-02-06T15:08:06.138 Engine:Setting original file name "iccvid.drv.mui" for "c:\windows\syswow64\en-us\iccvid.dll.mui", hr=0x0 2026-02-06T15:08:06.606 Engine:Setting original file name "setup" for "c:\programdata\package cache\{e7a7b1c1-36dd-4cae-bfcb-8bc676ab68c3}\powershell-7.5.4-win-x64.exe", hr=0x0 2026-02-06T15:08:06.651 Engine:Setting original file name "mavinject64.exe" for "c:\windows\system32\mavinject.exe", hr=0x0 2026-02-06T15:08:06.799 Engine:Setting original file name "AppVEntSubsystems.dll" for "c:\windows\system32\appventsubsystems64.dll", hr=0x0 2026-02-06T15:08:07.155 Engine:Setting original file name "winsqlite3" for "c:\windows\winsxs\wow64_microsoft-windows-winsqlite3_31bf3856ad364e35_10.0.17763.5696_none_6e26d5082fb1d30b\winsqlite3.dll", hr=0x0 2026-02-06T15:08:08.195 Engine:Setting original file name "audioadg.exe.mui" for "c:\windows\system32\en-us\audiodg.exe.mui", hr=0x0 2026-02-06T15:08:08.348 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.data.winmd", hr=0x0 2026-02-06T15:08:09.333 Engine:Setting original file name "FX_VER_INTERNALNAME_STR" for "c:\manager\licence\bin\mscorrc.dll", hr=0x0 2026-02-06T15:08:10.997 Engine:Setting original file name "GitHub Desktop" for "c:\users\administrator\appdata\local\githubdesktop\githubdesktop.exe", hr=0x0 2026-02-06T15:08:11.159 Engine:Setting original file name "MSCORLIB.DLL" for "c:\windows\winsxs\x86_netfx4-mscorlib_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_53015c3aad4760ed\mscorlib.tlb", hr=0x0 2026-02-06T15:08:12.534 Engine:Setting original file name "dxmasf.dll" for "c:\windows\syswow64\msdxm.ocx", hr=0x0 2026-02-06T15:08:14.465 Engine:Setting original file name "gprslt.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-g..linetools.resources_31bf3856ad364e35_10.0.17763.1_en-us_84d8c08cfe8bdc4e\gpresult.exe.mui", hr=0x0 2026-02-06T15:08:16.131 Engine:Setting original file name "SSystemPropertiesProtection.EXE.MUI" for "c:\windows\system32\en-us\systempropertiesprotection.exe.mui", hr=0x0 2026-02-06T15:08:16.282 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-datetime-l1-1-1.dll", hr=0x0 2026-02-06T15:08:17.496 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\api-ms-win-crt-filesystem-l1-1-0.dll", hr=0x0 2026-02-06T15:08:17.571 Engine:Setting original file name "UNKNOWN_FILE" for "c:\windows\winsxs\x86_netfx-sys_windows_forms_tlb_b03f5f7f11d50a3a_10.0.17763.1_none_54001bc1d6d8ab30\system.windows.forms.tlb", hr=0x0 2026-02-06T15:08:18.907 Engine:Setting original file name "mpg4dmod.dll" for "c:\windows\system32\mp43decd.dll", hr=0x0 2026-02-06T15:08:19.973 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-sysinfo-l1-2-0.dll", hr=0x0 2026-02-06T15:08:20.213 Engine:Setting original file name "WMIC.exe" for "c:\windows\winsxs\wow64_microsoft-windows-w..ommand-line-utility_31bf3856ad364e35_10.0.17763.1_none_9cc4699659612012\wmic.exe", hr=0x0 2026-02-06T15:08:20.691 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-shutdown-l1-1-0.dll", hr=0x0 2026-02-06T15:08:22.570 Engine:Setting original file name "ndisimplatwmi.DLL.MUI" for "c:\windows\syswow64\wbem\en-us\ndisimplatcim.dll.mui", hr=0x0 2026-02-06T15:08:23.182 Engine:Setting original file name "mscordaccore.dll" for "c:\users\administrator\downloads\compressed\managerserver-win-x64_10\mscordaccore_amd64_amd64_8.0.724.31311.dll", hr=0x0 2026-02-06T15:08:23.408 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-stringansi-l1-1-0.dll", hr=0x0 2026-02-06T15:08:24.751 Engine:Setting original file name "KSLDriver.sys" for "c:\windows\system32\mpenginestore\mpksldrv.sys", hr=0x0 2026-02-06T15:08:26.015 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\pt-br\msprivs.dll.mui", hr=0x0 2026-02-06T15:08:28.022 Engine:Setting original file name "Tally Setup" for "c:\program files\tallyprimeeditlog (1)\setup.exe", hr=0x0 2026-02-06T15:08:28.744 Engine:Setting original file name "SaveAsWebVML.vsl" for "c:\program files\microsoft office\root\office16\savwbras.dll", hr=0x0 2026-02-06T15:08:29.286 Engine:Setting original file name "msedgeupdate.dll" for "c:\program files (x86)\microsoft\edgeupdate\1.3.217.3\psmachine_64.dll", hr=0x0 2026-02-06T15:08:30.488 Engine:Setting original file name "devinfoset.DLL" for "c:\windows\winsxs\wow64_microsoft-onecore-pnp-devicemanagement_31bf3856ad364e35_10.0.17763.2145_none_9b5bd494641118e6\devobj.dll", hr=0x0 2026-02-06T15:08:30.555 Engine:Setting original file name "Ribbons" for "c:\windows\winsxs\amd64_microsoft-windows-ribbons.resources_31bf3856ad364e35_10.0.17763.1_en-us_ec3052a9df5f4b2c\ribbons.scr.mui", hr=0x0 2026-02-06T15:08:35.483 Engine:Setting original file name "Mystify" for "c:\windows\winsxs\amd64_microsoft-windows-mystify.resources_31bf3856ad364e35_10.0.17763.1_en-us_3eaef1343edc066c\mystify.scr.mui", hr=0x0 2026-02-06T15:08:36.152 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-memory-l1-1-0.dll", hr=0x0 2026-02-06T15:08:37.810 Engine:Setting original file name "SETUP.EXE.MUI" for "c:\windows\syswow64\en-us\setup16.exe.mui", hr=0x0 2026-02-06T15:08:38.605 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-xstate-l1-1-0.dll", hr=0x0 2026-02-06T15:08:39.732 Engine:Setting original file name "FontCacheService" for "c:\windows\system32\en-us\fntcache.dll.mui", hr=0x0 2026-02-06T15:08:41.164 Engine:Setting original file name "BITS_DiagPackage.dll.mui" for "c:\windows\diagnostics\system\bits\en-us\diagpackage.dll.mui", hr=0x0 2026-02-06T15:08:45.305 Engine:Setting original file name "SOA1000.DLL" for "c:\program files\microsoft office\root\office16\soa.dll", hr=0x0 2026-02-06T15:08:45.618 Engine:Setting original file name "MPRDIM.DLL.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-rasserver.resources_31bf3856ad364e35_10.0.17763.1_en-us_6c06fe2b1464c7cc_mprdim.dll.mui_11b5ef08", hr=0x0 2026-02-06T15:08:46.036 Engine:Setting original file name "msvcr100_clr0400.dll" for "c:\program files\microsoft office\root\vfs\system\msvcr100.dll", hr=0x0 2026-02-06T15:08:46.656 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-localization-obsolete-l1-2-0.dll", hr=0x0 2026-02-06T15:08:46.973 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-crt-private-l1-1-0.dll", hr=0x0 2026-02-06T15:08:50.523 Engine:Setting original file name "memdiag.exe" for "c:\windows\winsxs\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.17763.107_ru-ru_7f54e2c195f987c6\memtest.exe.mui", hr=0x0 2026-02-06T15:08:50.753 Engine:Setting original file name "MSJINT40.DLL" for "c:\windows\syswow64\en-us\msjint40.dll.mui", hr=0x0 2026-02-06T15:08:52.104 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\el-gr\msprivs.dll.mui", hr=0x0 2026-02-06T15:08:53.076 Engine:Setting original file name "MediumIL" for "c:\program files (x86)\internet download manager\mediumilstart.exe", hr=0x0 2026-02-06T15:08:53.363 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-crt-conio-l1-1-0.dll", hr=0x0 2026-02-06T15:08:54.720 Engine:Setting original file name "CMMIGR.DLL" for "c:\windows\syswow64\setup\pbkmigr.dll", hr=0x0 2026-02-06T15:08:55.127 Engine:Setting original file name "digsig32.dll" for "c:\program files\microsoft office\root\office16\exsec32.dll", hr=0x0 2026-02-06T15:08:56.193 Engine:Setting original file name "DeviceCategories.dll.mui" for "c:\windows\system32\en-us\ddores.dll.mui", hr=0x0 2026-02-06T15:08:56.596 Engine:Setting original file name "EtwEseProviderResources" for "c:\windows\winsxs\wow64_microsoft-etw-ese.resources_31bf3856ad364e35_10.0.17763.1_en-us_ef6d6d2b6c07370c\etweseproviderresources.dll.mui", hr=0x0 2026-02-06T15:09:01.731 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-processenvironment-l1-2-0.dll", hr=0x0 2026-02-06T15:09:04.207 Engine:Setting original file name "WUDFPf.sys.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-d..-usermode.resources_31bf3856ad364e35_10.0.17763.1_en-us_b7aa707aafd4e071_wudfpf.sys.mui_f61e9e86", hr=0x0 2026-02-06T15:09:04.646 Engine:Setting original file name "TSThemeS.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-t..ces-theme.resources_31bf3856ad364e35_10.0.17763.1_en-us_c2c2ce7a9a17fba3\tstheme.exe.mui", hr=0x0 2026-02-06T15:09:07.145 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-memory-l1-1-1.dll", hr=0x0 2026-02-06T15:09:07.222 Engine:Setting original file name "Microsoft.RightsManagementServices.Admin.SnapinAbout.dll.MUI" for "c:\windows\winsxs\amd64_microsoft-windows-r..resources.resources_31bf3856ad364e35_10.0.17763.1_en-us_55b81315ae52fc40\microsoft.rightsmanagementservices.admin.snapinaboutresource.dll.mui", hr=0x0 2026-02-06T15:09:07.462 Engine:Setting original file name "DynaMon.dll.mui" for "c:\windows\system32\en-us\usbmon.dll.mui", hr=0x0 2026-02-06T15:09:08.545 Engine:Setting original file name "ISOLMIG.DLL" for "c:\windows\syswow64\migisol.dll", hr=0x0 2026-02-06T15:09:08.775 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\pcat\el-gr\memtest.exe.mui", hr=0x0 2026-02-06T15:09:08.881 Engine:Setting original file name "Device_DiagPackage.dll.mui" for "c:\windows\diagnostics\system\device\en-us\diagpackage.dll.mui", hr=0x0 2026-02-06T15:09:13.424 Engine:Setting original file name "Microsoft.JScript.dll" for "c:\windows\winsxs\amd64_netfx-scripting_engine_tlb_b03f5f7f11d50a3a_10.0.17763.1_none_29fc1fee5bcc4465\microsoft.jscript.tlb", hr=0x0 2026-02-06T15:09:13.445 Engine:Setting original file name "ProMgr.dll" for "c:\program files\microsoft office\root\office16\propmgr.dll", hr=0x0 2026-02-06T15:09:13.782 Engine:Setting original file name "WLRMNDR.EXE.MUI" for "c:\windows\winsxs\amd64_microsoft-windows-w..gon-tools.resources_31bf3856ad364e35_10.0.17763.1_en-us_06727a76e9dd94de\wlrmdr.exe.mui", hr=0x0 2026-02-06T15:09:16.419 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\sv-se\memtest.efi.mui", hr=0x0 2026-02-06T15:09:16.692 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-base-util-l1-1-0.dll", hr=0x0 2026-02-06T15:09:18.167 Engine:Setting original file name "SaveAsWebHF.vsl" for "c:\program files\microsoft office\root\office16\savwbhf.dll", hr=0x0 2026-02-06T15:09:19.436 Engine:Setting original file name "libcrypto" for "c:\program files (x86)\internet download manager\libcrypto.dll", hr=0x0 2026-02-06T15:09:19.713 Engine:Setting original file name "Register-CimProvider2.exe.mui" for "c:\windows\winsxs\wow64_microsoft-windows-w..vider-exe.resources_31bf3856ad364e35_10.0.17763.1_en-us_25273528434aea61\register-cimprovider.exe.mui", hr=0x0 2026-02-06T15:09:20.569 Engine:Setting original file name "ProjectModel.dll" for "c:\program files\microsoft office\root\office16\projmodl.dll", hr=0x0 2026-02-06T15:09:21.188 Engine:Setting original file name "gdi32" for "c:\windows\system32\gdi32.dll", hr=0x0 2026-02-06T15:09:21.585 Engine:Setting original file name "schtasks.exe" for "c:\windows\system32\schtasks.exe", hr=0x0 2026-02-06T15:09:22.046 Engine:Setting original file name "utilman2.exe.mui" for "c:\windows\system32\en-us\utilman.exe.mui", hr=0x0 2026-02-06T15:09:24.911 Engine:Setting original file name "dwmcore" for "c:\windows\winsxs\amd64_microsoft-windows-d..ompositor.resources_31bf3856ad364e35_10.0.17763.1_en-us_54404e4dd1f94676\dwmcore.dll.mui", hr=0x0 2026-02-06T15:09:27.237 Engine:Setting original file name " " for "c:\users\administrator\downloads\composer-setup.exe", hr=0x0 2026-02-06T15:09:28.061 Engine:Setting original file name "mapistub.dll" for "c:\windows\system32\mapi32.dll", hr=0x0 2026-02-06T15:09:28.492 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-security-sddl-l1-1-0.dll", hr=0x0 2026-02-06T15:09:29.061 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-threadpool-private-l1-1-0.dll", hr=0x0 2026-02-06T15:09:29.197 Engine:Setting original file name "LyncHtmlConvPxy.cnv" for "c:\program files\microsoft office\root\office16\lynchtmlconvpxy.dll", hr=0x0 2026-02-06T15:09:30.465 Engine:Setting original file name "Adobe PDF Toolbar for IE" for "c:\program files\common files\adobe\acrobat\wcieactivex\dc\x64\acroiefavclient.dll", hr=0x0 2026-02-06T15:09:32.530 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-file-l1-2-1.dll", hr=0x0 2026-02-06T15:09:42.431 Engine:Setting original file name "WindowsUpdate_DiagPackage.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_10.0.17763.1_en-us_72c71197add3cdc6\diagpackage.dll.mui", hr=0x0 2026-02-06T15:09:43.362 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-stringloader-l1-1-1.dll", hr=0x0 2026-02-06T15:09:44.255 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-crt-multibyte-l1-1-0.dll", hr=0x0 2026-02-06T15:09:44.789 Engine:Setting original file name "sbscmp10.dll" for "c:\windows\winsxs\x86_netfx-sbs_wminet_utils_dll_31bf3856ad364e35_10.0.17763.1_none_9542401b25897567\sbs_wminet_utils.dll", hr=0x0 2026-02-06T15:09:45.315 Engine:Setting original file name "Windows.Security.Credentials.UI.CredentialPicker.exe" for "c:\windows\winsxs\wow64_microsoft-windows-s..y-credential-picker_31bf3856ad364e35_10.0.17763.1697_none_0851a88541e7c4ce\windows.security.credentials.ui.credentialpicker.dll", hr=0x0 2026-02-06T15:09:47.381 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\it-it\msprivs.dll.mui", hr=0x0 2026-02-06T15:09:47.585 Engine:Setting original file name "netiougc.exe.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-tcpip.resources_31bf3856ad364e35_10.0.17763.1_en-us_bd08633e254d6a99_netiougc.exe.mui_ad7a9e4d", hr=0x0 2026-02-06T15:09:47.672 Engine:Setting original file name "SR.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-narrator.resources_31bf3856ad364e35_10.0.17763.1_en-us_b71b946ba89732f6\narrator.exe.mui", hr=0x0 2026-02-06T15:09:51.211 Engine:Setting original file name "wersvc" for "c:\windows\system32\en-us\wersvc.dll.mui", hr=0x0 2026-02-06T15:09:52.537 Engine:Setting original file name "spwizres.dll" for "c:\windows\syswow64\spwizimg.dll", hr=0x0 2026-02-06T15:09:53.268 Engine:Setting original file name ".NET Host Resolver - 5.0.0" for "c:\manager\licence\bin\hostfxr.dll", hr=0x0 2026-02-06T15:09:53.473 Engine:Setting original file name "IPRTRMGR.DLL.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-rasserver.resources_31bf3856ad364e35_10.0.17763.1_en-us_6c06fe2b1464c7cc_iprtrmgr.dll.mui_eb023b92", hr=0x0 2026-02-06T15:09:55.767 Engine:Setting original file name "git.exe" for "c:\program files\git\git-cmd.exe", hr=0x0 2026-02-06T15:09:56.027 Engine:Setting original file name "OLBNAME" for "c:\program files\microsoft office\root\office16\msprj.olb", hr=0x0 2026-02-06T15:09:56.130 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-security-lsalookup-l2-1-1.dll", hr=0x0 2026-02-06T15:09:56.721 Engine:Setting original file name "System.Drawing.dll" for "c:\windows\winsxs\amd64_netfx4-system_drawing_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_0c09af3eb391f312\system.drawing.tlb", hr=0x0 2026-02-06T15:09:57.023 Engine:Setting original file name "DefaultGPOFix" for "c:\windows\winsxs\amd64_microsoft-windows-g..o-restore.resources_31bf3856ad364e35_10.0.17763.1_en-us_bf4059b20212ecf7\dcgpofix.exe.mui", hr=0x0 2026-02-06T15:09:57.619 Engine:Setting original file name "iismui" for "c:\windows\winsxs\amd64_microsoft-windows-i..acysnapin.resources_31bf3856ad364e35_10.0.17763.1_en-us_a8454c1deaba74c1\iismui.dll.mui", hr=0x0 2026-02-06T15:09:58.007 Engine:Setting original file name "SgrmEnclave.dll" for "c:\windows\system32\sgrmenclave_secure.dll", hr=0x0 2026-02-06T15:10:01.517 Engine:Setting original file name "idmcchandler.dll" for "c:\program files (x86)\internet download manager\idmcchandler2_64.dll", hr=0x0 2026-02-06T15:10:04.662 Engine:Setting original file name "rasauto.dll.mui" for "c:\windows\winsxs\backup\wow64_microsoft-windows-rasauto-mui.resources_31bf3856ad364e35_10.0.17763.1_en-us_c24c30edd2c9a5f1_rasauto.dll.mui_12fa2c50", hr=0x0 2026-02-06T15:10:05.340 Engine:Setting original file name "MicrosoftEdgeUpdateSetup.exe" for "c:\users\administrator\downloads\programs\microsoftedgesetup.exe", hr=0x0 2026-02-06T15:10:05.720 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\fi-fi\msprivs.dll.mui", hr=0x0 2026-02-06T15:10:05.975 Engine:Setting original file name "davsvc.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-w..r-webclnt.resources_31bf3856ad364e35_10.0.17763.1_en-us_3030de7428c7c284\webclnt.dll.mui", hr=0x0 2026-02-06T15:10:07.097 Engine:Setting original file name "WindowsMediaPlayerPlayDVD_DiagPackage.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_10.0.17763.1_en-us_9181baef114b29b6\diagpackage.dll.mui", hr=0x0 2026-02-06T15:10:07.904 Engine:Setting original file name "WIASERVC.DLL.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-w..eservices.resources_31bf3856ad364e35_10.0.17763.1_en-us_ca1d7e44124f7a48_wiaservc.dll.mui_54051b53", hr=0x0 2026-02-06T15:10:10.784 Engine:Setting original file name "LicProtectorEXE" for "c:\program files\vs revo group\revo uninstaller pro\ruplp.exe", hr=0x0 2026-02-06T15:10:13.312 Engine:Setting original file name "IEBrowseWeb_DiagPackage.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-i..iagnostic.resources_31bf3856ad364e35_10.0.17763.1_en-us_e34220f01fb2b602\diagpackage.dll.mui", hr=0x0 2026-02-06T15:10:13.907 Engine:Setting original file name "OGL" for "c:\program files\microsoft office\root\office16\ocogl.dll", hr=0x0 2026-02-06T15:10:14.321 Engine:Setting original file name "DrvInst.EXE.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-pnp-drvinst.resources_31bf3856ad364e35_10.0.17763.1_en-us_a6aff57dee6bf902_drvinst.exe.mui_e88f4c73", hr=0x0 2026-02-06T15:10:14.547 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-threadpool-legacy-l1-1-0.dll", hr=0x0 2026-02-06T15:10:15.353 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-heap-obsolete-l1-1-0.dll", hr=0x0 2026-02-06T15:10:16.407 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-kernel32-legacy-l1-1-1.dll", hr=0x0 2026-02-06T15:10:17.471 Engine:Setting original file name "partmgr.sys.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-p..onmanager.resources_31bf3856ad364e35_10.0.17763.1_en-us_eef1af88a2cfbd4e_partmgr.sys.mui_b800c491", hr=0x0 2026-02-06T15:10:18.274 Engine:Setting original file name "MPX Interface.DLL" for "c:\program files\microsoft office\root\office16\mpxint.dll", hr=0x0 2026-02-06T15:10:18.299 Engine:Setting original file name "intldate" for "c:\program files\microsoft office\root\office16\ocintldate.dll", hr=0x0 2026-02-06T15:10:18.858 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-string-obsolete-l1-1-0.dll", hr=0x0 2026-02-06T15:10:19.296 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-libraryloader-l1-1-0.dll", hr=0x0 2026-02-06T15:10:19.343 Engine:Setting original file name "pwsh.dll" for "c:\program files\powershell\7\pwsh.exe", hr=0x0 2026-02-06T15:10:19.387 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-processthreads-l1-1-1.dll", hr=0x0 2026-02-06T15:10:20.400 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T15:10:23.450 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-service-management-l2-1-0.dll", hr=0x0 2026-02-06T15:10:23.566 Engine:Setting original file name "ADs" for "c:\windows\system32\en-us\activeds.dll.mui", hr=0x0 2026-02-06T15:10:23.835 OriginalFileName Maintenance::8844 files in Moac, 0 skipped (cached), 318 filename set 2026-02-06T15:10:23.835 [AutoPurge] Routine task for Cache Maintenance has ended. 2026-02-06T15:25:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T15:40:30.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T15:55:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T16:10:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T16:25:45.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T16:40:50.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T16:55:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T17:11:00.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T17:26:05.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T17:41:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T17:56:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T18:11:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T18:26:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T18:41:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T18:56:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T19:11:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T19:23:55.387 [AutoPurge] AutoPurgeWorker triggered with dwWork=0x3 2026-02-06T19:23:55.388 Job Notification: New process added to job (6564) 2026-02-06T19:23:55.390 Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) launched 2026-02-06T19:23:55.391 Aggressive catchup quick scan threshold: 728653010418 / 25920000000000 2026-02-06T19:23:55.452 Job Notification: New process added to job (16184) 2026-02-06T19:23:55.462 [RTP] [Mini-filter] Denied OB operation OpenProcess[\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe][Pid:6564] from process [\Device\HarddiskVolume4\Windows\System32\conhost.exe][Pid:16184]. OriginalDesiredAccess: [0x1fffff] ResultingAccess: [0x1ff7d4] 2026-02-06T19:23:55.612 Job Notification: New process added to job (5268) 2026-02-06T19:23:55.612 Task(SignaturesUpdateService -ScheduleJob -UnmanagedUpdate) launched 2026-02-06T19:23:55.613 Job Notification: New process added to job (2836) 2026-02-06T19:23:55.617 [RTP] [Mini-filter] Denied OB operation OpenProcess[\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe][Pid:5268] from process [\Device\HarddiskVolume4\Windows\System32\conhost.exe][Pid:2836]. OriginalDesiredAccess: [0x1fffff] ResultingAccess: [0x1ff7d4] 2026-02-06T19:23:55.894 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-06T19:23:55.894 [RTP] Duplicating the current plugin configuration object... 2026-02-06T19:23:55.894 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-06T19:23:55.894 [RTP] Updating plugin configuration due to recent config changes (0x20) ... 2026-02-06T19:23:55.894 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-06T19:23:55.894 [RTP] No config change detected. Not updating plugin configuration. 2026-02-06T19:23:55.894 [RTP] No config changes found. No configuration switch. 2026-02-06T19:23:55.894 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x20, Changed: 0 2026-02-06T19:24:43.881 UpdateEngine start: Source: 1, szUpdateDirectory: C:\Windows\Temp\BAD8454A-1D47-4BE7-943E-A45483D3598930e0.1dc979e3c26e7ed 2026-02-06T19:24:44.242 Verifying engine and signature files (source: 0) ... 2026-02-06T19:24:44.242 Skipped verification of [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E4F283E-6B13-4799-BE6E-9A1341DE61E9}\mpengine.dll] due to PPL. 2026-02-06T19:24:44.242 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E4F283E-6B13-4799-BE6E-9A1341DE61E9}\mpasbase.vdm] (file in cache) 2026-02-06T19:24:44.242 MpCacheManagerIsTrustedFile [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E4F283E-6B13-4799-BE6E-9A1341DE61E9}\mpasdlta.vdm]. File not in cache (0x1) 2026-02-06T19:24:44.425 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E4F283E-6B13-4799-BE6E-9A1341DE61E9}\mpasdlta.vdm] 2026-02-06T19:24:44.425 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E4F283E-6B13-4799-BE6E-9A1341DE61E9}\mpavbase.vdm] (file in cache) 2026-02-06T19:24:44.479 MpCacheManagerIsTrustedFile [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E4F283E-6B13-4799-BE6E-9A1341DE61E9}\mpavdlta.vdm]. File not in cache (0x1) 2026-02-06T19:24:44.504 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E4F283E-6B13-4799-BE6E-9A1341DE61E9}\mpavdlta.vdm] 2026-02-06T19:24:44.767 [Engine] IsHybridMode: 0 2026-02-06T19:24:44.791 [KSL]KSL(1.1.25080.5) Is available via CAMP. KslDevice : KslD, TDTDevice : TDT 2026-02-06T19:24:44.962 Database:Can't find offline cache cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-79D672483D3752498CFDA35B53576101CC7ADEA6.bin): 0x00000002 2026-02-06T19:24:44.963 Database:Creating offline cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-79D672483D3752498CFDA35B53576101CC7ADEA6.bin) 2026-02-06T19:24:44.963 Database:Product:1, ProductVersion:5, Platform:6, PlatformVersion:19, IsBeta:0, IsAdvancedAtLoad:0, IsParanoid: 0, IsOffline: 0 2026-02-06T19:24:44.963 Database:IsEmbedded: 0, IsIEVEnabled: 0, IsServerSku: 1, IsRsdhSku: 1, IsEnterpriseProduct: 0, IsMsft: 0, IsSeville: 0, IsMsSense: 0, IsImmune: 0, IsMba: 0, IsPus: 0, IsManaged: 0, IsSmode: 0 2026-02-06T19:24:44.963 Database:IsAutoSubmit:0, IsPusRem:0, LoadedAS:1, LoadedAV:1, LoadedInternal: 0, PassiveMode: 0, SxsPassiveMode:0, IsDevMode:0, IsTestSigning:0, IsWCOS: 0, IsInsideContainer: 0, IsHybridMode: 0 2026-02-06T19:24:44.963 Database:kLCID:1033, kOsVersion:655360, kProcessorArch:9, dwIsTest:0, fTdtCapable:0, fTdtUVE:0, dwTDTSiloType:0, kOOsVersion:655360, kOsSP:0, kOsBld:17763, dwPvpRing=0xffffffff IDynamicConfig::ReportError value=BruteForceProtectionIPExclusion hr=0x8007007b IDynamicConfig::ReportError value=BruteForceProtectionStatus hr=0x8007007b IDynamicConfig::ReportError value=DisableGradualRelease hr=0x8007007b IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007b IDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000d IDynamicConfig::ReportError value=MpCampRingThrottled hr=0x8007007b IDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d IDynamicConfig::ReportError value=MpEngineRingThrottled hr=0x8007007b 2026-02-06T19:25:06.158 Geo ID not found using standard default set: :SOAP:https://wdcp.microsoft.com/WdCpSrvc.asmx 2026-02-06T19:25:06.171 [AutoExclusion] Applied roles from cache. 2026-02-06T19:25:06.171 [AutoExclusion] Started roles monitoring. 2026-02-06T19:25:06.231 [Engine] RSIG_ENGINE_PRE_SHUTDOWN, 0x00007FF926286240, lRefCount: 5, hr=0 2026-02-06T19:25:06.238 [Engine] New active engine 00007FF924A86240 replacing engine 00007FF926286240. Number of active engines: 2 2026-02-06T19:25:06.247 EngineInit:Global ASOC is enabled 2026-02-06T19:25:06.247 EngineInit:ASOO is enabled for developer volumes 2026-02-06T19:25:06.433 Engine-HIPS:Loaded ASR vdm rule "Block use of copied or impersonated system tools", State=5, Action=0, Type=9, Duplicates(Interval=288000000000, scope=0x100) 2026-02-06T19:25:06.433 Engine-HIPS:Loaded ASR vdm rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-06T19:25:06.433 Engine-HIPS:Loaded ASR vdm rule "Block credential stealing from the Windows local security authority subsystem (lsass.exe)", State=5, Action=7, Type=1, Duplicates(Interval=288000000000, scope=0x380) 2026-02-06T19:25:06.434 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from injecting code into other processes", State=5, Action=2, Type=24, Duplicates(Interval=144000000000, scope=0x380) 2026-02-06T19:25:06.434 Engine-HIPS:Loaded ASR vdm rule "Controlled folder access", State=0, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-06T19:25:06.434 Engine-HIPS:Loaded ASR vdm rule "Block untrusted and unsigned processes that run from USB", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-06T19:25:06.435 Engine-HIPS:Loaded ASR vdm rule "Block Adobe Reader from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-06T19:25:06.435 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from creating executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-06T19:25:06.435 Engine-HIPS:Loaded ASR vdm rule "Block Webshell creation for Servers", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-06T19:25:06.436 Engine-HIPS:Loaded ASR vdm rule "Block Office communication application from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-06T19:25:06.436 Engine-HIPS:Loaded ASR vdm rule "Block abuse of in-the-wild exploited vulnerable signed drivers", State=5, Action=0, Type=1, Duplicates(Interval=36000000000, scope=0x100) 2026-02-06T19:25:06.436 Engine-HIPS:Loaded ASR vdm rule "Block all Office applications from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-06T19:25:06.437 Engine-HIPS:Loaded ASR vdm rule "Use advanced protection against ransomware", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-06T19:25:06.437 Engine-HIPS:Loaded ASR vdm rule "Block Process Creations originating from PSExec & WMI commands", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-06T19:25:06.437 Engine-HIPS:Loaded ASR vdm rule "Block Launching of executable content from email attachment", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-06T19:25:06.438 Engine-HIPS:Loaded ASR vdm rule "Block JavaScript or VBScript from launching downloaded executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-06T19:25:06.438 Engine-HIPS:Loaded ASR vdm rule "Block persistence through WMI event subscription", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-06T19:25:06.438 Engine-HIPS:Loaded ASR vdm rule "Block rebooting machine in Safe Mode", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-06T19:25:06.439 Engine-HIPS:Loaded ASR vdm rule "Block execution of potentially obfuscated scripts", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-06T19:25:06.454 MpWriteUupSignatureVersion 1.443.1036.0, hr = 0 2026-02-06T19:25:06.454 ForceSyncMoacInsertion config from engine is 0, hr = 0x0 2026-02-06T19:25:06.463 [RTP] [Mini-filter] MpFC: MpFC_Kernel_HardenUxProcesses=0;MpFC_Kernel_SystemIoRequestWorkOnBehalfOf=0x1;MpFC_Kernel_PreventBindfltAbuse=0x1;MpFC_Kernel_ParentProcessObHardeningAllow=0;MpFC_Kernel_ReduceOfficeInjectRuleFP=0x1;MPC_Kernel_CheckValidityOfProcessFilterFlagsInASR=0x1;MpFc_Kernel_UseLowPrioThreadsForAsyncScans=0x1;MpFc_Kernel_DisableFileDirtyLogic=0;MpFC_Kernel_DisableDLPPort=0x1;MpFC_Kernel_DlpFeatures=0;MpFC_Kernel_EnableFolderGuardOnPostCreate=0x1;MpFC_Kernel_StrictTiChildrenMatch=0;MpFC_Kernel_PPLReduxMitigationFlags=0x3;MpFc_Kernel_UseLowPriAsyncScansDevDrvOnly=0x1;MpFc_Kernel_DisableOfficeInjectUevSuppression=0x1;MpFc_Kernel_CopyChunkFileHintMask=0;MpFc_Kernel_DisableScanOnCloseForNetworkFiles=0x1;MpFc_Kernel_MaxAsyncWorkQueue=0x400;MpFc_Kernel_DlpIgnoreSystemFolder=0x1;MpFc_Kernel_DlpPassThroughMode=0;MpFc_Kernel_L2StateCache_DefaultStreamsOnly=0x1;MpFc_Kernel_L2StateCache_SupportGenericFileState=0x1;MpFc_Kernel_CryptSvcPreScanFilter=0x1;MpFc_Kernel_SystemPreScanFilter=0x1;MpFC_Kernel_CheckValidit 2026-02-06T19:25:06.492 [HybridMode] HybridMode change notification isHybridModePolicyEnabled: 0, isVerifiedAndReputableTrustModeEnabled: 0 2026-02-06T19:25:06.492 Hybrid mode change notification called, no change detected in verified and reputable trust mode (0 -> 0)! 2026-02-06T19:25:06.492 Hybrid mode change notification called, no change detected in Hybrid mode (0 -> 0)!ApplyDefenderProcessTokenTrustLableAce succeeded to set. 2026-02-06T19:25:06.503 MpUpdateUpdateResiliencyConfiguration updated to 0 2026-02-06T19:25:06.503 [Plugin] Initializing RTP plugin state... 2026-02-06T19:25:06.503 [Plugin] Normal mode, or passive mode with shadow protection enabled. Will not force RTP off. 2026-02-06T19:25:06.503 [RTP] ****************************RTP Perf Log*************************** RTP Start:‎02‎-‎05‎-‎2026 22:26:33 Last Perf:‎02‎-‎05‎-‎2026 22:26:32 First RTP Scan:N/A Plugin States: AV:1 AS:1 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\OInstall_x64.exe C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\files C:\Users\Administrator\Downloads\InternetDownloadManager6.42Build3.c.taiwebs.com\Internet Download Manager 6.42 Build 3 Multilingual\Patch C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\OInstall.exe Ext Exclusions: Temp Exclusions: Worker Threads: AM:18 Async:4 Cache Flushes: RTP:1 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:1,5,0 SetEngine:1,1,0 SetState:0,1,0 SetUser:0,0,0 Config:0,2,0 ProcExcl:0,1,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:280640 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:269210 AsyncQCurrent:0 BMFlags:1160 ServiceMaj:0 ServiceMin:0 NumInstance:6 TotalStreamCon:2822 NTFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:-1365818779 TotalHits:0 InstanceCacheInserts:226156 InstanceCacheUpdates:0 InstanceCacheDeletes:82354 InstanceCacheHits:3278 InstanceCacheMisses:1548293 InstanceCacheOverflows:140406 CSVFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 SyncProcessCreateDuration:-1ms (0/0) Success: 0, failures: 0 (last code: 0x0), timeouts: 0, baddata: 0 **************************END RTP Perf Log************************* 2026-02-06T19:25:06.503 [Engine] Loaded C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E4F283E-6B13-4799-BE6E-9A1341DE61E9} 2026-02-06T19:25:06.503 [Engine] Skip removing C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F425C1D5-7997-4210-BFA5-62A321BA45D2}, C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F425C1D5-7997-4210-BFA5-62A321BA45D2}\mpasbase.vdm in use, hr=0x80070020 2026-02-06T19:25:06.503 [SCC][CID=865806671_10724] [1DS] SCCState hr=0x0 msg={"error":"","hr":"0x0","init":false,"source":"None","state":"None"} 2026-02-06T19:25:06.504 Failed to retrieve config value from engine or configurations for config key (MdCpuSensorCollectionLag) hr = 0x8050800f 2026-02-06T19:25:06.504 Failed to retrieve config value from engine or configurations for config key (MdCrashSensorCollectionLag) hr = 0x8050800f 2026-02-06T19:25:06.504 Failed to retrieve config value from engine or configurations for config key (MdDiskSensorCollectionLag) hr = 0x8050800f 2026-02-06T19:25:06.504 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-06T19:25:06.504 Failed to retrieve config value from engine or configurations for config key (MdMemorySensorCollectionLag) hr = 0x8050800f 2026-02-06T19:25:06.504 MdCoreSvc is supported in this platform and OS Beginning quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Target: Flags:131074 Start time:02-06-2026 19:25:06 Finished quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Result:0 End time:02-06-2026 19:25:06 2026-02-06T19:25:06.533 MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0 2026-02-06T19:25:06.533 MpPlatformKillbitsFromEngineEx (0x0) (0x0) written, hr = 0 2026-02-06T19:25:06.534 [NRI] Stopping NIS service ... 2026-02-06T19:25:06.534 Failed to retrieve config value from engine or configurations for config key (MdCpuSensorCollectionLag) hr = 0x8050800f 2026-02-06T19:25:06.534 Failed to retrieve config value from engine or configurations for config key (MdCrashSensorCollectionLag) hr = 0x8050800f 2026-02-06T19:25:06.534 Failed to retrieve config value from engine or configurations for config key (MdDiskSensorCollectionLag) hr = 0x8050800f 2026-02-06T19:25:06.534 Failed to retrieve config value from engine or configurations for config key (MdMemorySensorCollectionLag) hr = 0x8050800f 2026-02-06T19:25:06.534 MdCoreSvc is supported in this platform and OS Signature updated on 02-06-2026 19:25:06 Product Version: 4.18.25110.6 Service Version: 4.18.25110.6 Engine Version: 1.1.25110.1 AS Signature Version: 1.443.1036.0 AV Signature Version: 1.443.1036.0 ************************************************************ 2026-02-06T19:25:06.536 [Update] Performing ScanOnUpdate, GetConfigHr: 0x0, dwDisableScanOnUpdate: 0, passiveMode: 0, killbit: 0 2026-02-06T19:25:06.536 UpdateEngine finished with 0: Source: 1, szUpdateDirectory: C:\Windows\Temp\BAD8454A-1D47-4BE7-943E-A45483D3598930e0.1dc979e3c26e7ed 2026-02-06T19:25:06.538 Process scan (postsignatureupdatescan) started. 2026-02-06T19:25:06.539 [TP] State change. FeatureAvialable: False, NewState: 0x2, OldState: 0x2, Scenario: Consumer, Source: Signatures, ConfigChange: Remove 2026-02-06T19:25:06.539 [TP] TP Enabled: 0, SecureConfigEnabled: 0, DisableTPExclusionBypass: 0, EnableTPExclusion via FC: 0, IsIntuneManagedDefender: 0, IsSCCMManagedDefender: 0, IsMDEAttachManagedDefender: 0, IsSCCMOnlyManagedDefender: 0, IsStrictPolicyModeEnabled: 0 (from snapshot: 0), Effective EnableTPExclusions: 0, Previous EnableTPExclusions: 0, Delayed call: 0 2026-02-06T19:25:06.636 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-06T19:25:06.636 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-06T19:25:06.636 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-06T19:25:06.636 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-06T19:25:06.636 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-06T19:25:06.732 [Engine] Engine 00007FF926286240 no longer in use. Number of active engines: 1 2026-02-06T19:25:06.732 [RTP] [RTP] FilterCommunicator object 0x00000200AE3185E0 StopCommunication (\MicrosoftMalwareProtectionPortWD, \MicrosoftMalwareProtectionVeryLowIoPortWD), threads: 8 normal, 2 very low, 0 alt, thread pool threads: 0 normal, 0 very low, 8 alt 2026-02-06T19:25:06.960 CheckProductDisabled(fWaitWSC: 0, fRemoveConfigs: 1) ... IDynamicConfig::ReportError value=BruteForceProtectionIPExclusion hr=0x8007007b IDynamicConfig::ReportError value=BruteForceProtectionStatus hr=0x8007007b IDynamicConfig::ReportError value=DisableGradualRelease hr=0x8007007b IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007b IDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000d IDynamicConfig::ReportError value=MpCampRingThrottled hr=0x8007007b IDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d IDynamicConfig::ReportError value=MpEngineRingThrottled hr=0x8007007b 2026-02-06T19:25:06.963 [KSL] Entering CKSLEngine::EnableKSL. State: [3] 2026-02-06T19:25:06.963 [KSL] CKSLEngine::EnableKSL feature is already enabled. 2026-02-06T19:25:06.963 [KSL] Leaving CKSLEngine::EnableKsl(0). 2026-02-06T19:25:06.963 [KSL] Entering CKSLEngine::EnableKSL. State: [3] 2026-02-06T19:25:06.963 [KSL] CKSLEngine::EnableKSL feature is already enabled. 2026-02-06T19:25:06.963 [KSL] Leaving CKSLEngine::EnableKsl(0). 2026-02-06T19:25:06.965 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-06T19:25:06.965 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-06T19:25:06.965 [NRI] Stopping NIS service ... 2026-02-06T19:25:06.965 [RTP] [RtpConfig] Config change detected, type: 4 2026-02-06T19:25:07.002 [RTP] Duplicating the current plugin configuration object... 2026-02-06T19:25:07.002 [RTP] [RtpConfig] Config change detected, type: 8 2026-02-06T19:25:07.002 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-06T19:25:07.002 [RTP] Updating plugin configuration due to recent config changes (0x22) ... 2026-02-06T19:25:07.002 [NRI] Stopping NIS service ... 2026-02-06T19:25:07.002 [RTP] [RtpConfig] Config change detected, type: 1024 2026-02-06T19:25:07.003 [RTP] [RtpConfig] Config change detected, type: 2048 2026-02-06T19:25:07.003 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-06T19:25:07.003 [RTP] No config change detected. Not updating plugin configuration. 2026-02-06T19:25:07.003 [RTP] No config changes found. No configuration switch. 2026-02-06T19:25:07.003 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x22, Changed: 0 2026-02-06T19:25:07.003 [RTP] Setting DisableAsyncScanOnClose to 0 (hr=0). 2026-02-06T19:25:07.003 [RTP] Setting DisableAsyncScanOnOpen to 0 in wdfilter (hr=0). 2026-02-06T19:25:07.003 [RTP] Setting FilterExperimentMode to 0 (hr=0). 2026-02-06T19:25:07.003 [RTP] Setting DisableDriverUnload to 1 (hr=0). 2026-02-06T19:25:07.003 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-06T19:25:07.003 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-06T19:25:07.003 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-06T19:25:07.003 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-06T19:25:07.003 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-06T19:25:07.003 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-06T19:25:07.003 [RTP] [RTP] LastAccessTimeSuppression for network files is enabled by configuration. 2026-02-06T19:25:07.003 [RTP] [RtpConfig] Config change detected, type: 64 2026-02-06T19:25:07.003 [NRI] Stopping NIS service ... 2026-02-06T19:25:07.004 [NRI] Stopping NIS service ... 2026-02-06T19:25:07.004 [NRI] Stopping NIS service ... Signature updated via MicrosoftUpdateServer on 02-06-2026 19:25:07 ************************************************************ 2026-02-06T19:25:07.433 Job Notification: Process exited from job (6564) 2026-02-06T19:25:07.433 Job Notification: Process exited from job (16184) 2026-02-06T19:25:07.844 Job Notification: Process exited from job (5268) 2026-02-06T19:25:07.845 Job Notification: Process exited from job (2836) 2026-02-06T19:25:09.506 [RTP] Duplicating the current plugin configuration object... 2026-02-06T19:25:09.506 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-06T19:25:09.506 [RTP] Updating plugin configuration due to recent config changes (0x40c) ... 2026-02-06T19:25:09.506 [RTP] Calling GenerateEngineConfigStruct (0x18) ... 2026-02-06T19:25:09.549 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x40c, Changed: 0x218 2026-02-06T19:25:18.374 [Engine] RSIG_UNLOADENGINE, 00007FF926286240, err=0x0 2026-02-06T19:25:18.437 [Engine] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F425C1D5-7997-4210-BFA5-62A321BA45D2} removed Internal signature match:subtype=Lowfi, sigseq=0x0000157E55A4A794, sigsha=0d6df75c878ae2057e5184c1c65cd97a922b0f0b, cached=false, source=0, resourceid=0xa865ed51 Internal signature match:subtype=Lowfi, sigseq=0x00004AE7F6712C36, sigsha=d96c66db50bb3adef460233484cf124f27fd61c2, cached=false, source=0, resourceid=0x49ced1a9 Internal signature match:subtype=Lowfi, sigseq=0x0000E6E7336DF01B, sigsha=be63f9765c0dd90c9044d12b0531e6ad0a7aa965, cached=false, source=0, resourceid=0x0e132b6d 2026-02-06T19:25:50.858 Process scan (postsignatureupdatescan) completed. 2026-02-06T19:26:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T19:30:06.386 [RbM] Setting Last known good engine candidate. hr = 0 2026-02-06T19:41:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T19:56:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T20:12:00.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T20:27:05.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T20:42:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T20:57:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T21:12:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T21:27:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T21:42:30.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T21:57:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T22:12:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T22:27:45.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T22:42:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T22:57:55.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T23:09:30.007 Created on demand scan context for ScanType:1. ScanTrigger:55, ScanId:A5E53CBC-A902-42E1-8731-F022120CFC35, Source: MPSOURCE_SYSTEM(2), EngineSource: MP_SCANSOURCE_SCHEDULED(1) 2026-02-06T23:09:30.007 Scheduled scan with Id A5E53CBC-A902-42E1-8731-F022120CFC35 configured CPU priority: normal (LowCpuPriority: 0) 2026-02-06T23:09:30.025 [SFC] MpCmIsBuildPermissible(1) returns S_OK. Start SFC build. 2026-02-06T23:09:30.025 [SFC] System file cache build is not needed (already completed) Internal signature match:subtype=Lowfi, sigseq=0x0000E6E7336DF01B, sigsha=be63f9765c0dd90c9044d12b0531e6ad0a7aa965, cached=false, source=0, resourceid=0x0e132b6d Internal signature match:subtype=Lowfi, sigseq=0x00001080BD474309, sigsha=12dcaa1fa061982b60965c79a12b1fa9857cd220, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x000010806C1FBEBC, sigsha=62d527f22a73e99676b1b698fda24d54631bc5e6, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x000010807F33016C, sigsha=3969d92ccecc920f2b38c26959c245b73df4cddd, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x00001080DCA721BD, sigsha=13bf421faa34d3dab1e680e23c46d4dcb5ca3d0a, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x00004AE7F6712C36, sigsha=d96c66db50bb3adef460233484cf124f27fd61c2, cached=false, source=0, resourceid=0xc8ebb48e 2026-02-06T23:11:06.977 Engine:Triggered AR EMS scan 2026-02-06T23:11:06.987 Engine:EMS scan for process: lsass pid: 748, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.033 Engine:EMS scan for process: svchost pid: 956, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.036 Engine:EMS scan for process: svchost pid: 980, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.051 Engine:EMS scan for process: svchost pid: 84, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.053 Engine:EMS scan for process: svchost pid: 396, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.055 Engine:EMS scan for process: svchost pid: 1048, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.064 Engine:EMS scan for process: svchost pid: 1132, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.068 Engine:EMS scan for process: svchost pid: 1164, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.070 Engine:EMS scan for process: svchost pid: 1316, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.071 Engine:EMS scan for process: svchost pid: 1324, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.072 Engine:EMS scan for process: svchost pid: 1332, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.073 Engine:EMS scan for process: svchost pid: 1340, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.076 Engine:EMS scan for process: svchost pid: 1452, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.090 Engine:EMS scan for process: svchost pid: 1476, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.092 Engine:EMS scan for process: svchost pid: 1584, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.093 Engine:EMS scan for process: svchost pid: 1612, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.095 Engine:EMS scan for process: svchost pid: 1668, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.097 Engine:EMS scan for process: svchost pid: 1732, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.100 Engine:EMS scan for process: svchost pid: 1780, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.104 Engine:EMS scan for process: svchost pid: 1788, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.106 Engine:EMS scan for process: svchost pid: 1796, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.107 Engine:EMS scan for process: svchost pid: 1912, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.108 Engine:EMS scan for process: svchost pid: 1960, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.110 Engine:EMS scan for process: svchost pid: 2020, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.112 Engine:EMS scan for process: svchost pid: 1564, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.123 Engine:EMS scan for process: svchost pid: 2068, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.127 Engine:EMS scan for process: svchost pid: 2144, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.129 Engine:EMS scan for process: svchost pid: 2152, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.130 Engine:EMS scan for process: svchost pid: 2340, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.132 Engine:EMS scan for process: svchost pid: 2356, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.137 Engine:EMS scan for process: svchost pid: 2444, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.138 Engine:EMS scan for process: svchost pid: 2792, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.140 Engine:EMS scan for process: svchost pid: 2860, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.141 Engine:EMS scan for process: svchost pid: 2948, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.145 Engine:EMS scan for process: svchost pid: 2632, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.148 Engine:EMS scan for process: svchost pid: 3268, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.152 Engine:EMS scan for process: svchost pid: 3308, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.158 Engine:EMS scan for process: svchost pid: 3316, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.160 Engine:EMS scan for process: services pid: 3324, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.188 Engine:EMS scan for process: svchost pid: 3356, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.189 Engine:EMS scan for process: svchost pid: 3364, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.192 Engine:EMS scan for process: svchost pid: 3376, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.194 Engine:EMS scan for process: svchost pid: 3384, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.197 Engine:EMS scan for process: svchost pid: 3392, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.199 Engine:EMS scan for process: svchost pid: 3400, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.200 Engine:EMS scan for process: svchost pid: 3408, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.202 Engine:EMS scan for process: svchost pid: 3416, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.202 Engine:EMS scan for process: svchost pid: 3584, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.204 Engine:EMS scan for process: svchost pid: 4148, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.206 Engine:EMS scan for process: svchost pid: 4320, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.211 Engine:EMS scan for process: svchost pid: 4396, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.213 Engine:EMS scan for process: svchost pid: 4568, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.215 Engine:EMS scan for process: svchost pid: 5448, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.217 Engine:EMS scan for process: dllhost pid: 2480, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.220 Engine:EMS scan for process: svchost pid: 7148, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.222 Engine:EMS scan for process: svchost pid: 1356, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.224 Engine:EMS scan for process: svchost pid: 1084, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.226 Engine:EMS scan for process: svchost pid: 6444, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.229 Engine:EMS scan for process: svchost pid: 1924, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.232 Engine:EMS scan for process: svchost pid: 7616, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.234 Engine:EMS scan for process: svchost pid: 7768, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.240 Engine:EMS scan for process: svchost pid: 1392, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.243 Engine:EMS scan for process: svchost pid: 3504, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.246 Engine:EMS scan for process: svchost pid: 8332, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.258 Engine:EMS scan for process: svchost pid: 8168, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.261 Engine:EMS scan for process: svchost pid: 7980, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.264 Engine:EMS scan for process: svchost pid: 7700, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.265 Engine:EMS scan for process: svchost pid: 12000, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.268 Engine:EMS scan for process: svchost pid: 7692, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.271 Engine:EMS scan for process: svchost pid: 13524, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.276 Engine:EMS scan for process: dllhost pid: 12048, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.278 Engine:EMS scan for process: dllhost pid: 13580, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.279 Engine:EMS scan for process: svchost pid: 7696, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.280 Engine:EMS scan for process: svchost pid: 12648, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.282 Engine:EMS scan for process: svchost pid: 8216, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.283 Engine:EMS scan for process: svchost pid: 7244, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.285 Engine:EMS scan for process: svchost pid: 12008, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.290 Engine:EMS scan for process: svchost pid: 14264, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.292 Engine:EMS scan for process: svchost pid: 15100, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.298 Engine:EMS scan for process: explorer pid: 13680, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.344 Engine:EMS scan for process: svchost pid: 12692, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.346 Engine:EMS scan for process: explorer pid: 6376, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.361 Engine:EMS scan for process: svchost pid: 15736, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.363 Engine:EMS scan for process: svchost pid: 816, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.364 Engine:EMS scan for process: svchost pid: 8148, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-06T23:11:07.365 Engine:EMS scan for process: svchost pid: 1488, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 Internal signature match:subtype=Lowfi, sigseq=0x0000157EF1BEF48F, sigsha=88199b23bf19d286f43e8f883776ee295b1669db, cached=false, source=0, resourceid=0xdb500b9d Internal signature match:subtype=Lowfi, sigseq=0x0000AAE7671D16B6, sigsha=3c5f73131fd9b5bec7ddb911a1fa2acc81ec3877, cached=false, source=0, resourceid=0x0e3a6362 2026-02-06T23:13:00.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) Internal signature match:subtype=Lowfi, sigseq=0x0000157EF1BEF48F, sigsha=88199b23bf19d286f43e8f883776ee295b1669db, cached=false, source=0, resourceid=0xc742a477 Internal signature match:subtype=Lowfi, sigseq=0x000078E7B6D8B30B, sigsha=7e39caa16cef41cd13040adae6e049354306a445, cached=false, source=0, resourceid=0xc742a477 2026-02-06T23:15:45.692 QuickScan:ScanID:A5E53CBC-A902-42E1-8731-F022120CFC35: Quick scan finished with error 0 2026-02-06T23:15:46.268 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-06T23:15:46.268 [RTP] Duplicating the current plugin configuration object... 2026-02-06T23:15:46.268 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-06T23:15:46.268 [RTP] Updating plugin configuration due to recent config changes (0x20) ... 2026-02-06T23:15:46.293 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-06T23:15:46.293 [RTP] No config change detected. Not updating plugin configuration. 2026-02-06T23:15:46.293 [RTP] No config changes found. No configuration switch. 2026-02-06T23:15:46.293 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x20, Changed: 0 2026-02-06T23:28:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T23:43:10.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-06T23:58:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T00:13:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T00:28:25.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T00:43:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T00:58:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T01:13:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T01:28:45.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T01:43:50.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T01:58:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T02:14:00.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T02:29:05.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T02:44:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T02:59:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T03:14:20.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T03:29:25.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T03:44:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T03:59:35.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T04:14:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T04:29:45.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T04:44:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T04:59:55.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T05:15:00.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T05:30:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T05:45:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T06:00:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T06:15:20.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T06:30:25.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T06:45:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T07:00:35.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T07:15:40.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T07:30:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T07:45:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T08:00:55.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T08:16:00.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T08:31:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T08:46:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T09:01:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T09:16:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T09:31:25.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T09:46:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T10:01:35.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T10:16:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T10:31:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T10:46:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T11:01:55.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T11:17:00.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T11:32:05.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T11:47:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T12:02:15.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T12:17:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T12:32:25.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T12:47:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T13:02:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T13:17:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T13:32:45.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T13:47:50.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T14:02:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T14:18:00.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T14:33:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T14:48:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T15:03:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T15:18:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T15:33:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T15:48:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T16:03:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T16:18:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T16:33:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T16:48:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T17:03:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T17:04:21.997 [AutoPurge] Routine task for Cache Maintenance has started. 2026-02-07T17:04:21.997 [AutoPurge] Cleanup Routine tasks have started. 2026-02-07T17:04:21.997 [AutoPurge] Verification Routine tasks have started. 2026-02-07T17:04:21.997 [AutoPurge] Routine task for Cache Maintenance ... 2026-02-07T17:04:21.997 [AutoPurge] Routine task for MpSFCBuild ... 2026-02-07T17:04:21.997 [AutoPurge] MpCmIsBuildCompleted() - S_OK 2026-02-07T17:04:21.997 [AutoPurge] MpSignalMaintenanceMode ...ApplyDefenderProcessTokenTrustLableAce succeeded to set. 2026-02-07T17:04:23.018 Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0) 2026-02-07T17:04:23.180 [AutoPurge] Purged 0 expired detection item(s) from a total of 0. 2026-02-07T17:04:23.219 [AutoPurge] 0 expired file(s) deleted under C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store (total: 0, expiration in 86400 seconds) Beginning quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Target: Flags:65538 Start time:02-07-2026 17:04:23 Finished quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Result:0 End time:02-07-2026 17:04:23 2026-02-07T17:04:23.613 [PlatUpd] Purging orphaned platform update directories under C:\ProgramData\Microsoft\Windows Defender\Platform ... 2026-02-07T17:04:23.613 [PlatUpd] Not purging current location C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0 ... 2026-02-07T17:04:23.613 [PlatUpd] Not purging backup location C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.5-0 ... 2026-02-07T17:04:23.613 [PlatUpd] Deleting orphaned platform update directory C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25100.9008-0 ... 2026-02-07T17:04:23.614 [PlatUpd] Purging orphaned platform update directories under C:\Program Files\Windows Defender\Platform ... 2026-02-07T17:04:23.614 [AutoPurge] Cleanup Routine tasks have ended. 2026-02-07T17:04:25.030 EnsureProtectedFolderAcls(), hr = 0x0 2026-02-07T17:04:25.031 [AutoPurge] MpReinforceServiceAcls: 0 2026-02-07T17:04:25.116 [AutoPurge] Readded platform files to MOAC after ACL enforcement. hr=0 2026-02-07T17:04:25.127 [AutoPurge] SendHeartbeatTelemetryIfDue failed. hr = 0x80508015 2026-02-07T17:04:25.180 [AutoPurge] Removing expired default signature package ... 2026-02-07T17:04:29.636 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-shlwapi-legacy-l1-1-0.dll", hr=0x0 2026-02-07T17:04:29.819 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\pcat\pt-br\memtest.exe.mui", hr=0x0 2026-02-07T17:04:29.998 Job Notification: New process added to job (12096) 2026-02-07T17:04:34.539 Engine:Setting original file name "memdiag.exe" for "c:\windows\winsxs\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.17763.107_sv-se_1b4fcd368d229221\memtest.exe.mui", hr=0x0 2026-02-07T17:04:39.923 Job Notification: Process exited from job (12096) 2026-02-07T17:04:40.084 Engine:Setting original file name "MSIDENT.DLL.MUI" for "c:\windows\system32\en-us\msidntld.dll.mui", hr=0x0 2026-02-07T17:04:40.938 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-interlocked-l1-1-0.dll", hr=0x0 2026-02-07T17:04:41.165 [AutoPurge] Verification Routine tasks have ended. 2026-02-07T17:04:41.530 Engine:Setting original file name "Windows SDK" for "c:\windows\system32\winmetadata\windows.services.winmd", hr=0x0 2026-02-07T17:04:46.322 Engine:Setting original file name "WIADSS DLL" for "c:\windows\syswow64\en-us\wiadss.dll.mui", hr=0x0 2026-02-07T17:04:46.872 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\pcat\fi-fi\memtest.exe.mui", hr=0x0 2026-02-07T17:04:51.240 Engine:Setting original file name ""MTF.DYNLINK"" for "c:\windows\winsxs\amd64_microsoft-windows-mtf_31bf3856ad364e35_10.0.17763.7919_none_f5cf7ad52d5df808\mtf.dll", hr=0x0 2026-02-07T17:04:54.858 Engine:Setting original file name "outllibr.dll" for "c:\program files\microsoft office\root\office16\outllibr.common.dll", hr=0x0 2026-02-07T17:05:06.329 Engine:Setting original file name "Audio_DiagPackage.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-a..iagnostic.resources_31bf3856ad364e35_10.0.17763.1_en-us_07405ada24951d3a\diagpackage.dll.mui", hr=0x0 2026-02-07T17:05:06.731 Engine:Setting original file name "ir41_32.ax.mui" for "c:\windows\winsxs\x86_microsoft-windows-i..o4-codecs.resources_31bf3856ad364e35_10.0.17763.1_en-us_92a66f78f66fddfc\ir41_32original.dll.mui", hr=0x0 2026-02-07T17:05:06.877 Engine:Setting original file name "Adobe PDF Toolbar for IE" for "c:\program files\common files\adobe\acrobat\wcieactivex\dc\acroiefavclient.dll", hr=0x0 2026-02-07T17:05:10.884 Engine:Setting original file name "DeviceCategories.dll" for "c:\windows\syswow64\ddores.dll", hr=0x0 2026-02-07T17:05:12.082 Engine:Setting original file name "SharedPC.CredentialProvider.dll.MUI" for "c:\windows\winsxs\amd64_microsoft-windows-s..lprovider.resources_31bf3856ad364e35_10.0.17763.1_en-us_dee4accf766e94d4\windows.sharedpc.credentialprovider.dll.mui", hr=0x0 2026-02-07T17:05:12.198 Engine:Setting original file name "AppSharingChromeHookController.exe" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\appsharinghookcontroller.exe", hr=0x0 2026-02-07T17:05:13.036 Engine:Setting original file name "msvcr100_clr0400.dll" for "c:\windows\syswow64\msvcr100.dll", hr=0x0 2026-02-07T17:05:13.721 Engine:Setting original file name "RasCredProv" for "c:\windows\winsxs\wow64_microsoft-windows-rasplap-mui.resources_31bf3856ad364e35_10.0.17763.1_en-us_8b7b75796fafa195\rasplap.dll.mui", hr=0x0 2026-02-07T17:05:14.624 Engine:Setting original file name "WMIC.exe" for "c:\windows\system32\wbem\wmic.exe", hr=0x0 2026-02-07T17:05:22.470 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-security-base-l1-1-0.dll", hr=0x0 2026-02-07T17:05:27.802 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-realtime-l1-1-0.dll", hr=0x0 2026-02-07T17:05:28.068 Engine:Setting original file name "aero.msstyles" for "c:\windows\resources\themes\aero\aerolite.msstyles", hr=0x0 2026-02-07T17:05:28.128 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\pcat\de-de\memtest.exe.mui", hr=0x0 2026-02-07T17:05:29.249 Engine:Setting original file name "WLRMNDR.EXE" for "c:\windows\winsxs\amd64_microsoft-windows-winlogon-tools_31bf3856ad364e35_10.0.17763.1697_none_e1e870c05edca249\wlrmdr.exe", hr=0x0 2026-02-07T17:05:31.160 Engine:Setting original file name "hiberrsm.exe" for "c:\windows\system32\boot\en-us\winresume.efi.mui", hr=0x0 2026-02-07T17:05:32.303 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\de-de\memtest.efi.mui", hr=0x0 2026-02-07T17:05:32.815 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_6208593b31ff9592\api-ms-win-security-lsapolicy-l1-1-0.dll", hr=0x0 2026-02-07T17:05:33.042 Engine:Setting original file name "hiberrsm.exe" for "c:\windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.17763.8146_none_a8cce3593e637340\winresume.exe", hr=0x0 2026-02-07T17:05:33.064 Engine:Setting original file name "dcficons.exe" for "c:\program files\microsoft office\root\vfs\windows\installer\{90160000-000f-0000-1000-0000000ff1ce}\dbcicons.exe", hr=0x0 2026-02-07T17:05:33.297 Engine:Setting original file name "LicensingWinRuntime.dll" for "c:\windows\winsxs\amd64_microsoft-windows-security-spp-ux_31bf3856ad364e35_10.0.17763.7919_none_a90e016670d2a7af\licensingwinrt.dll", hr=0x0 2026-02-07T17:05:34.140 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-comm-l1-1-0.dll", hr=0x0 2026-02-07T17:05:35.392 Engine:Setting original file name "Microsoft.JScript.dll" for "c:\windows\winsxs\x86_netfx-scripting_engine_tlb_b03f5f7f11d50a3a_10.0.17763.1_none_71a956c570486d6b\microsoft.jscript.tlb", hr=0x0 2026-02-07T17:05:35.464 Engine:Setting original file name "setup" for "c:\program files\google\chrome\application\144.0.7559.133\installer\chrmstp.exe", hr=0x0 2026-02-07T17:05:36.574 Engine:Setting original file name "PresentationNative" for "c:\manager\licence\bin\presentationnative_cor3.dll", hr=0x0 2026-02-07T17:05:37.099 Engine:Setting original file name "dpmodemx.dll" for "c:\windows\syswow64\dplaysvr.exe", hr=0x0 2026-02-07T17:05:37.646 Engine:Setting original file name "lhdfrgui.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-d..g-adminui.resources_31bf3856ad364e35_10.0.17763.1_en-us_a91c08b0bd0d09ea\dfrgui.exe.mui", hr=0x0 2026-02-07T17:05:37.768 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.media.winmd", hr=0x0 2026-02-07T17:05:38.022 Engine:Setting original file name "msfltr32.acm" for "c:\windows\winsxs\amd64_microsoft-windows-audio-mmecore-acm_31bf3856ad364e35_10.0.17763.1_none_d1ab73043932dad7\msacm32.dll", hr=0x0 2026-02-07T17:05:38.985 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-crt-filesystem-l1-1-0.dll", hr=0x0 2026-02-07T17:05:39.732 Engine:Setting original file name "gdi32" for "c:\windows\syswow64\gdi32full.dll", hr=0x0 2026-02-07T17:05:42.156 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-kernel32-private-l1-1-0.dll", hr=0x0 2026-02-07T17:05:45.156 Engine:Setting original file name "setup" for "c:\users\administrator\downloads\programs\python-3.12.1-amd64.exe", hr=0x0 2026-02-07T17:05:46.096 Engine:Setting original file name "dpmodemx.dll" for "c:\windows\syswow64\dpnaddr.dll", hr=0x0 2026-02-07T17:05:46.763 Engine:Setting original file name "System.Drawing.dll" for "c:\windows\microsoft.net\framework64\v2.0.50727\system.drawing.tlb", hr=0x0 2026-02-07T17:05:46.981 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.perception.winmd", hr=0x0 2026-02-07T17:05:47.713 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-datetime-l1-1-1.dll", hr=0x0 2026-02-07T17:05:47.798 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.security.winmd", hr=0x0 2026-02-07T17:05:47.996 Engine:Setting original file name "RRASUPG.DLL" for "c:\windows\winsxs\amd64_microsoft-windows-rasserver_31bf3856ad364e35_10.0.17763.8024_none_f9585f663982f226\rasmigplugin.dll", hr=0x0 2026-02-07T17:05:48.389 Engine:Setting original file name "osloader.exe" for "c:\windows\system32\winload.exe", hr=0x0 2026-02-07T17:05:50.148 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-heap-obsolete-l1-1-0.dll", hr=0x0 2026-02-07T17:05:50.463 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-threadpool-private-l1-1-0.dll", hr=0x0 2026-02-07T17:05:50.486 Engine:Setting original file name "Video_DiagPackage.dll.mui" for "c:\windows\diagnostics\system\video\en-us\diagpackage.dll.mui", hr=0x0 2026-02-07T17:05:51.957 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-io-l1-1-0.dll", hr=0x0 2026-02-07T17:05:53.195 Engine:Setting original file name "WEXTRACT.EXE .MUI" for "c:\windows\winsxs\amd64_microsoft-windows-ie-iexpress.resources_31bf3856ad364e35_11.0.17763.1_en-us_483cea70e7d68328\wextract.exe.mui", hr=0x0 2026-02-07T17:05:53.981 Engine:Setting original file name "msdxm.ocx" for "c:\windows\system32\dxmasf.dll", hr=0x0 2026-02-07T17:05:54.267 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\api-ms-win-crt-heap-l1-1-0.dll", hr=0x0 2026-02-07T17:05:54.741 Engine:Setting original file name "UccApp.dll" for "c:\program files\microsoft office\root\office16\uccapi.dll", hr=0x0 2026-02-07T17:05:55.911 Engine:Setting original file name "unpnhost.dll.mui" for "c:\windows\system32\en-us\upnphost.dll.mui", hr=0x0 2026-02-07T17:05:56.121 Engine:Setting original file name "mp4sdmod.dll" for "c:\windows\winsxs\amd64_microsoft-windows-mp4sdecd_31bf3856ad364e35_10.0.17763.7919_none_5c34cb3f3f29a7ed\mp4sdecd.dll", hr=0x0 2026-02-07T17:05:57.115 Engine:Setting original file name "UNKNOWN_FILE" for "c:\windows\winsxs\amd64_netfx4-scripting_engine_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_28bfff5fa28f873e\microsoft.jscript.tlb", hr=0x0 2026-02-07T17:05:58.606 Engine:Setting original file name "mscordaccore.dll" for "c:\users\administrator\downloads\compressed\managerserver\mscordaccore_amd64_amd64_8.0.624.26715.dll", hr=0x0 2026-02-07T17:05:58.783 Engine:Setting original file name "Tally Setup" for "c:\program files\tallyprimeeditlog (3)\setup.exe", hr=0x0 2026-02-07T17:05:58.892 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-libraryloader-l1-1-0.dll", hr=0x0 2026-02-07T17:06:00.181 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-eventing-legacy-l1-1-0.dll", hr=0x0 2026-02-07T17:06:03.071 Engine:Setting original file name "audioepb.dll.mui" for "c:\windows\system32\en-us\audioendpointbuilder.dll.mui", hr=0x0 2026-02-07T17:06:03.121 Engine:Setting original file name "ImagingDevices.cpl.mui" for "c:\windows\winsxs\x86_microsoft-windows-i..trolpanel.resources_31bf3856ad364e35_10.0.17763.1_en-us_6bdc508f71f0f023\imagingdevices.exe.mui", hr=0x0 2026-02-07T17:06:04.043 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-timezone-l1-1-0.dll", hr=0x0 2026-02-07T17:06:04.883 Engine:Setting original file name "penusa.dll" for "c:\program files (x86)\common files\microsoft shared\ink\penchs.dll", hr=0x0 2026-02-07T17:06:05.110 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-errorhandling-l1-1-0.dll", hr=0x0 2026-02-07T17:06:05.333 Engine:Setting original file name "MSVidCtl" for "c:\windows\system32\en-us\msvidctl.dll.mui", hr=0x0 2026-02-07T17:06:05.431 Engine:Setting original file name "sbscmp10.dll" for "c:\windows\winsxs\x86_netfx-sbs_sys_enterprisesvc_dll_31bf3856ad364e35_10.0.17763.1_none_f5d0a7ecc59d9f58\sbs_system.enterpriseservices.dll", hr=0x0 2026-02-07T17:06:05.494 Engine:Setting original file name "Windows SDK" for "c:\windows\system32\winmetadata\windows.media.winmd", hr=0x0 2026-02-07T17:06:05.852 Engine:Setting original file name "TARGET_NAME.dll" for "c:\program files\microsoft office\root\office16\cpprestsdk.dll", hr=0x0 2026-02-07T17:06:06.078 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-file-l1-2-1.dll", hr=0x0 2026-02-07T17:06:07.456 Engine:Setting original file name "powershell.exe" for "c:\windows\system32\windowspowershell\v1.0\powershell.exe", hr=0x0 2026-02-07T17:06:08.820 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-eventing-classicprovider-l1-1-0.dll", hr=0x0 2026-02-07T17:06:09.685 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-registry-l2-1-0.dll", hr=0x0 2026-02-07T17:06:09.820 Engine:Setting original file name "SensorsPerformanceEvents.dll.mui" for "c:\windows\system32\en-us\sensorperformanceevents.dll.mui", hr=0x0 2026-02-07T17:06:09.960 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-threadpool-l1-2-0.dll", hr=0x0 2026-02-07T17:06:09.980 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-memory-l1-1-1.dll", hr=0x0 2026-02-07T17:06:10.073 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\api-ms-win-core-file-l2-1-0.dll", hr=0x0 2026-02-07T17:06:10.540 Engine:Setting original file name "LODCTR.DLL.MUI" for "c:\windows\winsxs\amd64_microsoft-windows-p..xecutable.resources_31bf3856ad364e35_10.0.17763.1_en-us_5a008fb4bc58faa4\loadperf.dll.mui", hr=0x0 2026-02-07T17:06:11.729 Engine:Setting original file name "empty" for "c:\manager\licence\bin\clrcompression.dll", hr=0x0 2026-02-07T17:06:13.176 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-memory-l1-1-2.dll", hr=0x0 2026-02-07T17:06:13.495 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-fibers-l1-1-0.dll", hr=0x0 2026-02-07T17:06:13.941 Engine:Setting original file name "Microsoft® Windows® Operating System" for "c:\windows\system32\aitstatic.exe", hr=0x0 2026-02-07T17:06:15.556 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-io-l1-1-0.dll", hr=0x0 2026-02-07T17:06:16.589 Engine:Setting original file name "MSCOREE.DLL" for "c:\windows\winsxs\amd64_netfx-mscoree_tlb_b03f5f7f11d50a3a_10.0.17763.1_none_57db62d5ffb05363\mscoree.tlb", hr=0x0 2026-02-07T17:06:16.720 Engine:Setting original file name "setup" for "c:\programdata\package cache\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}\vc_redist.x86.exe", hr=0x0 2026-02-07T17:06:16.759 Engine:Setting original file name "System.EnterpriseServices.dll" for "c:\windows\winsxs\amd64_netfx4-system_enterpriseservices_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_18a048c882317d25\system.enterpriseservices.tlb", hr=0x0 2026-02-07T17:06:17.475 Engine:Setting original file name "targetmgr" for "c:\windows\winsxs\amd64_microsoft-windows-f..targetmgr.resources_31bf3856ad364e35_10.0.17763.1_en-us_61e66740e8f216f5\targetmgr.exe.mui", hr=0x0 2026-02-07T17:06:18.022 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-c..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_c8bf93a1ea0d4b2f\api-ms-win-core-com-l1-1-0.dll", hr=0x0 2026-02-07T17:06:18.787 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\it-it\memtest.efi.mui", hr=0x0 2026-02-07T17:06:19.026 Engine:Setting original file name "KMDDSP.TSP.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-rasbase.resources_31bf3856ad364e35_10.0.17763.1_en-us_4edd7b2b0dcac8a6_kmddsp.tsp.mui_80ddeedb", hr=0x0 2026-02-07T17:06:19.681 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.devices.winmd", hr=0x0 2026-02-07T17:06:19.921 Engine:Setting original file name "BCP47Lang.dll" for "c:\windows\system32\bcp47langs.dll", hr=0x0 2026-02-07T17:06:21.040 Engine:Setting original file name "HeidiSQL" for "c:\program files (x86)\common files\mariadbshared\heidisql\heidisql.exe", hr=0x0 2026-02-07T17:06:22.185 Engine:Setting original file name "git.exe" for "c:\program files\git\cmd\git-gui.exe", hr=0x0 2026-02-07T17:06:23.083 Engine:Setting original file name "Windows.Internal.ShellCommon.DevicePairingExperienceMEM.dll.MUI" for "c:\windows\system32\en-us\devicepairingexperiencemem.dll.mui", hr=0x0 2026-02-07T17:06:23.111 Engine:Setting original file name "winsqlite3" for "c:\windows\system32\winsqlite3.dll", hr=0x0 2026-02-07T17:06:24.577 Engine:Setting original file name "System.Drawing.dll" for "c:\windows\microsoft.net\framework\v2.0.50727\system.drawing.tlb", hr=0x0 2026-02-07T17:06:26.222 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\zh-tw\msprivs.dll.mui", hr=0x0 2026-02-07T17:06:27.478 Engine:Setting original file name "bootres" for "c:\windows\winsxs\amd64_microsoft-windows-bootres.resources_31bf3856ad364e35_10.0.17763.1_en-us_d28b5274aecae1e5\bootres.dll.mui", hr=0x0 2026-02-07T17:06:28.755 Engine:Setting original file name "Windows SDK" for "c:\windows\system32\winmetadata\windows.storage.winmd", hr=0x0 2026-02-07T17:06:29.990 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\zh-cn\memtest.efi.mui", hr=0x0 2026-02-07T17:06:30.005 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-timezone-l1-1-0.dll", hr=0x0 2026-02-07T17:06:31.061 Engine:Setting original file name "DeviceCategories.dll" for "c:\windows\system32\ddores.dll", hr=0x0 2026-02-07T17:06:31.283 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-url-l1-1-0.dll", hr=0x0 2026-02-07T17:06:31.297 Engine:Setting original file name "PSAPI" for "c:\windows\syswow64\psapi.dll", hr=0x0 2026-02-07T17:06:31.453 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-processthreads-l1-1-2.dll", hr=0x0 2026-02-07T17:06:32.519 Engine:Setting original file name "shimconsole.exe" for "c:\program files\common files\oracle\java\javapath_target_1206494656\java.exe", hr=0x0 2026-02-07T17:06:33.764 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-xstate-l2-1-0.dll", hr=0x0 2026-02-07T17:06:36.162 Engine:Setting original file name "sens.dll.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-sens-service.resources_31bf3856ad364e35_10.0.17763.1_en-us_0607cde57a2ea2cc_sens.dll.mui_64739194", hr=0x0 2026-02-07T17:06:36.538 Engine:Setting original file name "bootstr.exe.mui" for "c:\windows\system32\en-us\bootstr.dll.mui", hr=0x0 2026-02-07T17:06:38.524 Engine:Setting original file name "Adobe PDF Toolbar for IE" for "c:\program files\common files\adobe\acrobat\wcieactivex\dc\x64\acroiefavstub.dll", hr=0x0 2026-02-07T17:06:38.553 Engine:Setting original file name "nbtinfo.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-nbtstat.resources_31bf3856ad364e35_10.0.17763.1_en-us_ac36a91c73bfce21\nbtstat.exe.mui", hr=0x0 2026-02-07T17:06:38.876 Engine:Setting original file name "NearByShareExperience.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-i..xperience.resources_31bf3856ad364e35_10.0.17763.1_en-us_eca21517d6d5f82e\microsoft-windows-internal-shell-nearshareexperience.dll.mui", hr=0x0 2026-02-07T17:06:40.485 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-processthreads-l1-1-2.dll", hr=0x0 2026-02-07T17:06:41.036 Engine:Setting original file name ""mshwLatin.dll".mui" for "c:\program files (x86)\common files\microsoft shared\ink\en-us\mshwlatin.dll.mui", hr=0x0 2026-02-07T17:06:42.610 Engine:Setting original file name "WindowsSpeakerReco.dll" for "c:\program files\microsoft office\root\office16\windowsspeakerrecosdk.dll", hr=0x0 2026-02-07T17:06:42.750 Engine:Setting original file name "WIADSS DLL" for "c:\windows\winsxs\amd64_microsoft-windows-w..aincompat.resources_31bf3856ad364e35_10.0.17763.1_en-us_42a2f01362154e35\wiadss.dll.mui", hr=0x0 2026-02-07T17:06:43.171 Engine:Setting original file name "WerMgr" for "c:\windows\system32\wermgr.exe", hr=0x0 2026-02-07T17:06:43.455 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-eventlog-legacy-l1-1-0.dll", hr=0x0 2026-02-07T17:06:43.803 Engine:Setting original file name "ScreenMagnifier.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-magnify.resources_31bf3856ad364e35_10.0.17763.1_en-us_e652eaab44cc724a\magnify.exe.mui", hr=0x0 2026-02-07T17:06:44.410 Engine:Setting original file name "MMFUtil.exe.mui" for "c:\windows\winsxs\wow64_microsoft-windows-w..t-snapins.resources_31bf3856ad364e35_10.0.17763.1_en-us_d3fb56d7d58de414\mmfutil.dll.mui", hr=0x0 2026-02-07T17:06:47.224 Engine:Setting original file name "DefaultGPOFix" for "c:\windows\winsxs\x86_microsoft-windows-g..o-restore.resources_31bf3856ad364e35_10.0.17763.1_en-us_6321be2e49b57bc1\dcgpofix.exe.mui", hr=0x0 2026-02-07T17:06:47.670 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\qps-ploc\memtest.efi.mui", hr=0x0 2026-02-07T17:06:48.605 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\fi-fi\memtest.efi.mui", hr=0x0 2026-02-07T17:06:49.033 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\office16\api-ms-win-core-localization-l1-2-0.dll", hr=0x0 2026-02-07T17:06:49.701 Engine:Setting original file name "user32" for "c:\windows\syswow64\user32.dll", hr=0x0 2026-02-07T17:06:50.209 Engine:Setting original file name "Windows.StateRepositoryBroker.dll" for "c:\windows\system32\windows.staterepositoryclient.dll", hr=0x0 2026-02-07T17:06:52.198 Engine:Setting original file name "security.dll" for "c:\windows\syswow64\sspicli.dll", hr=0x0 2026-02-07T17:06:53.484 Engine:Setting original file name "Microsoft® Windows® Operating System" for "c:\windows\winsxs\amd64_microsoft-windows-a..on-logger.resources_31bf3856ad364e35_10.0.17763.1_en-us_8a5e32c180625499\aeevts.dll.mui", hr=0x0 2026-02-07T17:06:54.983 Engine:Setting original file name "clusapi" for "c:\windows\system32\en-us\clusapi.dll.mui", hr=0x0 2026-02-07T17:06:55.520 Engine:Setting original file name "filterLib.dll" for "c:\windows\syswow64\fltlib.dll", hr=0x0 2026-02-07T17:06:58.094 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-crt-stdio-l1-1-0.dll", hr=0x0 2026-02-07T17:06:58.955 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\office16\api-ms-win-crt-private-l1-1-0.dll", hr=0x0 2026-02-07T17:06:59.906 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-synch-l1-1-0.dll", hr=0x0 2026-02-07T17:06:59.962 Engine:Setting original file name "user32" for "c:\windows\system32\user32.dll", hr=0x0 2026-02-07T17:06:59.973 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_6208593b31ff9592\api-ms-win-eventing-controller-l1-1-0.dll", hr=0x0 2026-02-07T17:07:01.837 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-shlwapi-obsolete-l1-1-0.dll", hr=0x0 2026-02-07T17:07:02.992 Engine:Setting original file name "netcfgx.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-tcpip.resources_31bf3856ad364e35_10.0.17763.1_en-us_bd08633e254d6a99\tcpipcfg.dll.mui", hr=0x0 2026-02-07T17:07:04.088 Engine:Setting original file name " " for "c:\program files\microsoft vs code\unins000.exe", hr=0x0 2026-02-07T17:07:04.254 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-processenvironment-l1-2-0.dll", hr=0x0 2026-02-07T17:07:04.641 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\api-ms-win-crt-multibyte-l1-1-0.dll", hr=0x0 2026-02-07T17:07:04.844 Engine:Setting original file name "Tally Setup" for "c:\program files\tallyprimeeditlog (2)\setup.exe", hr=0x0 2026-02-07T17:07:05.267 Engine:Setting original file name "MSCOREE.DLL" for "c:\windows\winsxs\x86_netfx4-mscoree_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_d337c9373f0e13b8\mscoree.tlb", hr=0x0 2026-02-07T17:07:10.375 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\nl-nl\memtest.efi.mui", hr=0x0 2026-02-07T17:07:10.754 Engine:Setting original file name "CertPKICmdlet" for "c:\windows\winsxs\amd64_microsoft.certifica..ts.native.resources_31bf3856ad364e35_10.0.17763.1_en-us_c877ddc9c9d4decb\certpkicmdlet.dll.mui", hr=0x0 2026-02-07T17:07:11.849 Engine:Setting original file name "w32time.dll.mui" for "c:\windows\system32\en-us\w32tm.exe.mui", hr=0x0 2026-02-07T17:07:13.758 Engine:Setting original file name "sbscmp10.dll" for "c:\windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.17763.1_none_fb1eb83d06e1a353\sharedreg12.dll", hr=0x0 2026-02-07T17:07:13.968 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\x86_microsoft-windows-o..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_d5c4712a21f80a67\api-ms-win-shcore-stream-l1-1-0.dll", hr=0x0 2026-02-07T17:07:14.569 Engine:Setting original file name "DWrite" for "c:\windows\system32\en-us\dwrite.dll.mui", hr=0x0 2026-02-07T17:07:16.181 Engine:Setting original file name "XLCALL.DLL" for "c:\program files\microsoft office\root\office16\xlcall32.dll", hr=0x0 2026-02-07T17:07:16.409 Engine:Setting original file name ""EventTracingManagement.dll".mui" for "c:\windows\winsxs\amd64_microsoft-windows-e..2provider.resources_31bf3856ad364e35_10.0.17763.1_en-us_4338e3bad64c10c7\eventtracingmanagement.dll.mui", hr=0x0 2026-02-07T17:07:16.773 Engine:Setting original file name "Windows SDK" for "c:\windows\system32\winmetadata\windows.data.winmd", hr=0x0 2026-02-07T17:07:17.966 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-file-l2-1-1.dll", hr=0x0 2026-02-07T17:07:19.605 Engine:Setting original file name "libssl" for "c:\program files (x86)\internet download manager\libssl.dll", hr=0x0 2026-02-07T17:07:20.202 Engine:Setting original file name "sqlaccess" for "c:\windows\winsxs\amd64_microsoft-windows-wid_31bf3856ad364e35_10.0.17763.1_none_9870f12fb40ec83a\sqlaccess.dll", hr=0x0 2026-02-07T17:07:20.271 Engine:Setting original file name "MFC40.DLL.MUI" for "c:\windows\syswow64\en-us\mfc40u.dll.mui", hr=0x0 2026-02-07T17:07:20.346 Engine:Setting original file name "idmmzcc.dll" for "c:\program files (x86)\internet download manager\idmmzcc7_64.dll", hr=0x0 2026-02-07T17:07:20.380 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-debug-l1-1-1.dll", hr=0x0 2026-02-07T17:07:21.067 Engine:Setting original file name "URLRedirection.dll" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\urlredir.dll", hr=0x0 2026-02-07T17:07:21.289 Engine:Setting original file name "penusa.dll" for "c:\program files (x86)\common files\microsoft shared\ink\pipres.dll", hr=0x0 2026-02-07T17:07:21.708 Engine:Setting original file name "MSACC9.OLB" for "c:\program files\microsoft office\root\office16\msacc.olb", hr=0x0 2026-02-07T17:07:23.247 Engine:Setting original file name "Apphelp" for "c:\windows\winsxs\backup\wow64_microsoft-windows-a..structure.resources_31bf3856ad364e35_10.0.17763.1_en-us_f342dcde232b0063_apphelp.dll.mui_59096153", hr=0x0 2026-02-07T17:07:23.481 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_6208593b31ff9592\api-ms-win-security-cryptoapi-l1-1-0.dll", hr=0x0 2026-02-07T17:07:24.099 Engine:Setting original file name "imapi.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-i..egacyshim.resources_31bf3856ad364e35_10.0.17763.1_en-us_143a195f713bf014\imapi.dll.mui", hr=0x0 2026-02-07T17:07:24.659 Engine:Setting original file name "TSSignTool.exe.mui" for "c:\windows\system32\en-us\rdpsign.exe.mui", hr=0x0 2026-02-07T17:07:25.083 Engine:Setting original file name "msvcr100_clr0400.dll" for "c:\windows\system32\msvcr100.dll", hr=0x0 2026-02-07T17:07:27.644 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\office16\api-ms-win-core-processthreads-l1-1-1.dll", hr=0x0 2026-02-07T17:07:28.699 Engine:Setting original file name "Microsoft.Vsa.dll" for "c:\windows\microsoft.net\framework64\v2.0.50727\microsoft.vsa.tlb", hr=0x0 2026-02-07T17:07:29.195 Engine:Setting original file name "filterLib.dll.mui" for "c:\windows\system32\en-us\fltlib.dll.mui", hr=0x0 2026-02-07T17:07:29.860 Engine:Setting original file name ""TextInputFramework.DYNLINK"" for "c:\windows\system32\textinputframework.dll", hr=0x0 2026-02-07T17:07:30.096 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-processthreads-l1-1-1.dll", hr=0x0 2026-02-07T17:07:31.785 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-eventing-controller-l1-1-0.dll", hr=0x0 2026-02-07T17:07:31.991 Engine:Setting original file name "PCW_DiagPackage.dll.mui" for "c:\windows\diagnostics\system\pcw\en-us\diagpackage.dll.mui", hr=0x0 2026-02-07T17:07:34.942 Engine:Setting original file name "WUDFHost.exe.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-d..-usermode.resources_31bf3856ad364e35_10.0.17763.1_en-us_b7aa707aafd4e071_wudfhost.exe.mui_1fc689ff", hr=0x0 2026-02-07T17:07:35.297 Engine:Setting original file name "git.exe" for "c:\program files\git\cmd\scalar.exe", hr=0x0 2026-02-07T17:07:35.510 Engine:Setting original file name "sbscmp10.dll" for "c:\windows\winsxs\x86_netfx-sbs_mscorrc_dll_31bf3856ad364e35_10.0.17763.1_none_36012ac10d1b059e\sbs_mscorrc.dll", hr=0x0 2026-02-07T17:07:35.707 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\office16\api-ms-win-crt-stdio-l1-1-0.dll", hr=0x0 2026-02-07T17:07:36.254 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-service-management-l1-1-0.dll", hr=0x0 2026-02-07T17:07:36.570 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-delayload-l1-1-0.dll", hr=0x0 2026-02-07T17:07:37.170 Engine:Setting original file name "evcreate.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-eventcreate.resources_31bf3856ad364e35_10.0.17763.1_en-us_093c3fa01f64dd5f\eventcreate.exe.mui", hr=0x0 2026-02-07T17:07:40.985 Engine:Setting original file name "MSPPT12.OLB" for "c:\program files\microsoft office\root\office16\msppt.olb", hr=0x0 2026-02-07T17:07:41.718 Engine:Setting original file name "MrmCore.dll" for "c:\windows\syswow64\mrmcorer.dll", hr=0x0 2026-02-07T17:07:41.728 Engine:Setting original file name "penusa.dll" for "c:\program files (x86)\common files\microsoft shared\ink\skchobj.dll", hr=0x0 2026-02-07T17:07:42.441 Engine:Setting original file name "CLEANMGR.DLL.MUI" for "c:\windows\system32\en-us\cleanmgr.exe.mui", hr=0x0 2026-02-07T17:07:42.633 Engine:Setting original file name "Android Studio" for "c:\program files\android\android studio\uninstall.exe", hr=0x0 2026-02-07T17:07:43.451 Engine:Setting original file name "ServDeps.exe.mui" for "c:\windows\winsxs\wow64_microsoft-windows-w..t-snapins.resources_31bf3856ad364e35_10.0.17763.1_en-us_d3fb56d7d58de414\servdeps.dll.mui", hr=0x0 2026-02-07T17:07:45.891 Engine:Setting original file name "AppVEntSubsystems.dll" for "c:\windows\syswow64\appventsubsystems32.dll", hr=0x0 2026-02-07T17:07:46.050 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-profile-l1-1-0.dll", hr=0x0 2026-02-07T17:07:47.385 Engine:Setting original file name ".NET Host Policy - 5.0.0" for "c:\manager\licence\bin\hostpolicy.dll", hr=0x0 2026-02-07T17:07:47.831 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-handle-l1-1-0.dll", hr=0x0 2026-02-07T17:07:47.983 Engine:Setting original file name "oledsldp" for "c:\windows\system32\en-us\adsmsext.dll.mui", hr=0x0 2026-02-07T17:07:48.124 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-memory-l1-1-2.dll", hr=0x0 2026-02-07T17:07:48.215 Engine:Setting original file name "VpnSohDesktop.dll.mui" for "c:\windows\system32\en-us\windows.perception.stub.dll.mui", hr=0x0 2026-02-07T17:07:48.237 Engine:Setting original file name "CertCli" for "c:\windows\system32\en-us\certcli.dll.mui", hr=0x0 2026-02-07T17:07:50.398 Engine:Setting original file name "iccvid.drv.mui" for "c:\windows\syswow64\en-us\iccvid.dll.mui", hr=0x0 2026-02-07T17:07:50.582 Engine:Setting original file name "setup" for "c:\programdata\package cache\{e7a7b1c1-36dd-4cae-bfcb-8bc676ab68c3}\powershell-7.5.4-win-x64.exe", hr=0x0 2026-02-07T17:07:50.602 Engine:Setting original file name "mavinject64.exe" for "c:\windows\system32\mavinject.exe", hr=0x0 2026-02-07T17:07:50.698 Engine:Setting original file name "AppVEntSubsystems.dll" for "c:\windows\system32\appventsubsystems64.dll", hr=0x0 2026-02-07T17:07:50.878 Engine:Setting original file name "winsqlite3" for "c:\windows\winsxs\wow64_microsoft-windows-winsqlite3_31bf3856ad364e35_10.0.17763.5696_none_6e26d5082fb1d30b\winsqlite3.dll", hr=0x0 2026-02-07T17:07:51.762 Engine:Setting original file name "audioadg.exe.mui" for "c:\windows\system32\en-us\audiodg.exe.mui", hr=0x0 2026-02-07T17:07:51.845 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.data.winmd", hr=0x0 2026-02-07T17:07:52.526 Engine:Setting original file name "FX_VER_INTERNALNAME_STR" for "c:\manager\licence\bin\mscorrc.dll", hr=0x0 2026-02-07T17:07:53.963 Engine:Setting original file name "GitHub Desktop" for "c:\users\administrator\appdata\local\githubdesktop\githubdesktop.exe", hr=0x0 2026-02-07T17:07:54.164 Engine:Setting original file name "MSCORLIB.DLL" for "c:\windows\winsxs\x86_netfx4-mscorlib_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_53015c3aad4760ed\mscorlib.tlb", hr=0x0 2026-02-07T17:07:54.977 Engine:Setting original file name "dxmasf.dll" for "c:\windows\syswow64\msdxm.ocx", hr=0x0 2026-02-07T17:07:56.495 Engine:Setting original file name "gprslt.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-g..linetools.resources_31bf3856ad364e35_10.0.17763.1_en-us_84d8c08cfe8bdc4e\gpresult.exe.mui", hr=0x0 2026-02-07T17:07:57.807 Engine:Setting original file name "SSystemPropertiesProtection.EXE.MUI" for "c:\windows\system32\en-us\systempropertiesprotection.exe.mui", hr=0x0 2026-02-07T17:07:58.017 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-datetime-l1-1-1.dll", hr=0x0 2026-02-07T17:07:58.792 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\api-ms-win-crt-filesystem-l1-1-0.dll", hr=0x0 2026-02-07T17:07:58.845 Engine:Setting original file name "UNKNOWN_FILE" for "c:\windows\winsxs\x86_netfx-sys_windows_forms_tlb_b03f5f7f11d50a3a_10.0.17763.1_none_54001bc1d6d8ab30\system.windows.forms.tlb", hr=0x0 2026-02-07T17:08:00.040 Engine:Setting original file name "mpg4dmod.dll" for "c:\windows\system32\mp43decd.dll", hr=0x0 2026-02-07T17:08:01.155 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-sysinfo-l1-2-0.dll", hr=0x0 2026-02-07T17:08:01.306 Engine:Setting original file name "WMIC.exe" for "c:\windows\winsxs\wow64_microsoft-windows-w..ommand-line-utility_31bf3856ad364e35_10.0.17763.1_none_9cc4699659612012\wmic.exe", hr=0x0 2026-02-07T17:08:01.497 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-shutdown-l1-1-0.dll", hr=0x0 2026-02-07T17:08:03.087 Engine:Setting original file name "ndisimplatwmi.DLL.MUI" for "c:\windows\syswow64\wbem\en-us\ndisimplatcim.dll.mui", hr=0x0 2026-02-07T17:08:03.589 Engine:Setting original file name "mscordaccore.dll" for "c:\users\administrator\downloads\compressed\managerserver-win-x64_10\mscordaccore_amd64_amd64_8.0.724.31311.dll", hr=0x0 2026-02-07T17:08:03.867 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-stringansi-l1-1-0.dll", hr=0x0 2026-02-07T17:08:04.685 Engine:Setting original file name "KSLDriver.sys" for "c:\windows\system32\mpenginestore\mpksldrv.sys", hr=0x0 2026-02-07T17:08:05.723 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\pt-br\msprivs.dll.mui", hr=0x0 2026-02-07T17:08:07.205 Engine:Setting original file name "Tally Setup" for "c:\program files\tallyprimeeditlog (1)\setup.exe", hr=0x0 2026-02-07T17:08:07.719 Engine:Setting original file name "SaveAsWebVML.vsl" for "c:\program files\microsoft office\root\office16\savwbras.dll", hr=0x0 2026-02-07T17:08:07.966 Engine:Setting original file name "msedgeupdate.dll" for "c:\program files (x86)\microsoft\edgeupdate\1.3.217.3\psmachine_64.dll", hr=0x0 2026-02-07T17:08:08.748 Engine:Setting original file name "devinfoset.DLL" for "c:\windows\winsxs\wow64_microsoft-onecore-pnp-devicemanagement_31bf3856ad364e35_10.0.17763.2145_none_9b5bd494641118e6\devobj.dll", hr=0x0 2026-02-07T17:08:08.787 Engine:Setting original file name "Ribbons" for "c:\windows\winsxs\amd64_microsoft-windows-ribbons.resources_31bf3856ad364e35_10.0.17763.1_en-us_ec3052a9df5f4b2c\ribbons.scr.mui", hr=0x0 2026-02-07T17:08:12.482 Engine:Setting original file name "Mystify" for "c:\windows\winsxs\amd64_microsoft-windows-mystify.resources_31bf3856ad364e35_10.0.17763.1_en-us_3eaef1343edc066c\mystify.scr.mui", hr=0x0 2026-02-07T17:08:13.035 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-memory-l1-1-0.dll", hr=0x0 2026-02-07T17:08:13.976 Engine:Setting original file name "SETUP.EXE.MUI" for "c:\windows\syswow64\en-us\setup16.exe.mui", hr=0x0 2026-02-07T17:08:14.868 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-xstate-l1-1-0.dll", hr=0x0 2026-02-07T17:08:15.646 Engine:Setting original file name "FontCacheService" for "c:\windows\system32\en-us\fntcache.dll.mui", hr=0x0 2026-02-07T17:08:16.362 Engine:Setting original file name "setup" for "c:\program files\google\chrome\application\144.0.7559.133\installer\setup.exe", hr=0x0 2026-02-07T17:08:16.688 Engine:Setting original file name "BITS_DiagPackage.dll.mui" for "c:\windows\diagnostics\system\bits\en-us\diagpackage.dll.mui", hr=0x0 2026-02-07T17:08:20.123 Engine:Setting original file name "SOA1000.DLL" for "c:\program files\microsoft office\root\office16\soa.dll", hr=0x0 2026-02-07T17:08:20.291 Engine:Setting original file name "MPRDIM.DLL.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-rasserver.resources_31bf3856ad364e35_10.0.17763.1_en-us_6c06fe2b1464c7cc_mprdim.dll.mui_11b5ef08", hr=0x0 2026-02-07T17:08:20.523 Engine:Setting original file name "msvcr100_clr0400.dll" for "c:\program files\microsoft office\root\vfs\system\msvcr100.dll", hr=0x0 2026-02-07T17:08:20.951 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-localization-obsolete-l1-2-0.dll", hr=0x0 2026-02-07T17:08:21.505 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-crt-private-l1-1-0.dll", hr=0x0 2026-02-07T17:08:24.314 Engine:Setting original file name "memdiag.exe" for "c:\windows\winsxs\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.17763.107_ru-ru_7f54e2c195f987c6\memtest.exe.mui", hr=0x0 2026-02-07T17:08:24.489 Engine:Setting original file name "MSJINT40.DLL" for "c:\windows\syswow64\en-us\msjint40.dll.mui", hr=0x0 2026-02-07T17:08:25.561 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\el-gr\msprivs.dll.mui", hr=0x0 2026-02-07T17:08:26.194 Engine:Setting original file name "MediumIL" for "c:\program files (x86)\internet download manager\mediumilstart.exe", hr=0x0 2026-02-07T17:08:26.383 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-crt-conio-l1-1-0.dll", hr=0x0 2026-02-07T17:08:27.611 Engine:Setting original file name "CMMIGR.DLL" for "c:\windows\syswow64\setup\pbkmigr.dll", hr=0x0 2026-02-07T17:08:28.009 Engine:Setting original file name "digsig32.dll" for "c:\program files\microsoft office\root\office16\exsec32.dll", hr=0x0 2026-02-07T17:08:28.782 Engine:Setting original file name "DeviceCategories.dll.mui" for "c:\windows\system32\en-us\ddores.dll.mui", hr=0x0 2026-02-07T17:08:29.127 Engine:Setting original file name "EtwEseProviderResources" for "c:\windows\winsxs\wow64_microsoft-etw-ese.resources_31bf3856ad364e35_10.0.17763.1_en-us_ef6d6d2b6c07370c\etweseproviderresources.dll.mui", hr=0x0 2026-02-07T17:08:32.438 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-processenvironment-l1-2-0.dll", hr=0x0 2026-02-07T17:08:34.314 Engine:Setting original file name "WUDFPf.sys.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-d..-usermode.resources_31bf3856ad364e35_10.0.17763.1_en-us_b7aa707aafd4e071_wudfpf.sys.mui_f61e9e86", hr=0x0 2026-02-07T17:08:34.655 Engine:Setting original file name "TSThemeS.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-t..ces-theme.resources_31bf3856ad364e35_10.0.17763.1_en-us_c2c2ce7a9a17fba3\tstheme.exe.mui", hr=0x0 2026-02-07T17:08:36.559 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-memory-l1-1-1.dll", hr=0x0 2026-02-07T17:08:36.619 Engine:Setting original file name "Microsoft.RightsManagementServices.Admin.SnapinAbout.dll.MUI" for "c:\windows\winsxs\amd64_microsoft-windows-r..resources.resources_31bf3856ad364e35_10.0.17763.1_en-us_55b81315ae52fc40\microsoft.rightsmanagementservices.admin.snapinaboutresource.dll.mui", hr=0x0 2026-02-07T17:08:36.777 Engine:Setting original file name "DynaMon.dll.mui" for "c:\windows\system32\en-us\usbmon.dll.mui", hr=0x0 2026-02-07T17:08:37.409 Engine:Setting original file name "ISOLMIG.DLL" for "c:\windows\syswow64\migisol.dll", hr=0x0 2026-02-07T17:08:37.780 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\pcat\el-gr\memtest.exe.mui", hr=0x0 2026-02-07T17:08:37.887 Engine:Setting original file name "Device_DiagPackage.dll.mui" for "c:\windows\diagnostics\system\device\en-us\diagpackage.dll.mui", hr=0x0 2026-02-07T17:08:40.960 Engine:Setting original file name "Microsoft.JScript.dll" for "c:\windows\winsxs\amd64_netfx-scripting_engine_tlb_b03f5f7f11d50a3a_10.0.17763.1_none_29fc1fee5bcc4465\microsoft.jscript.tlb", hr=0x0 2026-02-07T17:08:40.975 Engine:Setting original file name "ProMgr.dll" for "c:\program files\microsoft office\root\office16\propmgr.dll", hr=0x0 2026-02-07T17:08:41.229 Engine:Setting original file name "WLRMNDR.EXE.MUI" for "c:\windows\winsxs\amd64_microsoft-windows-w..gon-tools.resources_31bf3856ad364e35_10.0.17763.1_en-us_06727a76e9dd94de\wlrmdr.exe.mui", hr=0x0 2026-02-07T17:08:43.507 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\sv-se\memtest.efi.mui", hr=0x0 2026-02-07T17:08:43.755 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-base-util-l1-1-0.dll", hr=0x0 2026-02-07T17:08:44.922 Engine:Setting original file name "SaveAsWebHF.vsl" for "c:\program files\microsoft office\root\office16\savwbhf.dll", hr=0x0 2026-02-07T17:08:45.819 Engine:Setting original file name "libcrypto" for "c:\program files (x86)\internet download manager\libcrypto.dll", hr=0x0 2026-02-07T17:08:46.067 Engine:Setting original file name "Register-CimProvider2.exe.mui" for "c:\windows\winsxs\wow64_microsoft-windows-w..vider-exe.resources_31bf3856ad364e35_10.0.17763.1_en-us_25273528434aea61\register-cimprovider.exe.mui", hr=0x0 2026-02-07T17:08:46.766 Engine:Setting original file name "ProjectModel.dll" for "c:\program files\microsoft office\root\office16\projmodl.dll", hr=0x0 2026-02-07T17:08:47.290 Engine:Setting original file name "gdi32" for "c:\windows\system32\gdi32.dll", hr=0x0 2026-02-07T17:08:47.405 Engine:Setting original file name "schtasks.exe" for "c:\windows\system32\schtasks.exe", hr=0x0 2026-02-07T17:08:47.758 Engine:Setting original file name "utilman2.exe.mui" for "c:\windows\system32\en-us\utilman.exe.mui", hr=0x0 2026-02-07T17:08:50.049 Engine:Setting original file name "dwmcore" for "c:\windows\winsxs\amd64_microsoft-windows-d..ompositor.resources_31bf3856ad364e35_10.0.17763.1_en-us_54404e4dd1f94676\dwmcore.dll.mui", hr=0x0 2026-02-07T17:08:51.600 Engine:Setting original file name " " for "c:\users\administrator\downloads\composer-setup.exe", hr=0x0 2026-02-07T17:08:52.078 Engine:Setting original file name "mapistub.dll" for "c:\windows\system32\mapi32.dll", hr=0x0 2026-02-07T17:08:52.339 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-security-sddl-l1-1-0.dll", hr=0x0 2026-02-07T17:08:52.837 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-threadpool-private-l1-1-0.dll", hr=0x0 2026-02-07T17:08:52.957 Engine:Setting original file name "LyncHtmlConvPxy.cnv" for "c:\program files\microsoft office\root\office16\lynchtmlconvpxy.dll", hr=0x0 2026-02-07T17:08:53.901 Engine:Setting original file name "Adobe PDF Toolbar for IE" for "c:\program files\common files\adobe\acrobat\wcieactivex\dc\x64\acroiefavclient.dll", hr=0x0 2026-02-07T17:08:55.662 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-file-l1-2-1.dll", hr=0x0 2026-02-07T17:09:02.283 Engine:Setting original file name "WindowsUpdate_DiagPackage.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_10.0.17763.1_en-us_72c71197add3cdc6\diagpackage.dll.mui", hr=0x0 2026-02-07T17:09:02.840 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-stringloader-l1-1-1.dll", hr=0x0 2026-02-07T17:09:03.257 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-crt-multibyte-l1-1-0.dll", hr=0x0 2026-02-07T17:09:03.782 Engine:Setting original file name "sbscmp10.dll" for "c:\windows\winsxs\x86_netfx-sbs_wminet_utils_dll_31bf3856ad364e35_10.0.17763.1_none_9542401b25897567\sbs_wminet_utils.dll", hr=0x0 2026-02-07T17:09:04.242 Engine:Setting original file name "Windows.Security.Credentials.UI.CredentialPicker.exe" for "c:\windows\winsxs\wow64_microsoft-windows-s..y-credential-picker_31bf3856ad364e35_10.0.17763.1697_none_0851a88541e7c4ce\windows.security.credentials.ui.credentialpicker.dll", hr=0x0 2026-02-07T17:09:05.972 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\it-it\msprivs.dll.mui", hr=0x0 2026-02-07T17:09:06.139 Engine:Setting original file name "netiougc.exe.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-tcpip.resources_31bf3856ad364e35_10.0.17763.1_en-us_bd08633e254d6a99_netiougc.exe.mui_ad7a9e4d", hr=0x0 2026-02-07T17:09:06.224 Engine:Setting original file name "SR.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-narrator.resources_31bf3856ad364e35_10.0.17763.1_en-us_b71b946ba89732f6\narrator.exe.mui", hr=0x0 2026-02-07T17:09:09.008 Engine:Setting original file name "wersvc" for "c:\windows\system32\en-us\wersvc.dll.mui", hr=0x0 2026-02-07T17:09:09.948 Engine:Setting original file name "spwizres.dll" for "c:\windows\syswow64\spwizimg.dll", hr=0x0 2026-02-07T17:09:10.442 Engine:Setting original file name ".NET Host Resolver - 5.0.0" for "c:\manager\licence\bin\hostfxr.dll", hr=0x0 2026-02-07T17:09:10.592 Engine:Setting original file name "IPRTRMGR.DLL.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-rasserver.resources_31bf3856ad364e35_10.0.17763.1_en-us_6c06fe2b1464c7cc_iprtrmgr.dll.mui_eb023b92", hr=0x0 2026-02-07T17:09:12.698 Engine:Setting original file name "git.exe" for "c:\program files\git\git-cmd.exe", hr=0x0 2026-02-07T17:09:12.964 Engine:Setting original file name "OLBNAME" for "c:\program files\microsoft office\root\office16\msprj.olb", hr=0x0 2026-02-07T17:09:13.132 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-security-lsalookup-l2-1-1.dll", hr=0x0 2026-02-07T17:09:13.685 Engine:Setting original file name "System.Drawing.dll" for "c:\windows\winsxs\amd64_netfx4-system_drawing_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_0c09af3eb391f312\system.drawing.tlb", hr=0x0 2026-02-07T17:09:13.929 Engine:Setting original file name "DefaultGPOFix" for "c:\windows\winsxs\amd64_microsoft-windows-g..o-restore.resources_31bf3856ad364e35_10.0.17763.1_en-us_bf4059b20212ecf7\dcgpofix.exe.mui", hr=0x0 2026-02-07T17:09:14.513 Engine:Setting original file name "iismui" for "c:\windows\winsxs\amd64_microsoft-windows-i..acysnapin.resources_31bf3856ad364e35_10.0.17763.1_en-us_a8454c1deaba74c1\iismui.dll.mui", hr=0x0 2026-02-07T17:09:14.876 Engine:Setting original file name "SgrmEnclave.dll" for "c:\windows\system32\sgrmenclave_secure.dll", hr=0x0 2026-02-07T17:09:17.613 Engine:Setting original file name "idmcchandler.dll" for "c:\program files (x86)\internet download manager\idmcchandler2_64.dll", hr=0x0 2026-02-07T17:09:20.430 Engine:Setting original file name "rasauto.dll.mui" for "c:\windows\winsxs\backup\wow64_microsoft-windows-rasauto-mui.resources_31bf3856ad364e35_10.0.17763.1_en-us_c24c30edd2c9a5f1_rasauto.dll.mui_12fa2c50", hr=0x0 2026-02-07T17:09:20.919 Engine:Setting original file name "MicrosoftEdgeUpdateSetup.exe" for "c:\users\administrator\downloads\programs\microsoftedgesetup.exe", hr=0x0 2026-02-07T17:09:21.354 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\fi-fi\msprivs.dll.mui", hr=0x0 2026-02-07T17:09:21.535 Engine:Setting original file name "davsvc.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-w..r-webclnt.resources_31bf3856ad364e35_10.0.17763.1_en-us_3030de7428c7c284\webclnt.dll.mui", hr=0x0 2026-02-07T17:09:22.329 Engine:Setting original file name "WindowsMediaPlayerPlayDVD_DiagPackage.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_10.0.17763.1_en-us_9181baef114b29b6\diagpackage.dll.mui", hr=0x0 2026-02-07T17:09:22.947 Engine:Setting original file name "WIASERVC.DLL.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-w..eservices.resources_31bf3856ad364e35_10.0.17763.1_en-us_ca1d7e44124f7a48_wiaservc.dll.mui_54051b53", hr=0x0 2026-02-07T17:09:25.494 Engine:Setting original file name "LicProtectorEXE" for "c:\program files\vs revo group\revo uninstaller pro\ruplp.exe", hr=0x0 2026-02-07T17:09:27.521 Engine:Setting original file name "IEBrowseWeb_DiagPackage.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-i..iagnostic.resources_31bf3856ad364e35_10.0.17763.1_en-us_e34220f01fb2b602\diagpackage.dll.mui", hr=0x0 2026-02-07T17:09:28.833 Engine:Setting original file name "OGL" for "c:\program files\microsoft office\root\office16\ocogl.dll", hr=0x0 2026-02-07T17:09:29.502 Engine:Setting original file name "DrvInst.EXE.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-pnp-drvinst.resources_31bf3856ad364e35_10.0.17763.1_en-us_a6aff57dee6bf902_drvinst.exe.mui_e88f4c73", hr=0x0 2026-02-07T17:09:29.639 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-threadpool-legacy-l1-1-0.dll", hr=0x0 2026-02-07T17:09:30.229 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-heap-obsolete-l1-1-0.dll", hr=0x0 2026-02-07T17:09:31.255 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-kernel32-legacy-l1-1-1.dll", hr=0x0 2026-02-07T17:09:32.072 Engine:Setting original file name "partmgr.sys.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-p..onmanager.resources_31bf3856ad364e35_10.0.17763.1_en-us_eef1af88a2cfbd4e_partmgr.sys.mui_b800c491", hr=0x0 2026-02-07T17:09:33.067 Engine:Setting original file name "MPX Interface.DLL" for "c:\program files\microsoft office\root\office16\mpxint.dll", hr=0x0 2026-02-07T17:09:33.101 Engine:Setting original file name "intldate" for "c:\program files\microsoft office\root\office16\ocintldate.dll", hr=0x0 2026-02-07T17:09:33.501 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-string-obsolete-l1-1-0.dll", hr=0x0 2026-02-07T17:09:34.014 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-libraryloader-l1-1-0.dll", hr=0x0 2026-02-07T17:09:34.045 Engine:Setting original file name "pwsh.dll" for "c:\program files\powershell\7\pwsh.exe", hr=0x0 2026-02-07T17:09:34.089 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-processthreads-l1-1-1.dll", hr=0x0 2026-02-07T17:09:37.548 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-service-management-l2-1-0.dll", hr=0x0 2026-02-07T17:09:37.717 Engine:Setting original file name "ADs" for "c:\windows\system32\en-us\activeds.dll.mui", hr=0x0 2026-02-07T17:09:38.335 OriginalFileName Maintenance::8752 files in Moac, 0 skipped (cached), 320 filename set 2026-02-07T17:09:38.335 [AutoPurge] Routine task for Cache Maintenance has ended. 2026-02-07T17:13:56.050 CheckProductDisabled(fWaitWSC: 0, fRemoveConfigs: 1) ... 2026-02-07T17:13:56.156 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-07T17:13:56.156 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-07T17:13:56.156 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-07T17:13:56.156 [RTP] [RtpConfig] Config change detected, type: 4 2026-02-07T17:13:56.156 [RTP] [RtpConfig] Config change detected, type: 8 2026-02-07T17:13:56.156 [RTP] [RtpConfig] Config change detected, type: 16 2026-02-07T17:13:56.156 [RTP] [RtpConfig] Config change detected, type: 1024 2026-02-07T17:13:56.156 [RTP] [RtpConfig] Config change detected, type: 2048 2026-02-07T17:13:56.156 [RTP] Setting DisableAsyncScanOnClose to 0 (hr=0). 2026-02-07T17:13:56.156 [RTP] Setting DisableAsyncScanOnOpen to 0 in wdfilter (hr=0). 2026-02-07T17:13:56.156 [RTP] Setting FilterExperimentMode to 0 (hr=0). 2026-02-07T17:13:56.194 [NRI] Stopping NIS service ... 2026-02-07T17:13:56.195 [NRI] Stopping NIS service ... 2026-02-07T17:13:56.196 [NRI] Stopping NIS service ... 2026-02-07T17:13:56.196 [NRI] Stopping NIS service ... 2026-02-07T17:13:56.197 [NRI] Stopping NIS service ... 2026-02-07T17:13:56.278 [RTP] Setting DisableDriverUnload to 1 (hr=0). 2026-02-07T17:13:56.278 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-07T17:13:56.278 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-07T17:13:56.301 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-07T17:13:56.301 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-07T17:13:56.301 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-07T17:13:56.317 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-07T17:13:56.317 [RTP] [RTP] LastAccessTimeSuppression for network files is enabled by configuration. 2026-02-07T17:13:56.317 [RTP] [RtpConfig] Config change detected, type: 64 2026-02-07T17:13:58.660 [RTP] Duplicating the current plugin configuration object... 2026-02-07T17:13:58.660 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-07T17:13:58.660 [RTP] Updating plugin configuration due to recent config changes (0x43e) ... 2026-02-07T17:13:58.660 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-07T17:13:58.660 [RTP] Calling GenerateEngineConfigStruct (0x18) ... 2026-02-07T17:13:58.708 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x43e, Changed: 0x218 2026-02-07T17:19:00.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T17:34:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T17:49:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T18:04:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T18:19:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T18:34:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T18:49:30.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T19:04:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T19:19:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T19:23:55.387 [AutoPurge] AutoPurgeWorker triggered with dwWork=0x3 2026-02-07T19:23:55.388 Job Notification: New process added to job (17672) 2026-02-07T19:23:55.390 Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) launched 2026-02-07T19:23:55.391 Aggressive catchup quick scan threshold: 728653663220 / 25920000000000 2026-02-07T19:23:55.450 Job Notification: New process added to job (13304) 2026-02-07T19:23:55.487 [RTP] [Mini-filter] Denied OB operation OpenProcess[\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe][Pid:17672] from process [\Device\HarddiskVolume4\Windows\System32\conhost.exe][Pid:13304]. OriginalDesiredAccess: [0x1fffff] ResultingAccess: [0x1ff7d4] 2026-02-07T19:23:55.684 Job Notification: New process added to job (14212) 2026-02-07T19:23:55.684 Task(SignaturesUpdateService -ScheduleJob -UnmanagedUpdate) launched 2026-02-07T19:23:55.686 Job Notification: New process added to job (11764) 2026-02-07T19:23:55.689 [RTP] [Mini-filter] Denied OB operation OpenProcess[\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe][Pid:14212] from process [\Device\HarddiskVolume4\Windows\System32\conhost.exe][Pid:11764]. OriginalDesiredAccess: [0x1fffff] ResultingAccess: [0x1ff7d4] 2026-02-07T19:23:55.901 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-07T19:23:55.901 [RTP] Duplicating the current plugin configuration object... 2026-02-07T19:23:55.901 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-07T19:23:55.901 [RTP] Updating plugin configuration due to recent config changes (0x20) ... 2026-02-07T19:23:55.901 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-07T19:23:55.901 [RTP] No config change detected. Not updating plugin configuration. 2026-02-07T19:23:55.901 [RTP] No config changes found. No configuration switch. 2026-02-07T19:23:55.901 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x20, Changed: 0 2026-02-07T19:24:16.416 UpdateEngine start: Source: 1, szUpdateDirectory: C:\Windows\Temp\584E2D68-6138-46E2-AF39-2ECC0473CB143760.1dc98675626729e 2026-02-07T19:24:16.722 Verifying engine and signature files (source: 0) ... 2026-02-07T19:24:16.722 Skipped verification of [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{94ADE063-745B-436A-92A0-597CED6C0FC8}\mpengine.dll] due to PPL. 2026-02-07T19:24:16.722 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{94ADE063-745B-436A-92A0-597CED6C0FC8}\mpasbase.vdm] (file in cache) 2026-02-07T19:24:16.722 MpCacheManagerIsTrustedFile [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{94ADE063-745B-436A-92A0-597CED6C0FC8}\mpasdlta.vdm]. File not in cache (0x1) 2026-02-07T19:24:16.780 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{94ADE063-745B-436A-92A0-597CED6C0FC8}\mpasdlta.vdm] 2026-02-07T19:24:16.780 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{94ADE063-745B-436A-92A0-597CED6C0FC8}\mpavbase.vdm] (file in cache) 2026-02-07T19:24:16.780 MpCacheManagerIsTrustedFile [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{94ADE063-745B-436A-92A0-597CED6C0FC8}\mpavdlta.vdm]. File not in cache (0x1) 2026-02-07T19:24:16.809 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{94ADE063-745B-436A-92A0-597CED6C0FC8}\mpavdlta.vdm] 2026-02-07T19:24:17.132 [Engine] IsHybridMode: 0 2026-02-07T19:24:17.147 [KSL]KSL(1.1.25080.5) Is available via CAMP. KslDevice : KslD, TDTDevice : TDT 2026-02-07T19:24:17.347 Database:Can't find offline cache cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-69C0EEBCF8759217B553C86BB4DC203D9C16EACF.bin): 0x00000002 2026-02-07T19:24:17.348 Database:Creating offline cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-69C0EEBCF8759217B553C86BB4DC203D9C16EACF.bin) 2026-02-07T19:24:17.391 Database:Product:1, ProductVersion:5, Platform:6, PlatformVersion:19, IsBeta:0, IsAdvancedAtLoad:0, IsParanoid: 0, IsOffline: 0 2026-02-07T19:24:17.391 Database:IsEmbedded: 0, IsIEVEnabled: 0, IsServerSku: 1, IsRsdhSku: 1, IsEnterpriseProduct: 0, IsMsft: 0, IsSeville: 0, IsMsSense: 0, IsImmune: 0, IsMba: 0, IsPus: 0, IsManaged: 0, IsSmode: 0 2026-02-07T19:24:17.391 Database:IsAutoSubmit:0, IsPusRem:0, LoadedAS:1, LoadedAV:1, LoadedInternal: 0, PassiveMode: 0, SxsPassiveMode:0, IsDevMode:0, IsTestSigning:0, IsWCOS: 0, IsInsideContainer: 0, IsHybridMode: 0 2026-02-07T19:24:17.391 Database:kLCID:1033, kOsVersion:655360, kProcessorArch:9, dwIsTest:0, fTdtCapable:0, fTdtUVE:0, dwTDTSiloType:0, kOOsVersion:655360, kOsSP:0, kOsBld:17763, dwPvpRing=0xffffffff IDynamicConfig::ReportError value=BruteForceProtectionIPExclusion hr=0x8007007b IDynamicConfig::ReportError value=BruteForceProtectionStatus hr=0x8007007b IDynamicConfig::ReportError value=DisableGradualRelease hr=0x8007007b IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007b IDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000d IDynamicConfig::ReportError value=MpCampRingThrottled hr=0x8007007b IDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d IDynamicConfig::ReportError value=MpEngineRingThrottled hr=0x8007007b 2026-02-07T19:24:37.751 Geo ID not found using standard default set: :SOAP:https://wdcp.microsoft.com/WdCpSrvc.asmx 2026-02-07T19:24:37.762 [AutoExclusion] Applied roles from cache. 2026-02-07T19:24:37.762 [AutoExclusion] Started roles monitoring. 2026-02-07T19:24:37.817 [Engine] RSIG_ENGINE_PRE_SHUTDOWN, 0x00007FF924A86240, lRefCount: 5, hr=0 2026-02-07T19:24:37.820 [Engine] New active engine 00007FF926286240 replacing engine 00007FF924A86240. Number of active engines: 2 2026-02-07T19:24:37.841 EngineInit:Global ASOC is enabled 2026-02-07T19:24:37.841 EngineInit:ASOO is enabled for developer volumes 2026-02-07T19:24:38.301 Engine-HIPS:Loaded ASR vdm rule "Block use of copied or impersonated system tools", State=5, Action=0, Type=9, Duplicates(Interval=288000000000, scope=0x100) 2026-02-07T19:24:38.302 Engine-HIPS:Loaded ASR vdm rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-07T19:24:38.302 Engine-HIPS:Loaded ASR vdm rule "Block credential stealing from the Windows local security authority subsystem (lsass.exe)", State=5, Action=7, Type=1, Duplicates(Interval=288000000000, scope=0x380) 2026-02-07T19:24:38.303 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from injecting code into other processes", State=5, Action=2, Type=24, Duplicates(Interval=144000000000, scope=0x380) 2026-02-07T19:24:38.303 Engine-HIPS:Loaded ASR vdm rule "Controlled folder access", State=0, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-07T19:24:38.304 Engine-HIPS:Loaded ASR vdm rule "Block untrusted and unsigned processes that run from USB", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-07T19:24:38.304 Engine-HIPS:Loaded ASR vdm rule "Block Adobe Reader from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-07T19:24:38.305 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from creating executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-07T19:24:38.305 Engine-HIPS:Loaded ASR vdm rule "Block Webshell creation for Servers", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-07T19:24:38.306 Engine-HIPS:Loaded ASR vdm rule "Block Office communication application from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-07T19:24:38.306 Engine-HIPS:Loaded ASR vdm rule "Block abuse of in-the-wild exploited vulnerable signed drivers", State=5, Action=0, Type=1, Duplicates(Interval=36000000000, scope=0x100) 2026-02-07T19:24:38.307 Engine-HIPS:Loaded ASR vdm rule "Block all Office applications from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-07T19:24:38.307 Engine-HIPS:Loaded ASR vdm rule "Use advanced protection against ransomware", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-07T19:24:38.308 Engine-HIPS:Loaded ASR vdm rule "Block Process Creations originating from PSExec & WMI commands", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-07T19:24:38.308 Engine-HIPS:Loaded ASR vdm rule "Block Launching of executable content from email attachment", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-07T19:24:38.309 Engine-HIPS:Loaded ASR vdm rule "Block JavaScript or VBScript from launching downloaded executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-07T19:24:38.309 Engine-HIPS:Loaded ASR vdm rule "Block persistence through WMI event subscription", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-07T19:24:38.309 Engine-HIPS:Loaded ASR vdm rule "Block rebooting machine in Safe Mode", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-07T19:24:38.310 Engine-HIPS:Loaded ASR vdm rule "Block execution of potentially obfuscated scripts", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-07T19:24:38.312 MpWriteUupSignatureVersion 1.443.1047.0, hr = 0 2026-02-07T19:24:38.313 ForceSyncMoacInsertion config from engine is 0, hr = 0x0 2026-02-07T19:24:38.491 [RTP] [Mini-filter] MpFC: MpFC_Kernel_HardenUxProcesses=0;MpFC_Kernel_SystemIoRequestWorkOnBehalfOf=0x1;MpFC_Kernel_PreventBindfltAbuse=0x1;MpFC_Kernel_ParentProcessObHardeningAllow=0;MpFC_Kernel_ReduceOfficeInjectRuleFP=0x1;MPC_Kernel_CheckValidityOfProcessFilterFlagsInASR=0x1;MpFc_Kernel_UseLowPrioThreadsForAsyncScans=0x1;MpFc_Kernel_DisableFileDirtyLogic=0;MpFC_Kernel_DisableDLPPort=0x1;MpFC_Kernel_DlpFeatures=0;MpFC_Kernel_EnableFolderGuardOnPostCreate=0x1;MpFC_Kernel_StrictTiChildrenMatch=0;MpFC_Kernel_PPLReduxMitigationFlags=0x3;MpFc_Kernel_UseLowPriAsyncScansDevDrvOnly=0x1;MpFc_Kernel_DisableOfficeInjectUevSuppression=0x1;MpFc_Kernel_CopyChunkFileHintMask=0;MpFc_Kernel_DisableScanOnCloseForNetworkFiles=0x1;MpFc_Kernel_MaxAsyncWorkQueue=0x400;MpFc_Kernel_DlpIgnoreSystemFolder=0x1;MpFc_Kernel_DlpPassThroughMode=0;MpFc_Kernel_L2StateCache_DefaultStreamsOnly=0x1;MpFc_Kernel_L2StateCache_SupportGenericFileState=0x1;MpFc_Kernel_CryptSvcPreScanFilter=0x1;MpFc_Kernel_SystemPreScanFilter=0x1;MpFC_Kernel_CheckValidit 2026-02-07T19:24:38.503 [HybridMode] HybridMode change notification isHybridModePolicyEnabled: 0, isVerifiedAndReputableTrustModeEnabled: 0 2026-02-07T19:24:38.503 Hybrid mode change notification called, no change detected in verified and reputable trust mode (0 -> 0)! 2026-02-07T19:24:38.503 Hybrid mode change notification called, no change detected in Hybrid mode (0 -> 0)!ApplyDefenderProcessTokenTrustLableAce succeeded to set. 2026-02-07T19:24:38.537 MpUpdateUpdateResiliencyConfiguration updated to 0 2026-02-07T19:24:38.537 [Plugin] Initializing RTP plugin state... 2026-02-07T19:24:38.537 [Plugin] Normal mode, or passive mode with shadow protection enabled. Will not force RTP off. 2026-02-07T19:24:38.537 [Engine] Loaded C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{94ADE063-745B-436A-92A0-597CED6C0FC8} 2026-02-07T19:24:38.537 [RTP] ****************************RTP Perf Log*************************** RTP Start:‎02‎-‎06‎-‎2026 22:25:06 Last Perf:‎02‎-‎06‎-‎2026 22:25:06 First RTP Scan:N/A Plugin States: AV:1 AS:1 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\OInstall_x64.exe C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\files C:\Users\Administrator\Downloads\InternetDownloadManager6.42Build3.c.taiwebs.com\Internet Download Manager 6.42 Build 3 Multilingual\Patch C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\OInstall.exe Ext Exclusions: Temp Exclusions: Worker Threads: AM:18 Async:4 Cache Flushes: RTP:1 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:1,3,0 SetEngine:1,1,0 SetState:0,1,0 SetUser:0,0,0 Config:0,2,0 ProcExcl:0,1,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:281166 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:273258 AsyncQCurrent:0 BMFlags:1160 ServiceMaj:0 ServiceMin:0 NumInstance:6 TotalStreamCon:2705 NTFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:-1307081756 TotalHits:0 InstanceCacheInserts:226683 InstanceCacheUpdates:0 InstanceCacheDeletes:82917 InstanceCacheHits:3352 InstanceCacheMisses:1563639 InstanceCacheOverflows:140406 CSVFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 SyncProcessCreateDuration:-1ms (0/0) Success: 0, failures: 0 (last code: 0x0), timeouts: 0, baddata: 0 **************************END RTP Perf Log************************* 2026-02-07T19:24:38.538 [Engine] Skip removing C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E4F283E-6B13-4799-BE6E-9A1341DE61E9}, C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E4F283E-6B13-4799-BE6E-9A1341DE61E9}\mpasbase.vdm in use, hr=0x80070020 2026-02-07T19:24:38.538 [SCC][CID=4753772156_15232] [1DS] SCCState hr=0x0 msg={"error":"","hr":"0x0","init":false,"source":"None","state":"None"} 2026-02-07T19:24:38.539 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-07T19:24:38.581 [TP] State change. FeatureAvialable: False, NewState: 0x2, OldState: 0x2, Scenario: Consumer, Source: Signatures, ConfigChange: Remove 2026-02-07T19:24:38.589 [TP] TP Enabled: 0, SecureConfigEnabled: 0, DisableTPExclusionBypass: 0, EnableTPExclusion via FC: 0, IsIntuneManagedDefender: 0, IsSCCMManagedDefender: 0, IsMDEAttachManagedDefender: 0, IsSCCMOnlyManagedDefender: 0, IsStrictPolicyModeEnabled: 0 (from snapshot: 0), Effective EnableTPExclusions: 0, Previous EnableTPExclusions: 0, Delayed call: 0 2026-02-07T19:24:38.589 Failed to retrieve config value from engine or configurations for config key (MdCpuSensorCollectionLag) hr = 0x8050800f 2026-02-07T19:24:38.589 Failed to retrieve config value from engine or configurations for config key (MdCrashSensorCollectionLag) hr = 0x8050800f 2026-02-07T19:24:38.589 Failed to retrieve config value from engine or configurations for config key (MdDiskSensorCollectionLag) hr = 0x8050800f 2026-02-07T19:24:38.589 Failed to retrieve config value from engine or configurations for config key (MdMemorySensorCollectionLag) hr = 0x8050800f 2026-02-07T19:24:38.589 MdCoreSvc is supported in this platform and OS Beginning quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Target: Flags:131074 Start time:02-07-2026 19:24:38 Finished quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Result:0 End time:02-07-2026 19:24:38 2026-02-07T19:24:38.591 MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0 2026-02-07T19:24:38.591 MpPlatformKillbitsFromEngineEx (0x0) (0x0) written, hr = 0 2026-02-07T19:24:38.591 [NRI] Stopping NIS service ... 2026-02-07T19:24:38.592 Failed to retrieve config value from engine or configurations for config key (MdCpuSensorCollectionLag) hr = 0x8050800f 2026-02-07T19:24:38.592 Failed to retrieve config value from engine or configurations for config key (MdCrashSensorCollectionLag) hr = 0x8050800f 2026-02-07T19:24:38.592 Failed to retrieve config value from engine or configurations for config key (MdDiskSensorCollectionLag) hr = 0x8050800f 2026-02-07T19:24:38.592 Failed to retrieve config value from engine or configurations for config key (MdMemorySensorCollectionLag) hr = 0x8050800f 2026-02-07T19:24:38.592 MdCoreSvc is supported in this platform and OS Signature updated on 02-07-2026 19:24:38 Product Version: 4.18.25110.6 Service Version: 4.18.25110.6 Engine Version: 1.1.25110.1 AS Signature Version: 1.443.1047.0 AV Signature Version: 1.443.1047.0 ************************************************************ 2026-02-07T19:24:38.594 [Update] Performing ScanOnUpdate, GetConfigHr: 0x0, dwDisableScanOnUpdate: 0, passiveMode: 0, killbit: 0 2026-02-07T19:24:38.594 UpdateEngine finished with 0: Source: 1, szUpdateDirectory: C:\Windows\Temp\584E2D68-6138-46E2-AF39-2ECC0473CB143760.1dc98675626729e 2026-02-07T19:24:38.596 Process scan (postsignatureupdatescan) started. 2026-02-07T19:24:38.683 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-07T19:24:38.683 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-07T19:24:38.684 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-07T19:24:38.718 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-07T19:24:38.718 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-07T19:24:38.816 CheckProductDisabled(fWaitWSC: 0, fRemoveConfigs: 1) ... IDynamicConfig::ReportError value=BruteForceProtectionIPExclusion hr=0x8007007b IDynamicConfig::ReportError value=BruteForceProtectionStatus hr=0x8007007b IDynamicConfig::ReportError value=DisableGradualRelease hr=0x8007007b IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007b IDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000d IDynamicConfig::ReportError value=MpCampRingThrottled hr=0x8007007b IDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d IDynamicConfig::ReportError value=MpEngineRingThrottled hr=0x8007007b 2026-02-07T19:24:38.820 [KSL] Entering CKSLEngine::EnableKSL. State: [3] 2026-02-07T19:24:38.820 [KSL] CKSLEngine::EnableKSL feature is already enabled. 2026-02-07T19:24:38.820 [KSL] Leaving CKSLEngine::EnableKsl(0). 2026-02-07T19:24:38.820 [KSL] Entering CKSLEngine::EnableKSL. State: [3] 2026-02-07T19:24:38.820 [KSL] CKSLEngine::EnableKSL feature is already enabled. 2026-02-07T19:24:38.820 [KSL] Leaving CKSLEngine::EnableKsl(0). 2026-02-07T19:24:38.821 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-07T19:24:38.822 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-07T19:24:38.822 [RTP] [RtpConfig] Config change detected, type: 4 2026-02-07T19:24:38.822 [RTP] [RtpConfig] Config change detected, type: 8 2026-02-07T19:24:38.822 [RTP] [RtpConfig] Config change detected, type: 1024 2026-02-07T19:24:38.822 [RTP] [RtpConfig] Config change detected, type: 2048 2026-02-07T19:24:38.822 [RTP] Setting DisableAsyncScanOnClose to 0 (hr=0). 2026-02-07T19:24:38.822 [NRI] Stopping NIS service ... 2026-02-07T19:24:38.822 [RTP] Setting DisableAsyncScanOnOpen to 0 in wdfilter (hr=0). 2026-02-07T19:24:38.822 [RTP] Setting FilterExperimentMode to 0 (hr=0). 2026-02-07T19:24:38.822 [RTP] Setting DisableDriverUnload to 1 (hr=0). 2026-02-07T19:24:38.822 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-07T19:24:38.822 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-07T19:24:38.822 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-07T19:24:38.822 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-07T19:24:38.822 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-07T19:24:38.822 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-07T19:24:38.822 [RTP] [RTP] LastAccessTimeSuppression for network files is enabled by configuration. 2026-02-07T19:24:38.822 [RTP] [RtpConfig] Config change detected, type: 64 2026-02-07T19:24:38.822 [NRI] Stopping NIS service ... 2026-02-07T19:24:38.839 [NRI] Stopping NIS service ... 2026-02-07T19:24:38.840 [NRI] Stopping NIS service ... 2026-02-07T19:24:38.840 [NRI] Stopping NIS service ... 2026-02-07T19:24:39.022 [Engine] Engine 00007FF924A86240 no longer in use. Number of active engines: 1 2026-02-07T19:24:39.022 [RTP] [RTP] FilterCommunicator object 0x00000200AE3185E0 StopCommunication (\MicrosoftMalwareProtectionPortWD, \MicrosoftMalwareProtectionVeryLowIoPortWD), threads: 8 normal, 2 very low, 0 alt, thread pool threads: 0 normal, 0 very low, 8 alt Signature updated via MicrosoftUpdateServer on 02-07-2026 19:24:39 ************************************************************ 2026-02-07T19:24:40.416 Job Notification: Process exited from job (14212) 2026-02-07T19:24:40.417 Job Notification: Process exited from job (11764) 2026-02-07T19:24:40.754 Job Notification: Process exited from job (17672) 2026-02-07T19:24:40.755 Job Notification: Process exited from job (13304) 2026-02-07T19:24:41.525 [RTP] Duplicating the current plugin configuration object... 2026-02-07T19:24:41.525 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-07T19:24:41.525 [RTP] Updating plugin configuration due to recent config changes (0x42e) ... 2026-02-07T19:24:41.525 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-07T19:24:41.525 [RTP] Calling GenerateEngineConfigStruct (0x18) ... 2026-02-07T19:24:41.525 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x42e, Changed: 0x218 Internal signature match:subtype=Lowfi, sigseq=0x0000157E67AA49DF, sigsha=cd8f16a9d4beb15e15e36fc9a546c2d5bfbafd06, cached=false, source=0, resourceid=0x0d0ba041 2026-02-07T19:24:51.048 [Engine] RSIG_UNLOADENGINE, 00007FF924A86240, err=0x0 2026-02-07T19:24:51.112 [Engine] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E4F283E-6B13-4799-BE6E-9A1341DE61E9} removed Internal signature match:subtype=Lowfi, sigseq=0x0000157E55A4A794, sigsha=0d6df75c878ae2057e5184c1c65cd97a922b0f0b, cached=false, source=0, resourceid=0xa865ed51 Internal signature match:subtype=Lowfi, sigseq=0x0000157E67AA49DF, sigsha=cd8f16a9d4beb15e15e36fc9a546c2d5bfbafd06, cached=false, source=0, resourceid=0x0d0ba041 Internal signature match:subtype=Lowfi, sigseq=0x0000157E67AA49DF, sigsha=cd8f16a9d4beb15e15e36fc9a546c2d5bfbafd06, cached=false, source=0, resourceid=0x0d0ba041 Internal signature match:subtype=Lowfi, sigseq=0x00004AE7F6712C36, sigsha=d96c66db50bb3adef460233484cf124f27fd61c2, cached=false, source=0, resourceid=0x49ced1a9 Internal signature match:subtype=Lowfi, sigseq=0x0000157E6A355FB9, sigsha=3c28ee82ab3f56f4141657f4295ad06eea5e80a0, cached=false, source=0, resourceid=0xa99e4425 Internal signature match:subtype=Lowfi, sigseq=0x0000157E320BA841, sigsha=d301e64fc2d3c759849fad38b6dcbd1fbad4d9a5, cached=false, source=0, resourceid=0xa99e4425 Internal signature match:subtype=Lowfi, sigseq=0x0000157E99436E23, sigsha=539bae921a19250dfcb9aeabf43420451f66b909, cached=false, source=0, resourceid=0xa99e4425 Internal signature match:subtype=Lowfi, sigseq=0x0000157E6A355FB9, sigsha=3c28ee82ab3f56f4141657f4295ad06eea5e80a0, cached=false, source=0, resourceid=0xad15f3e4 Internal signature match:subtype=Lowfi, sigseq=0x0000157E320BA841, sigsha=d301e64fc2d3c759849fad38b6dcbd1fbad4d9a5, cached=false, source=0, resourceid=0xad15f3e4 Internal signature match:subtype=Lowfi, sigseq=0x0000157E99436E23, sigsha=539bae921a19250dfcb9aeabf43420451f66b909, cached=false, source=0, resourceid=0xad15f3e4 Internal signature match:subtype=Lowfi, sigseq=0x0000E6E7336DF01B, sigsha=be63f9765c0dd90c9044d12b0531e6ad0a7aa965, cached=false, source=0, resourceid=0x0e132b6d 2026-02-07T19:25:22.535 Process scan (postsignatureupdatescan) completed. 2026-02-07T19:29:38.007 [RbM] Setting Last known good engine candidate. hr = 0 2026-02-07T19:34:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T19:49:50.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T20:04:55.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T20:20:00.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T20:35:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T20:50:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T21:05:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T21:20:20.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T21:35:25.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T21:50:30.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T22:05:35.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T22:20:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T22:35:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T22:50:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T23:05:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T23:09:29.961 Created on demand scan context for ScanType:1. ScanTrigger:55, ScanId:745C2317-6A61-4257-8F50-8C67A354BC65, Source: MPSOURCE_SYSTEM(2), EngineSource: MP_SCANSOURCE_SCHEDULED(1) 2026-02-07T23:09:29.961 Scheduled scan with Id 745C2317-6A61-4257-8F50-8C67A354BC65 configured CPU priority: normal (LowCpuPriority: 0) 2026-02-07T23:09:29.988 [SFC] MpCmIsBuildPermissible(1) returns S_OK. Start SFC build. 2026-02-07T23:09:29.988 [SFC] System file cache build is not needed (already completed) Internal signature match:subtype=Lowfi, sigseq=0x0000157E67AA49DF, sigsha=cd8f16a9d4beb15e15e36fc9a546c2d5bfbafd06, cached=false, source=0, resourceid=0x0d0ba041 Internal signature match:subtype=Lowfi, sigseq=0x0000E6E7336DF01B, sigsha=be63f9765c0dd90c9044d12b0531e6ad0a7aa965, cached=false, source=0, resourceid=0x0e132b6d Internal signature match:subtype=Lowfi, sigseq=0x0000157E67AA49DF, sigsha=cd8f16a9d4beb15e15e36fc9a546c2d5bfbafd06, cached=false, source=0, resourceid=0x0d0ba041 Internal signature match:subtype=Lowfi, sigseq=0x0000157E67AA49DF, sigsha=cd8f16a9d4beb15e15e36fc9a546c2d5bfbafd06, cached=false, source=0, resourceid=0x0d0ba041 Internal signature match:subtype=Lowfi, sigseq=0x0000157E6A355FB9, sigsha=3c28ee82ab3f56f4141657f4295ad06eea5e80a0, cached=false, source=0, resourceid=0xad15f3e4 Internal signature match:subtype=Lowfi, sigseq=0x0000157E320BA841, sigsha=d301e64fc2d3c759849fad38b6dcbd1fbad4d9a5, cached=false, source=0, resourceid=0xad15f3e4 Internal signature match:subtype=Lowfi, sigseq=0x0000157E99436E23, sigsha=539bae921a19250dfcb9aeabf43420451f66b909, cached=false, source=0, resourceid=0xad15f3e4 Internal signature match:subtype=Lowfi, sigseq=0x00001080BD474309, sigsha=12dcaa1fa061982b60965c79a12b1fa9857cd220, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x000010806C1FBEBC, sigsha=62d527f22a73e99676b1b698fda24d54631bc5e6, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x000010807F33016C, sigsha=3969d92ccecc920f2b38c26959c245b73df4cddd, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x00001080DCA721BD, sigsha=13bf421faa34d3dab1e680e23c46d4dcb5ca3d0a, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x00004AE7F6712C36, sigsha=d96c66db50bb3adef460233484cf124f27fd61c2, cached=false, source=0, resourceid=0xc8ebb48e 2026-02-07T23:10:58.277 Engine:Triggered AR EMS scan 2026-02-07T23:10:58.285 Engine:EMS scan for process: lsass pid: 748, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.331 Engine:EMS scan for process: svchost pid: 956, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.334 Engine:EMS scan for process: svchost pid: 980, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.345 Engine:EMS scan for process: svchost pid: 84, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.347 Engine:EMS scan for process: svchost pid: 396, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.349 Engine:EMS scan for process: svchost pid: 1048, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.356 Engine:EMS scan for process: svchost pid: 1132, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.361 Engine:EMS scan for process: svchost pid: 1164, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.363 Engine:EMS scan for process: svchost pid: 1316, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.364 Engine:EMS scan for process: svchost pid: 1324, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.365 Engine:EMS scan for process: svchost pid: 1332, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.366 Engine:EMS scan for process: svchost pid: 1340, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.369 Engine:EMS scan for process: svchost pid: 1452, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.379 Engine:EMS scan for process: svchost pid: 1476, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.380 Engine:EMS scan for process: svchost pid: 1584, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.382 Engine:EMS scan for process: svchost pid: 1612, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.384 Engine:EMS scan for process: svchost pid: 1668, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.390 Engine:EMS scan for process: svchost pid: 1732, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.391 Engine:EMS scan for process: svchost pid: 1780, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.395 Engine:EMS scan for process: svchost pid: 1788, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.397 Engine:EMS scan for process: svchost pid: 1796, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.398 Engine:EMS scan for process: svchost pid: 1912, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.399 Engine:EMS scan for process: svchost pid: 1960, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.401 Engine:EMS scan for process: svchost pid: 2020, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.403 Engine:EMS scan for process: svchost pid: 1564, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.424 Engine:EMS scan for process: svchost pid: 2068, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.426 Engine:EMS scan for process: svchost pid: 2144, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.429 Engine:EMS scan for process: svchost pid: 2152, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.431 Engine:EMS scan for process: svchost pid: 2340, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.432 Engine:EMS scan for process: svchost pid: 2356, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.437 Engine:EMS scan for process: svchost pid: 2444, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.438 Engine:EMS scan for process: svchost pid: 2792, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.440 Engine:EMS scan for process: svchost pid: 2860, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.441 Engine:EMS scan for process: svchost pid: 2948, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.445 Engine:EMS scan for process: svchost pid: 2632, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.449 Engine:EMS scan for process: svchost pid: 3268, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.453 Engine:EMS scan for process: svchost pid: 3308, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.460 Engine:EMS scan for process: svchost pid: 3316, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.463 Engine:EMS scan for process: services pid: 3324, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.489 Engine:EMS scan for process: svchost pid: 3356, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.490 Engine:EMS scan for process: svchost pid: 3364, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.494 Engine:EMS scan for process: svchost pid: 3376, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.497 Engine:EMS scan for process: svchost pid: 3384, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.499 Engine:EMS scan for process: svchost pid: 3392, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.501 Engine:EMS scan for process: svchost pid: 3400, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.503 Engine:EMS scan for process: svchost pid: 3408, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.504 Engine:EMS scan for process: svchost pid: 3416, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.505 Engine:EMS scan for process: svchost pid: 3584, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.507 Engine:EMS scan for process: svchost pid: 4148, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.510 Engine:EMS scan for process: svchost pid: 4320, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.515 Engine:EMS scan for process: svchost pid: 4396, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.518 Engine:EMS scan for process: svchost pid: 4568, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.520 Engine:EMS scan for process: svchost pid: 5448, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.523 Engine:EMS scan for process: dllhost pid: 2480, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.526 Engine:EMS scan for process: svchost pid: 7148, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.528 Engine:EMS scan for process: svchost pid: 1356, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.529 Engine:EMS scan for process: svchost pid: 1084, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.532 Engine:EMS scan for process: svchost pid: 6444, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.534 Engine:EMS scan for process: svchost pid: 1924, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.538 Engine:EMS scan for process: svchost pid: 7616, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.539 Engine:EMS scan for process: svchost pid: 7768, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.547 Engine:EMS scan for process: svchost pid: 1392, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.549 Engine:EMS scan for process: svchost pid: 3504, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.553 Engine:EMS scan for process: svchost pid: 8332, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.570 Engine:EMS scan for process: svchost pid: 8168, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.572 Engine:EMS scan for process: svchost pid: 7980, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.575 Engine:EMS scan for process: svchost pid: 7700, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.577 Engine:EMS scan for process: svchost pid: 12000, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.580 Engine:EMS scan for process: svchost pid: 7692, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.583 Engine:EMS scan for process: svchost pid: 13524, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.586 Engine:EMS scan for process: dllhost pid: 12048, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.588 Engine:EMS scan for process: dllhost pid: 13580, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.589 Engine:EMS scan for process: svchost pid: 7696, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.592 Engine:EMS scan for process: svchost pid: 12648, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.594 Engine:EMS scan for process: svchost pid: 7244, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.596 Engine:EMS scan for process: svchost pid: 12008, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.601 Engine:EMS scan for process: svchost pid: 14264, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.604 Engine:EMS scan for process: svchost pid: 15100, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.610 Engine:EMS scan for process: explorer pid: 13680, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.769 Engine:EMS scan for process: svchost pid: 12692, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.773 Engine:EMS scan for process: explorer pid: 6376, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.787 Engine:EMS scan for process: svchost pid: 15412, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.791 Engine:EMS scan for process: svchost pid: 16544, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-07T23:10:58.792 Engine:EMS scan for process: svchost pid: 9060, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 Internal signature match:subtype=Lowfi, sigseq=0x0000157EF1BEF48F, sigsha=88199b23bf19d286f43e8f883776ee295b1669db, cached=false, source=0, resourceid=0xdb500b9d Internal signature match:subtype=Lowfi, sigseq=0x0000AAE7671D16B6, sigsha=3c5f73131fd9b5bec7ddb911a1fa2acc81ec3877, cached=false, source=0, resourceid=0x0e3a6362 Internal signature match:subtype=Lowfi, sigseq=0x0000157EF1BEF48F, sigsha=88199b23bf19d286f43e8f883776ee295b1669db, cached=false, source=0, resourceid=0xc742a477 Internal signature match:subtype=Lowfi, sigseq=0x000078E7B6D8B30B, sigsha=7e39caa16cef41cd13040adae6e049354306a445, cached=false, source=0, resourceid=0xc742a477 2026-02-07T23:15:21.234 QuickScan:ScanID:745C2317-6A61-4257-8F50-8C67A354BC65: Quick scan finished with error 0 2026-02-07T23:15:21.799 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-07T23:15:21.799 [RTP] Duplicating the current plugin configuration object... 2026-02-07T23:15:21.799 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-07T23:15:21.799 [RTP] Updating plugin configuration due to recent config changes (0x20) ... 2026-02-07T23:15:21.819 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-07T23:15:21.819 [RTP] No config change detected. Not updating plugin configuration. 2026-02-07T23:15:21.819 [RTP] No config changes found. No configuration switch. 2026-02-07T23:15:21.819 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x20, Changed: 0 2026-02-07T23:21:00.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T23:36:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-07T23:51:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T00:06:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T00:21:20.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T00:36:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T00:51:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T01:06:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T01:21:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T01:36:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T01:51:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T02:06:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T02:22:00.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T02:37:05.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T02:52:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T03:07:15.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T03:22:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T03:37:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T03:52:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T04:07:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T04:22:40.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T04:37:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T04:52:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T05:07:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T05:23:00.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T05:38:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T05:53:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T06:08:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T06:23:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T06:38:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T06:53:30.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T07:08:35.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T07:23:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T07:38:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T07:53:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T08:08:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T08:24:00.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T08:39:05.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T08:54:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T09:09:15.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T09:24:20.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T09:39:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T09:54:30.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T10:09:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T10:24:40.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T10:39:45.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T10:54:50.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T11:09:55.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T11:25:00.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T11:40:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T11:55:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T12:10:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T12:25:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T12:40:25.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T12:55:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T13:10:35.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T13:25:40.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T13:40:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T13:55:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T14:10:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T14:26:00.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T14:41:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T14:56:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T15:11:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T15:26:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T15:41:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T15:56:30.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T16:11:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T16:26:40.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T16:41:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T16:56:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T17:11:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T17:27:00.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T17:42:05.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T17:57:10.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T18:12:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T18:27:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T18:42:25.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T18:56:01.604 [AutoPurge] Routine task for Cache Maintenance has started. 2026-02-08T18:56:01.604 [AutoPurge] Verification Routine tasks have started. 2026-02-08T18:56:01.604 [AutoPurge] Cleanup Routine tasks have started. 2026-02-08T18:56:01.604 [AutoPurge] Routine task for Cache Maintenance ... 2026-02-08T18:56:01.604 [AutoPurge] Routine task for MpSFCBuild ... 2026-02-08T18:56:01.604 [AutoPurge] MpCmIsBuildCompleted() - S_OK 2026-02-08T18:56:01.604 [AutoPurge] MpSignalMaintenanceMode ...ApplyDefenderProcessTokenTrustLableAce succeeded to set. 2026-02-08T18:56:02.266 Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0) 2026-02-08T18:56:02.266 [AutoPurge] Purged 0 expired detection item(s) from a total of 0. 2026-02-08T18:56:02.266 [AutoPurge] 0 expired file(s) deleted under C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store (total: 0, expiration in 86400 seconds) Beginning quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Target: Flags:65538 Start time:02-08-2026 18:56:02 Finished quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Result:0 End time:02-08-2026 18:56:02 2026-02-08T18:56:02.429 [PlatUpd] Purging orphaned platform update directories under C:\ProgramData\Microsoft\Windows Defender\Platform ... 2026-02-08T18:56:02.429 [PlatUpd] Not purging current location C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0 ... 2026-02-08T18:56:02.429 [PlatUpd] Not purging backup location C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.5-0 ... 2026-02-08T18:56:02.429 [PlatUpd] Deleting orphaned platform update directory C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25100.9008-0 ... 2026-02-08T18:56:02.429 [PlatUpd] Purging orphaned platform update directories under C:\Program Files\Windows Defender\Platform ... 2026-02-08T18:56:02.430 [AutoPurge] Cleanup Routine tasks have ended. 2026-02-08T18:56:02.617 EnsureProtectedFolderAcls(), hr = 0x0 2026-02-08T18:56:02.619 [AutoPurge] MpReinforceServiceAcls: 0 2026-02-08T18:56:02.628 [AutoPurge] Readded platform files to MOAC after ACL enforcement. hr=0 2026-02-08T18:56:02.629 [AutoPurge] SendHeartbeatTelemetryIfDue failed. hr = 0x80508015 2026-02-08T18:56:02.642 [AutoPurge] Removing expired default signature package ... 2026-02-08T18:56:03.017 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-shlwapi-legacy-l1-1-0.dll", hr=0x0 2026-02-08T18:56:03.218 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\pcat\pt-br\memtest.exe.mui", hr=0x0 2026-02-08T18:56:05.135 Job Notification: New process added to job (12856) 2026-02-08T18:56:06.378 Engine:Setting original file name "memdiag.exe" for "c:\windows\winsxs\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.17763.107_sv-se_1b4fcd368d229221\memtest.exe.mui", hr=0x0 2026-02-08T18:56:09.861 Engine:Setting original file name "MSIDENT.DLL.MUI" for "c:\windows\system32\en-us\msidntld.dll.mui", hr=0x0 2026-02-08T18:56:10.227 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-interlocked-l1-1-0.dll", hr=0x0 2026-02-08T18:56:10.727 Engine:Setting original file name "Windows SDK" for "c:\windows\system32\winmetadata\windows.services.winmd", hr=0x0 2026-02-08T18:56:10.879 Job Notification: Process exited from job (12856) 2026-02-08T18:56:11.195 [AutoPurge] Verification Routine tasks have ended. 2026-02-08T18:56:12.900 Engine:Setting original file name "WIADSS DLL" for "c:\windows\syswow64\en-us\wiadss.dll.mui", hr=0x0 2026-02-08T18:56:13.472 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\pcat\fi-fi\memtest.exe.mui", hr=0x0 2026-02-08T18:56:16.651 Engine:Setting original file name ""MTF.DYNLINK"" for "c:\windows\winsxs\amd64_microsoft-windows-mtf_31bf3856ad364e35_10.0.17763.7919_none_f5cf7ad52d5df808\mtf.dll", hr=0x0 2026-02-08T18:56:18.474 Engine:Setting original file name "outllibr.dll" for "c:\program files\microsoft office\root\office16\outllibr.common.dll", hr=0x0 2026-02-08T18:56:24.560 Engine:Setting original file name "Audio_DiagPackage.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-a..iagnostic.resources_31bf3856ad364e35_10.0.17763.1_en-us_07405ada24951d3a\diagpackage.dll.mui", hr=0x0 2026-02-08T18:56:24.791 Engine:Setting original file name "ir41_32.ax.mui" for "c:\windows\winsxs\x86_microsoft-windows-i..o4-codecs.resources_31bf3856ad364e35_10.0.17763.1_en-us_92a66f78f66fddfc\ir41_32original.dll.mui", hr=0x0 2026-02-08T18:56:24.877 Engine:Setting original file name "Adobe PDF Toolbar for IE" for "c:\program files\common files\adobe\acrobat\wcieactivex\dc\acroiefavclient.dll", hr=0x0 2026-02-08T18:56:27.999 Engine:Setting original file name "DeviceCategories.dll" for "c:\windows\syswow64\ddores.dll", hr=0x0 2026-02-08T18:56:28.679 Engine:Setting original file name "SharedPC.CredentialProvider.dll.MUI" for "c:\windows\winsxs\amd64_microsoft-windows-s..lprovider.resources_31bf3856ad364e35_10.0.17763.1_en-us_dee4accf766e94d4\windows.sharedpc.credentialprovider.dll.mui", hr=0x0 2026-02-08T18:56:28.767 Engine:Setting original file name "AppSharingChromeHookController.exe" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\appsharinghookcontroller.exe", hr=0x0 2026-02-08T18:56:29.171 Engine:Setting original file name "msvcr100_clr0400.dll" for "c:\windows\syswow64\msvcr100.dll", hr=0x0 2026-02-08T18:56:29.747 Engine:Setting original file name "RasCredProv" for "c:\windows\winsxs\wow64_microsoft-windows-rasplap-mui.resources_31bf3856ad364e35_10.0.17763.1_en-us_8b7b75796fafa195\rasplap.dll.mui", hr=0x0 2026-02-08T18:56:30.437 Engine:Setting original file name "WMIC.exe" for "c:\windows\system32\wbem\wmic.exe", hr=0x0 2026-02-08T18:56:35.554 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-security-base-l1-1-0.dll", hr=0x0 2026-02-08T18:56:38.301 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-realtime-l1-1-0.dll", hr=0x0 2026-02-08T18:56:38.392 Engine:Setting original file name "aero.msstyles" for "c:\windows\resources\themes\aero\aerolite.msstyles", hr=0x0 2026-02-08T18:56:38.434 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\pcat\de-de\memtest.exe.mui", hr=0x0 2026-02-08T18:56:39.310 Engine:Setting original file name "WLRMNDR.EXE" for "c:\windows\winsxs\amd64_microsoft-windows-winlogon-tools_31bf3856ad364e35_10.0.17763.1697_none_e1e870c05edca249\wlrmdr.exe", hr=0x0 2026-02-08T18:56:40.926 Engine:Setting original file name "hiberrsm.exe" for "c:\windows\system32\boot\en-us\winresume.efi.mui", hr=0x0 2026-02-08T18:56:41.828 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\de-de\memtest.efi.mui", hr=0x0 2026-02-08T18:56:42.265 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_6208593b31ff9592\api-ms-win-security-lsapolicy-l1-1-0.dll", hr=0x0 2026-02-08T18:56:42.384 Engine:Setting original file name "hiberrsm.exe" for "c:\windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.17763.8146_none_a8cce3593e637340\winresume.exe", hr=0x0 2026-02-08T18:56:42.406 Engine:Setting original file name "dcficons.exe" for "c:\program files\microsoft office\root\vfs\windows\installer\{90160000-000f-0000-1000-0000000ff1ce}\dbcicons.exe", hr=0x0 2026-02-08T18:56:42.590 Engine:Setting original file name "LicensingWinRuntime.dll" for "c:\windows\winsxs\amd64_microsoft-windows-security-spp-ux_31bf3856ad364e35_10.0.17763.7919_none_a90e016670d2a7af\licensingwinrt.dll", hr=0x0 2026-02-08T18:56:43.519 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-comm-l1-1-0.dll", hr=0x0 2026-02-08T18:56:44.713 Engine:Setting original file name "Microsoft.JScript.dll" for "c:\windows\winsxs\x86_netfx-scripting_engine_tlb_b03f5f7f11d50a3a_10.0.17763.1_none_71a956c570486d6b\microsoft.jscript.tlb", hr=0x0 2026-02-08T18:56:44.802 Engine:Setting original file name "setup" for "c:\program files\google\chrome\application\144.0.7559.133\installer\chrmstp.exe", hr=0x0 2026-02-08T18:56:45.721 Engine:Setting original file name "PresentationNative" for "c:\manager\licence\bin\presentationnative_cor3.dll", hr=0x0 2026-02-08T18:56:46.407 Engine:Setting original file name "dpmodemx.dll" for "c:\windows\syswow64\dplaysvr.exe", hr=0x0 2026-02-08T18:56:46.690 Engine:Setting original file name "lhdfrgui.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-d..g-adminui.resources_31bf3856ad364e35_10.0.17763.1_en-us_a91c08b0bd0d09ea\dfrgui.exe.mui", hr=0x0 2026-02-08T18:56:46.752 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.media.winmd", hr=0x0 2026-02-08T18:56:46.996 Engine:Setting original file name "msfltr32.acm" for "c:\windows\winsxs\amd64_microsoft-windows-audio-mmecore-acm_31bf3856ad364e35_10.0.17763.1_none_d1ab73043932dad7\msacm32.dll", hr=0x0 2026-02-08T18:56:48.181 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-crt-filesystem-l1-1-0.dll", hr=0x0 2026-02-08T18:56:49.164 Engine:Setting original file name "gdi32" for "c:\windows\syswow64\gdi32full.dll", hr=0x0 2026-02-08T18:56:50.929 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-kernel32-private-l1-1-0.dll", hr=0x0 2026-02-08T18:56:53.886 Engine:Setting original file name "setup" for "c:\users\administrator\downloads\programs\python-3.12.1-amd64.exe", hr=0x0 2026-02-08T18:56:54.894 Engine:Setting original file name "dpmodemx.dll" for "c:\windows\syswow64\dpnaddr.dll", hr=0x0 2026-02-08T18:56:55.478 Engine:Setting original file name "System.Drawing.dll" for "c:\windows\microsoft.net\framework64\v2.0.50727\system.drawing.tlb", hr=0x0 2026-02-08T18:56:55.667 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.perception.winmd", hr=0x0 2026-02-08T18:56:56.228 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-datetime-l1-1-1.dll", hr=0x0 2026-02-08T18:56:56.321 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.security.winmd", hr=0x0 2026-02-08T18:56:56.512 Engine:Setting original file name "RRASUPG.DLL" for "c:\windows\winsxs\amd64_microsoft-windows-rasserver_31bf3856ad364e35_10.0.17763.8024_none_f9585f663982f226\rasmigplugin.dll", hr=0x0 2026-02-08T18:56:57.084 Engine:Setting original file name "osloader.exe" for "c:\windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.17763.8146_none_a8cce3593e637340\winload.exe", hr=0x0 2026-02-08T18:56:58.592 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-heap-obsolete-l1-1-0.dll", hr=0x0 2026-02-08T18:56:59.003 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-threadpool-private-l1-1-0.dll", hr=0x0 2026-02-08T18:56:59.042 Engine:Setting original file name "Video_DiagPackage.dll.mui" for "c:\windows\diagnostics\system\video\en-us\diagpackage.dll.mui", hr=0x0 2026-02-08T18:57:00.690 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-io-l1-1-0.dll", hr=0x0 2026-02-08T18:57:02.027 Engine:Setting original file name "WEXTRACT.EXE .MUI" for "c:\windows\winsxs\amd64_microsoft-windows-ie-iexpress.resources_31bf3856ad364e35_11.0.17763.1_en-us_483cea70e7d68328\wextract.exe.mui", hr=0x0 2026-02-08T18:57:02.964 Engine:Setting original file name "msdxm.ocx" for "c:\windows\system32\dxmasf.dll", hr=0x0 2026-02-08T18:57:03.149 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\api-ms-win-crt-heap-l1-1-0.dll", hr=0x0 2026-02-08T18:57:03.842 Engine:Setting original file name "UccApp.dll" for "c:\program files\microsoft office\root\office16\uccapi.dll", hr=0x0 2026-02-08T18:57:04.777 Engine:Setting original file name "unpnhost.dll.mui" for "c:\windows\system32\en-us\upnphost.dll.mui", hr=0x0 2026-02-08T18:57:05.296 Engine:Setting original file name "mp4sdmod.dll" for "c:\windows\winsxs\amd64_microsoft-windows-mp4sdecd_31bf3856ad364e35_10.0.17763.7919_none_5c34cb3f3f29a7ed\mp4sdecd.dll", hr=0x0 2026-02-08T18:57:06.089 Engine:Setting original file name "UNKNOWN_FILE" for "c:\windows\winsxs\amd64_netfx4-scripting_engine_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_28bfff5fa28f873e\microsoft.jscript.tlb", hr=0x0 2026-02-08T18:57:07.555 Engine:Setting original file name "mscordaccore.dll" for "c:\users\administrator\downloads\compressed\managerserver\mscordaccore_amd64_amd64_8.0.624.26715.dll", hr=0x0 2026-02-08T18:57:07.957 Engine:Setting original file name "Tally Setup" for "c:\program files\tallyprimeeditlog (3)\setup.exe", hr=0x0 2026-02-08T18:57:08.103 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-libraryloader-l1-1-0.dll", hr=0x0 2026-02-08T18:57:09.140 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-eventing-legacy-l1-1-0.dll", hr=0x0 2026-02-08T18:57:12.304 Engine:Setting original file name "audioepb.dll.mui" for "c:\windows\system32\en-us\audioendpointbuilder.dll.mui", hr=0x0 2026-02-08T18:57:12.327 Engine:Setting original file name "ImagingDevices.cpl.mui" for "c:\windows\winsxs\x86_microsoft-windows-i..trolpanel.resources_31bf3856ad364e35_10.0.17763.1_en-us_6bdc508f71f0f023\imagingdevices.exe.mui", hr=0x0 2026-02-08T18:57:13.241 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-timezone-l1-1-0.dll", hr=0x0 2026-02-08T18:57:14.041 Engine:Setting original file name "penusa.dll" for "c:\program files (x86)\common files\microsoft shared\ink\penchs.dll", hr=0x0 2026-02-08T18:57:14.327 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-errorhandling-l1-1-0.dll", hr=0x0 2026-02-08T18:57:14.799 Engine:Setting original file name "MSVidCtl" for "c:\windows\system32\en-us\msvidctl.dll.mui", hr=0x0 2026-02-08T18:57:14.944 Engine:Setting original file name "sbscmp10.dll" for "c:\windows\winsxs\x86_netfx-sbs_sys_enterprisesvc_dll_31bf3856ad364e35_10.0.17763.1_none_f5d0a7ecc59d9f58\sbs_system.enterpriseservices.dll", hr=0x0 2026-02-08T18:57:15.033 Engine:Setting original file name "Windows SDK" for "c:\windows\system32\winmetadata\windows.media.winmd", hr=0x0 2026-02-08T18:57:15.418 Engine:Setting original file name "TARGET_NAME.dll" for "c:\program files\microsoft office\root\office16\cpprestsdk.dll", hr=0x0 2026-02-08T18:57:15.694 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-file-l1-2-1.dll", hr=0x0 2026-02-08T18:57:16.980 Engine:Setting original file name "powershell.exe" for "c:\windows\system32\windowspowershell\v1.0\powershell.exe", hr=0x0 2026-02-08T18:57:18.428 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-eventing-classicprovider-l1-1-0.dll", hr=0x0 2026-02-08T18:57:19.451 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-registry-l2-1-0.dll", hr=0x0 2026-02-08T18:57:19.611 Engine:Setting original file name "SensorsPerformanceEvents.dll.mui" for "c:\windows\system32\en-us\sensorperformanceevents.dll.mui", hr=0x0 2026-02-08T18:57:19.793 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-threadpool-l1-2-0.dll", hr=0x0 2026-02-08T18:57:19.837 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-memory-l1-1-1.dll", hr=0x0 2026-02-08T18:57:20.117 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\api-ms-win-core-file-l2-1-0.dll", hr=0x0 2026-02-08T18:57:20.565 Engine:Setting original file name "LODCTR.DLL.MUI" for "c:\windows\winsxs\amd64_microsoft-windows-p..xecutable.resources_31bf3856ad364e35_10.0.17763.1_en-us_5a008fb4bc58faa4\loadperf.dll.mui", hr=0x0 2026-02-08T18:57:22.093 Engine:Setting original file name "empty" for "c:\manager\licence\bin\clrcompression.dll", hr=0x0 2026-02-08T18:57:23.464 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-memory-l1-1-2.dll", hr=0x0 2026-02-08T18:57:23.713 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-fibers-l1-1-0.dll", hr=0x0 2026-02-08T18:57:24.317 Engine:Setting original file name "Microsoft® Windows® Operating System" for "c:\windows\system32\aitstatic.exe", hr=0x0 2026-02-08T18:57:25.830 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-io-l1-1-0.dll", hr=0x0 2026-02-08T18:57:26.646 Engine:Setting original file name "MSCOREE.DLL" for "c:\windows\winsxs\amd64_netfx-mscoree_tlb_b03f5f7f11d50a3a_10.0.17763.1_none_57db62d5ffb05363\mscoree.tlb", hr=0x0 2026-02-08T18:57:27.012 Engine:Setting original file name "setup" for "c:\programdata\package cache\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}\vc_redist.x86.exe", hr=0x0 2026-02-08T18:57:27.034 Engine:Setting original file name "System.EnterpriseServices.dll" for "c:\windows\winsxs\amd64_netfx4-system_enterpriseservices_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_18a048c882317d25\system.enterpriseservices.tlb", hr=0x0 2026-02-08T18:57:27.533 Engine:Setting original file name "targetmgr" for "c:\windows\winsxs\amd64_microsoft-windows-f..targetmgr.resources_31bf3856ad364e35_10.0.17763.1_en-us_61e66740e8f216f5\targetmgr.exe.mui", hr=0x0 2026-02-08T18:57:28.221 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-c..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_c8bf93a1ea0d4b2f\api-ms-win-core-com-l1-1-0.dll", hr=0x0 2026-02-08T18:57:28.766 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\it-it\memtest.efi.mui", hr=0x0 2026-02-08T18:57:28.960 Engine:Setting original file name "KMDDSP.TSP.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-rasbase.resources_31bf3856ad364e35_10.0.17763.1_en-us_4edd7b2b0dcac8a6_kmddsp.tsp.mui_80ddeedb", hr=0x0 2026-02-08T18:57:29.563 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.devices.winmd", hr=0x0 2026-02-08T18:57:29.696 Engine:Setting original file name "BCP47Lang.dll" for "c:\windows\system32\bcp47langs.dll", hr=0x0 2026-02-08T18:57:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T18:57:31.205 Engine:Setting original file name "HeidiSQL" for "c:\program files (x86)\common files\mariadbshared\heidisql\heidisql.exe", hr=0x0 2026-02-08T18:57:32.053 Engine:Setting original file name "git.exe" for "c:\program files\git\cmd\git-gui.exe", hr=0x0 2026-02-08T18:57:32.903 Engine:Setting original file name "Windows.Internal.ShellCommon.DevicePairingExperienceMEM.dll.MUI" for "c:\windows\system32\en-us\devicepairingexperiencemem.dll.mui", hr=0x0 2026-02-08T18:57:32.936 Engine:Setting original file name "winsqlite3" for "c:\windows\system32\winsqlite3.dll", hr=0x0 2026-02-08T18:57:34.157 Engine:Setting original file name "System.Drawing.dll" for "c:\windows\microsoft.net\framework\v2.0.50727\system.drawing.tlb", hr=0x0 2026-02-08T18:57:35.930 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\zh-tw\msprivs.dll.mui", hr=0x0 2026-02-08T18:57:37.294 Engine:Setting original file name "bootres" for "c:\windows\winsxs\amd64_microsoft-windows-bootres.resources_31bf3856ad364e35_10.0.17763.1_en-us_d28b5274aecae1e5\bootres.dll.mui", hr=0x0 2026-02-08T18:57:38.550 Engine:Setting original file name "Windows SDK" for "c:\windows\system32\winmetadata\windows.storage.winmd", hr=0x0 2026-02-08T18:57:39.706 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\zh-cn\memtest.efi.mui", hr=0x0 2026-02-08T18:57:39.728 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-timezone-l1-1-0.dll", hr=0x0 2026-02-08T18:57:40.810 Engine:Setting original file name "DeviceCategories.dll" for "c:\windows\system32\ddores.dll", hr=0x0 2026-02-08T18:57:41.038 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-url-l1-1-0.dll", hr=0x0 2026-02-08T18:57:41.053 Engine:Setting original file name "PSAPI" for "c:\windows\syswow64\psapi.dll", hr=0x0 2026-02-08T18:57:41.219 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-processthreads-l1-1-2.dll", hr=0x0 2026-02-08T18:57:42.255 Engine:Setting original file name "shimconsole.exe" for "c:\program files\common files\oracle\java\javapath_target_1206494656\java.exe", hr=0x0 2026-02-08T18:57:43.322 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-xstate-l2-1-0.dll", hr=0x0 2026-02-08T18:57:46.035 Engine:Setting original file name "sens.dll.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-sens-service.resources_31bf3856ad364e35_10.0.17763.1_en-us_0607cde57a2ea2cc_sens.dll.mui_64739194", hr=0x0 2026-02-08T18:57:46.396 Engine:Setting original file name "bootstr.exe.mui" for "c:\windows\system32\en-us\bootstr.dll.mui", hr=0x0 2026-02-08T18:57:48.215 Engine:Setting original file name "Adobe PDF Toolbar for IE" for "c:\program files\common files\adobe\acrobat\wcieactivex\dc\x64\acroiefavstub.dll", hr=0x0 2026-02-08T18:57:48.235 Engine:Setting original file name "nbtinfo.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-nbtstat.resources_31bf3856ad364e35_10.0.17763.1_en-us_ac36a91c73bfce21\nbtstat.exe.mui", hr=0x0 2026-02-08T18:57:48.392 Engine:Setting original file name "NearByShareExperience.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-i..xperience.resources_31bf3856ad364e35_10.0.17763.1_en-us_eca21517d6d5f82e\microsoft-windows-internal-shell-nearshareexperience.dll.mui", hr=0x0 2026-02-08T18:57:49.818 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-processthreads-l1-1-2.dll", hr=0x0 2026-02-08T18:57:50.780 Engine:Setting original file name ""mshwLatin.dll".mui" for "c:\program files (x86)\common files\microsoft shared\ink\en-us\mshwlatin.dll.mui", hr=0x0 2026-02-08T18:57:53.377 Engine:Setting original file name "WindowsSpeakerReco.dll" for "c:\program files\microsoft office\root\office16\windowsspeakerrecosdk.dll", hr=0x0 2026-02-08T18:57:53.451 Engine:Setting original file name "WIADSS DLL" for "c:\windows\winsxs\amd64_microsoft-windows-w..aincompat.resources_31bf3856ad364e35_10.0.17763.1_en-us_42a2f01362154e35\wiadss.dll.mui", hr=0x0 2026-02-08T18:57:53.645 Engine:Setting original file name "WerMgr" for "c:\windows\system32\wermgr.exe", hr=0x0 2026-02-08T18:57:53.871 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-eventlog-legacy-l1-1-0.dll", hr=0x0 2026-02-08T18:57:54.263 Engine:Setting original file name "ScreenMagnifier.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-magnify.resources_31bf3856ad364e35_10.0.17763.1_en-us_e652eaab44cc724a\magnify.exe.mui", hr=0x0 2026-02-08T18:57:54.799 Engine:Setting original file name "MMFUtil.exe.mui" for "c:\windows\winsxs\wow64_microsoft-windows-w..t-snapins.resources_31bf3856ad364e35_10.0.17763.1_en-us_d3fb56d7d58de414\mmfutil.dll.mui", hr=0x0 2026-02-08T18:57:57.523 Engine:Setting original file name "DefaultGPOFix" for "c:\windows\winsxs\x86_microsoft-windows-g..o-restore.resources_31bf3856ad364e35_10.0.17763.1_en-us_6321be2e49b57bc1\dcgpofix.exe.mui", hr=0x0 2026-02-08T18:57:57.878 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\qps-ploc\memtest.efi.mui", hr=0x0 2026-02-08T18:57:58.804 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\fi-fi\memtest.efi.mui", hr=0x0 2026-02-08T18:57:59.247 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\office16\api-ms-win-core-localization-l1-2-0.dll", hr=0x0 2026-02-08T18:58:00.104 Engine:Setting original file name "user32" for "c:\windows\syswow64\user32.dll", hr=0x0 2026-02-08T18:58:00.534 Engine:Setting original file name "Windows.StateRepositoryBroker.dll" for "c:\windows\system32\windows.staterepositoryclient.dll", hr=0x0 2026-02-08T18:58:02.433 Engine:Setting original file name "security.dll" for "c:\windows\syswow64\sspicli.dll", hr=0x0 2026-02-08T18:58:03.484 Engine:Setting original file name "Microsoft® Windows® Operating System" for "c:\windows\winsxs\amd64_microsoft-windows-a..on-logger.resources_31bf3856ad364e35_10.0.17763.1_en-us_8a5e32c180625499\aeevts.dll.mui", hr=0x0 2026-02-08T18:58:04.641 Engine:Setting original file name "clusapi" for "c:\windows\system32\en-us\clusapi.dll.mui", hr=0x0 2026-02-08T18:58:05.195 Engine:Setting original file name "filterLib.dll" for "c:\windows\syswow64\fltlib.dll", hr=0x0 2026-02-08T18:58:07.374 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-crt-stdio-l1-1-0.dll", hr=0x0 2026-02-08T18:58:08.213 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\office16\api-ms-win-crt-private-l1-1-0.dll", hr=0x0 2026-02-08T18:58:09.063 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-synch-l1-1-0.dll", hr=0x0 2026-02-08T18:58:09.253 Engine:Setting original file name "user32" for "c:\windows\system32\user32.dll", hr=0x0 2026-02-08T18:58:09.272 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_6208593b31ff9592\api-ms-win-eventing-controller-l1-1-0.dll", hr=0x0 2026-02-08T18:58:11.086 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-shlwapi-obsolete-l1-1-0.dll", hr=0x0 2026-02-08T18:58:12.106 Engine:Setting original file name "netcfgx.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-tcpip.resources_31bf3856ad364e35_10.0.17763.1_en-us_bd08633e254d6a99\tcpipcfg.dll.mui", hr=0x0 2026-02-08T18:58:13.028 Engine:Setting original file name " " for "c:\program files\microsoft vs code\unins000.exe", hr=0x0 2026-02-08T18:58:13.449 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-processenvironment-l1-2-0.dll", hr=0x0 2026-02-08T18:58:13.790 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\api-ms-win-crt-multibyte-l1-1-0.dll", hr=0x0 2026-02-08T18:58:13.895 Engine:Setting original file name "Tally Setup" for "c:\program files\tallyprimeeditlog (2)\setup.exe", hr=0x0 2026-02-08T18:58:14.254 Engine:Setting original file name "MSCOREE.DLL" for "c:\windows\winsxs\x86_netfx4-mscoree_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_d337c9373f0e13b8\mscoree.tlb", hr=0x0 2026-02-08T18:58:19.349 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\nl-nl\memtest.efi.mui", hr=0x0 2026-02-08T18:58:19.587 Engine:Setting original file name "CertPKICmdlet" for "c:\windows\winsxs\amd64_microsoft.certifica..ts.native.resources_31bf3856ad364e35_10.0.17763.1_en-us_c877ddc9c9d4decb\certpkicmdlet.dll.mui", hr=0x0 2026-02-08T18:58:20.414 Engine:Setting original file name "w32time.dll.mui" for "c:\windows\system32\en-us\w32tm.exe.mui", hr=0x0 2026-02-08T18:58:22.065 Engine:Setting original file name "sbscmp10.dll" for "c:\windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.17763.1_none_fb1eb83d06e1a353\sharedreg12.dll", hr=0x0 2026-02-08T18:58:22.248 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\x86_microsoft-windows-o..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_d5c4712a21f80a67\api-ms-win-shcore-stream-l1-1-0.dll", hr=0x0 2026-02-08T18:58:22.693 Engine:Setting original file name "DWrite" for "c:\windows\system32\en-us\dwrite.dll.mui", hr=0x0 2026-02-08T18:58:23.870 Engine:Setting original file name "XLCALL.DLL" for "c:\program files\microsoft office\root\office16\xlcall32.dll", hr=0x0 2026-02-08T18:58:24.224 Engine:Setting original file name ""EventTracingManagement.dll".mui" for "c:\windows\winsxs\amd64_microsoft-windows-e..2provider.resources_31bf3856ad364e35_10.0.17763.1_en-us_4338e3bad64c10c7\eventtracingmanagement.dll.mui", hr=0x0 2026-02-08T18:58:24.597 Engine:Setting original file name "Windows SDK" for "c:\windows\system32\winmetadata\windows.data.winmd", hr=0x0 2026-02-08T18:58:25.565 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-file-l2-1-1.dll", hr=0x0 2026-02-08T18:58:27.079 Engine:Setting original file name "libssl" for "c:\program files (x86)\internet download manager\libssl.dll", hr=0x0 2026-02-08T18:58:27.471 Engine:Setting original file name "sqlaccess" for "c:\windows\winsxs\amd64_microsoft-windows-wid_31bf3856ad364e35_10.0.17763.1_none_9870f12fb40ec83a\sqlaccess.dll", hr=0x0 2026-02-08T18:58:27.545 Engine:Setting original file name "MFC40.DLL.MUI" for "c:\windows\syswow64\en-us\mfc40u.dll.mui", hr=0x0 2026-02-08T18:58:27.587 Engine:Setting original file name "idmmzcc.dll" for "c:\program files (x86)\internet download manager\idmmzcc7_64.dll", hr=0x0 2026-02-08T18:58:27.630 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-debug-l1-1-1.dll", hr=0x0 2026-02-08T18:58:28.543 Engine:Setting original file name "URLRedirection.dll" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\urlredir.dll", hr=0x0 2026-02-08T18:58:28.596 Engine:Setting original file name "penusa.dll" for "c:\program files (x86)\common files\microsoft shared\ink\pipres.dll", hr=0x0 2026-02-08T18:58:29.060 Engine:Setting original file name "MSACC9.OLB" for "c:\program files\microsoft office\root\office16\msacc.olb", hr=0x0 2026-02-08T18:58:31.020 Engine:Setting original file name "Apphelp" for "c:\windows\winsxs\backup\wow64_microsoft-windows-a..structure.resources_31bf3856ad364e35_10.0.17763.1_en-us_f342dcde232b0063_apphelp.dll.mui_59096153", hr=0x0 2026-02-08T18:58:31.204 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_6208593b31ff9592\api-ms-win-security-cryptoapi-l1-1-0.dll", hr=0x0 2026-02-08T18:58:31.582 Engine:Setting original file name "imapi.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-i..egacyshim.resources_31bf3856ad364e35_10.0.17763.1_en-us_143a195f713bf014\imapi.dll.mui", hr=0x0 2026-02-08T18:58:32.135 Engine:Setting original file name "TSSignTool.exe.mui" for "c:\windows\system32\en-us\rdpsign.exe.mui", hr=0x0 2026-02-08T18:58:32.724 Engine:Setting original file name "msvcr100_clr0400.dll" for "c:\windows\system32\msvcr100.dll", hr=0x0 2026-02-08T18:58:34.869 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\office16\api-ms-win-core-processthreads-l1-1-1.dll", hr=0x0 2026-02-08T18:58:35.813 Engine:Setting original file name "Microsoft.Vsa.dll" for "c:\windows\microsoft.net\framework64\v2.0.50727\microsoft.vsa.tlb", hr=0x0 2026-02-08T18:58:36.161 Engine:Setting original file name "filterLib.dll.mui" for "c:\windows\system32\en-us\fltlib.dll.mui", hr=0x0 2026-02-08T18:58:36.818 Engine:Setting original file name ""TextInputFramework.DYNLINK"" for "c:\windows\system32\textinputframework.dll", hr=0x0 2026-02-08T18:58:37.020 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-processthreads-l1-1-1.dll", hr=0x0 2026-02-08T18:58:38.485 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-eventing-controller-l1-1-0.dll", hr=0x0 2026-02-08T18:58:38.673 Engine:Setting original file name "PCW_DiagPackage.dll.mui" for "c:\windows\diagnostics\system\pcw\en-us\diagpackage.dll.mui", hr=0x0 2026-02-08T18:58:41.142 Engine:Setting original file name "WUDFHost.exe.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-d..-usermode.resources_31bf3856ad364e35_10.0.17763.1_en-us_b7aa707aafd4e071_wudfhost.exe.mui_1fc689ff", hr=0x0 2026-02-08T18:58:41.413 Engine:Setting original file name "git.exe" for "c:\program files\git\cmd\scalar.exe", hr=0x0 2026-02-08T18:58:41.608 Engine:Setting original file name "sbscmp10.dll" for "c:\windows\winsxs\x86_netfx-sbs_mscorrc_dll_31bf3856ad364e35_10.0.17763.1_none_36012ac10d1b059e\sbs_mscorrc.dll", hr=0x0 2026-02-08T18:58:41.924 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\office16\api-ms-win-crt-stdio-l1-1-0.dll", hr=0x0 2026-02-08T18:58:42.395 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-service-management-l1-1-0.dll", hr=0x0 2026-02-08T18:58:42.693 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-delayload-l1-1-0.dll", hr=0x0 2026-02-08T18:58:43.365 Engine:Setting original file name "evcreate.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-eventcreate.resources_31bf3856ad364e35_10.0.17763.1_en-us_093c3fa01f64dd5f\eventcreate.exe.mui", hr=0x0 2026-02-08T18:58:46.700 Engine:Setting original file name "MSPPT12.OLB" for "c:\program files\microsoft office\root\office16\msppt.olb", hr=0x0 2026-02-08T18:58:47.577 Engine:Setting original file name "MrmCore.dll" for "c:\windows\syswow64\mrmcorer.dll", hr=0x0 2026-02-08T18:58:47.593 Engine:Setting original file name "penusa.dll" for "c:\program files (x86)\common files\microsoft shared\ink\skchobj.dll", hr=0x0 2026-02-08T18:58:48.235 Engine:Setting original file name "CLEANMGR.DLL.MUI" for "c:\windows\system32\en-us\cleanmgr.exe.mui", hr=0x0 2026-02-08T18:58:48.407 Engine:Setting original file name "Android Studio" for "c:\program files\android\android studio\uninstall.exe", hr=0x0 2026-02-08T18:58:49.174 Engine:Setting original file name "ServDeps.exe.mui" for "c:\windows\winsxs\wow64_microsoft-windows-w..t-snapins.resources_31bf3856ad364e35_10.0.17763.1_en-us_d3fb56d7d58de414\servdeps.dll.mui", hr=0x0 2026-02-08T18:58:51.698 Engine:Setting original file name "AppVEntSubsystems.dll" for "c:\windows\syswow64\appventsubsystems32.dll", hr=0x0 2026-02-08T18:58:51.883 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-profile-l1-1-0.dll", hr=0x0 2026-02-08T18:58:53.108 Engine:Setting original file name ".NET Host Policy - 5.0.0" for "c:\manager\licence\bin\hostpolicy.dll", hr=0x0 2026-02-08T18:58:53.514 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-handle-l1-1-0.dll", hr=0x0 2026-02-08T18:58:53.632 Engine:Setting original file name "oledsldp" for "c:\windows\system32\en-us\adsmsext.dll.mui", hr=0x0 2026-02-08T18:58:53.748 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-memory-l1-1-2.dll", hr=0x0 2026-02-08T18:58:53.839 Engine:Setting original file name "VpnSohDesktop.dll.mui" for "c:\windows\system32\en-us\windows.perception.stub.dll.mui", hr=0x0 2026-02-08T18:58:53.860 Engine:Setting original file name "CertCli" for "c:\windows\system32\en-us\certcli.dll.mui", hr=0x0 2026-02-08T18:58:55.531 Engine:Setting original file name "iccvid.drv.mui" for "c:\windows\syswow64\en-us\iccvid.dll.mui", hr=0x0 2026-02-08T18:58:55.687 Engine:Setting original file name "setup" for "c:\programdata\package cache\{e7a7b1c1-36dd-4cae-bfcb-8bc676ab68c3}\powershell-7.5.4-win-x64.exe", hr=0x0 2026-02-08T18:58:55.708 Engine:Setting original file name "mavinject64.exe" for "c:\windows\system32\mavinject.exe", hr=0x0 2026-02-08T18:58:55.797 Engine:Setting original file name "AppVEntSubsystems.dll" for "c:\windows\system32\appventsubsystems64.dll", hr=0x0 2026-02-08T18:58:56.002 Engine:Setting original file name "winsqlite3" for "c:\windows\winsxs\wow64_microsoft-windows-winsqlite3_31bf3856ad364e35_10.0.17763.5696_none_6e26d5082fb1d30b\winsqlite3.dll", hr=0x0 2026-02-08T18:58:56.835 Engine:Setting original file name "audioadg.exe.mui" for "c:\windows\system32\en-us\audiodg.exe.mui", hr=0x0 2026-02-08T18:58:56.909 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.data.winmd", hr=0x0 2026-02-08T18:58:57.466 Engine:Setting original file name "FX_VER_INTERNALNAME_STR" for "c:\manager\licence\bin\mscorrc.dll", hr=0x0 2026-02-08T18:58:58.694 Engine:Setting original file name "GitHub Desktop" for "c:\users\administrator\appdata\local\githubdesktop\githubdesktop.exe", hr=0x0 2026-02-08T18:58:58.804 Engine:Setting original file name "MSCORLIB.DLL" for "c:\windows\winsxs\x86_netfx4-mscorlib_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_53015c3aad4760ed\mscorlib.tlb", hr=0x0 2026-02-08T18:58:59.541 Engine:Setting original file name "dxmasf.dll" for "c:\windows\syswow64\msdxm.ocx", hr=0x0 2026-02-08T18:59:01.147 Engine:Setting original file name "gprslt.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-g..linetools.resources_31bf3856ad364e35_10.0.17763.1_en-us_84d8c08cfe8bdc4e\gpresult.exe.mui", hr=0x0 2026-02-08T18:59:02.405 Engine:Setting original file name "SSystemPropertiesProtection.EXE.MUI" for "c:\windows\system32\en-us\systempropertiesprotection.exe.mui", hr=0x0 2026-02-08T18:59:02.547 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-datetime-l1-1-1.dll", hr=0x0 2026-02-08T18:59:03.149 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\api-ms-win-crt-filesystem-l1-1-0.dll", hr=0x0 2026-02-08T18:59:03.189 Engine:Setting original file name "UNKNOWN_FILE" for "c:\windows\winsxs\x86_netfx-sys_windows_forms_tlb_b03f5f7f11d50a3a_10.0.17763.1_none_54001bc1d6d8ab30\system.windows.forms.tlb", hr=0x0 2026-02-08T18:59:04.205 Engine:Setting original file name "mpg4dmod.dll" for "c:\windows\system32\mp43decd.dll", hr=0x0 2026-02-08T18:59:04.999 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-sysinfo-l1-2-0.dll", hr=0x0 2026-02-08T18:59:05.127 Engine:Setting original file name "WMIC.exe" for "c:\windows\syswow64\wbem\wmic.exe", hr=0x0 2026-02-08T18:59:05.328 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-shutdown-l1-1-0.dll", hr=0x0 2026-02-08T18:59:06.512 Engine:Setting original file name "ndisimplatwmi.DLL.MUI" for "c:\windows\syswow64\wbem\en-us\ndisimplatcim.dll.mui", hr=0x0 2026-02-08T18:59:06.903 Engine:Setting original file name "mscordaccore.dll" for "c:\users\administrator\downloads\compressed\managerserver-win-x64_10\mscordaccore_amd64_amd64_8.0.724.31311.dll", hr=0x0 2026-02-08T18:59:07.045 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-stringansi-l1-1-0.dll", hr=0x0 2026-02-08T18:59:07.713 Engine:Setting original file name "KSLDriver.sys" for "c:\windows\system32\mpenginestore\mpksldrv.sys", hr=0x0 2026-02-08T18:59:08.554 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\pt-br\msprivs.dll.mui", hr=0x0 2026-02-08T18:59:09.945 Engine:Setting original file name "Tally Setup" for "c:\program files\tallyprimeeditlog (1)\setup.exe", hr=0x0 2026-02-08T18:59:10.426 Engine:Setting original file name "SaveAsWebVML.vsl" for "c:\program files\microsoft office\root\office16\savwbras.dll", hr=0x0 2026-02-08T18:59:10.687 Engine:Setting original file name "msedgeupdate.dll" for "c:\program files (x86)\microsoft\edgeupdate\1.3.217.3\psmachine_64.dll", hr=0x0 2026-02-08T18:59:11.354 Engine:Setting original file name "devinfoset.DLL" for "c:\windows\winsxs\wow64_microsoft-onecore-pnp-devicemanagement_31bf3856ad364e35_10.0.17763.2145_none_9b5bd494641118e6\devobj.dll", hr=0x0 2026-02-08T18:59:11.395 Engine:Setting original file name "Ribbons" for "c:\windows\winsxs\amd64_microsoft-windows-ribbons.resources_31bf3856ad364e35_10.0.17763.1_en-us_ec3052a9df5f4b2c\ribbons.scr.mui", hr=0x0 2026-02-08T18:59:14.318 Engine:Setting original file name "Mystify" for "c:\windows\winsxs\amd64_microsoft-windows-mystify.resources_31bf3856ad364e35_10.0.17763.1_en-us_3eaef1343edc066c\mystify.scr.mui", hr=0x0 2026-02-08T18:59:14.853 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-memory-l1-1-0.dll", hr=0x0 2026-02-08T18:59:15.981 Engine:Setting original file name "SETUP.EXE.MUI" for "c:\windows\syswow64\en-us\setup16.exe.mui", hr=0x0 2026-02-08T18:59:16.506 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-xstate-l1-1-0.dll", hr=0x0 2026-02-08T18:59:17.135 Engine:Setting original file name "FontCacheService" for "c:\windows\system32\en-us\fntcache.dll.mui", hr=0x0 2026-02-08T18:59:17.772 Engine:Setting original file name "setup" for "c:\program files\google\chrome\application\144.0.7559.133\installer\setup.exe", hr=0x0 2026-02-08T18:59:18.034 Engine:Setting original file name "BITS_DiagPackage.dll.mui" for "c:\windows\diagnostics\system\bits\en-us\diagpackage.dll.mui", hr=0x0 2026-02-08T18:59:20.644 Engine:Setting original file name "SOA1000.DLL" for "c:\program files\microsoft office\root\office16\soa.dll", hr=0x0 2026-02-08T18:59:20.813 Engine:Setting original file name "MPRDIM.DLL.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-rasserver.resources_31bf3856ad364e35_10.0.17763.1_en-us_6c06fe2b1464c7cc_mprdim.dll.mui_11b5ef08", hr=0x0 2026-02-08T18:59:21.007 Engine:Setting original file name "msvcr100_clr0400.dll" for "c:\program files\microsoft office\root\vfs\system\msvcr100.dll", hr=0x0 2026-02-08T18:59:21.557 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-localization-obsolete-l1-2-0.dll", hr=0x0 2026-02-08T18:59:21.843 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-crt-private-l1-1-0.dll", hr=0x0 2026-02-08T18:59:23.918 Engine:Setting original file name "memdiag.exe" for "c:\windows\winsxs\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.17763.107_ru-ru_7f54e2c195f987c6\memtest.exe.mui", hr=0x0 2026-02-08T18:59:24.219 Engine:Setting original file name "MSJINT40.DLL" for "c:\windows\syswow64\en-us\msjint40.dll.mui", hr=0x0 2026-02-08T18:59:25.081 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\el-gr\msprivs.dll.mui", hr=0x0 2026-02-08T18:59:25.782 Engine:Setting original file name "MediumIL" for "c:\program files (x86)\internet download manager\mediumilstart.exe", hr=0x0 2026-02-08T18:59:25.950 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-crt-conio-l1-1-0.dll", hr=0x0 2026-02-08T18:59:26.956 Engine:Setting original file name "CMMIGR.DLL" for "c:\windows\syswow64\setup\pbkmigr.dll", hr=0x0 2026-02-08T18:59:27.164 Engine:Setting original file name "digsig32.dll" for "c:\program files\microsoft office\root\office16\exsec32.dll", hr=0x0 2026-02-08T18:59:27.652 Engine:Setting original file name "DeviceCategories.dll.mui" for "c:\windows\system32\en-us\ddores.dll.mui", hr=0x0 2026-02-08T18:59:27.944 Engine:Setting original file name "EtwEseProviderResources" for "c:\windows\winsxs\wow64_microsoft-etw-ese.resources_31bf3856ad364e35_10.0.17763.1_en-us_ef6d6d2b6c07370c\etweseproviderresources.dll.mui", hr=0x0 2026-02-08T18:59:30.676 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-processenvironment-l1-2-0.dll", hr=0x0 2026-02-08T18:59:32.565 Engine:Setting original file name "WUDFPf.sys.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-d..-usermode.resources_31bf3856ad364e35_10.0.17763.1_en-us_b7aa707aafd4e071_wudfpf.sys.mui_f61e9e86", hr=0x0 2026-02-08T18:59:32.970 Engine:Setting original file name "TSThemeS.exe.mui" for "c:\windows\system32\en-us\tstheme.exe.mui", hr=0x0 2026-02-08T18:59:34.527 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-memory-l1-1-1.dll", hr=0x0 2026-02-08T18:59:34.545 Engine:Setting original file name "Microsoft.RightsManagementServices.Admin.SnapinAbout.dll.MUI" for "c:\windows\winsxs\amd64_microsoft-windows-r..resources.resources_31bf3856ad364e35_10.0.17763.1_en-us_55b81315ae52fc40\microsoft.rightsmanagementservices.admin.snapinaboutresource.dll.mui", hr=0x0 2026-02-08T18:59:34.681 Engine:Setting original file name "DynaMon.dll.mui" for "c:\windows\system32\en-us\usbmon.dll.mui", hr=0x0 2026-02-08T18:59:35.431 Engine:Setting original file name "ISOLMIG.DLL" for "c:\windows\syswow64\migisol.dll", hr=0x0 2026-02-08T18:59:35.592 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\pcat\el-gr\memtest.exe.mui", hr=0x0 2026-02-08T18:59:35.652 Engine:Setting original file name "Device_DiagPackage.dll.mui" for "c:\windows\diagnostics\system\device\en-us\diagpackage.dll.mui", hr=0x0 2026-02-08T18:59:38.497 Engine:Setting original file name "Microsoft.JScript.dll" for "c:\windows\winsxs\amd64_netfx-scripting_engine_tlb_b03f5f7f11d50a3a_10.0.17763.1_none_29fc1fee5bcc4465\microsoft.jscript.tlb", hr=0x0 2026-02-08T18:59:38.504 Engine:Setting original file name "ProMgr.dll" for "c:\program files\microsoft office\root\office16\propmgr.dll", hr=0x0 2026-02-08T18:59:38.748 Engine:Setting original file name "WLRMNDR.EXE.MUI" for "c:\windows\winsxs\amd64_microsoft-windows-w..gon-tools.resources_31bf3856ad364e35_10.0.17763.1_en-us_06727a76e9dd94de\wlrmdr.exe.mui", hr=0x0 2026-02-08T18:59:40.707 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\sv-se\memtest.efi.mui", hr=0x0 2026-02-08T18:59:41.026 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-base-util-l1-1-0.dll", hr=0x0 2026-02-08T18:59:42.184 Engine:Setting original file name "SaveAsWebHF.vsl" for "c:\program files\microsoft office\root\office16\savwbhf.dll", hr=0x0 2026-02-08T18:59:42.913 Engine:Setting original file name "libcrypto" for "c:\program files (x86)\internet download manager\libcrypto.dll", hr=0x0 2026-02-08T18:59:43.180 Engine:Setting original file name "Register-CimProvider2.exe.mui" for "c:\windows\winsxs\wow64_microsoft-windows-w..vider-exe.resources_31bf3856ad364e35_10.0.17763.1_en-us_25273528434aea61\register-cimprovider.exe.mui", hr=0x0 2026-02-08T18:59:43.786 Engine:Setting original file name "ProjectModel.dll" for "c:\program files\microsoft office\root\office16\projmodl.dll", hr=0x0 2026-02-08T18:59:44.107 Engine:Setting original file name "gdi32" for "c:\windows\system32\gdi32.dll", hr=0x0 2026-02-08T18:59:44.209 Engine:Setting original file name "schtasks.exe" for "c:\windows\system32\schtasks.exe", hr=0x0 2026-02-08T18:59:44.745 Engine:Setting original file name "utilman2.exe.mui" for "c:\windows\system32\en-us\utilman.exe.mui", hr=0x0 2026-02-08T18:59:46.586 Engine:Setting original file name "dwmcore" for "c:\windows\winsxs\amd64_microsoft-windows-d..ompositor.resources_31bf3856ad364e35_10.0.17763.1_en-us_54404e4dd1f94676\dwmcore.dll.mui", hr=0x0 2026-02-08T18:59:48.054 Engine:Setting original file name " " for "c:\users\administrator\downloads\composer-setup.exe", hr=0x0 2026-02-08T18:59:48.640 Engine:Setting original file name "mapistub.dll" for "c:\windows\system32\mapi32.dll", hr=0x0 2026-02-08T18:59:48.883 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-security-sddl-l1-1-0.dll", hr=0x0 2026-02-08T18:59:49.310 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-threadpool-private-l1-1-0.dll", hr=0x0 2026-02-08T18:59:49.407 Engine:Setting original file name "LyncHtmlConvPxy.cnv" for "c:\program files\microsoft office\root\office16\lynchtmlconvpxy.dll", hr=0x0 2026-02-08T18:59:50.520 Engine:Setting original file name "Adobe PDF Toolbar for IE" for "c:\program files\common files\adobe\acrobat\wcieactivex\dc\x64\acroiefavclient.dll", hr=0x0 2026-02-08T18:59:51.905 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-file-l1-2-1.dll", hr=0x0 2026-02-08T18:59:57.428 Engine:Setting original file name "WindowsUpdate_DiagPackage.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_10.0.17763.1_en-us_72c71197add3cdc6\diagpackage.dll.mui", hr=0x0 2026-02-08T18:59:57.777 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-stringloader-l1-1-1.dll", hr=0x0 2026-02-08T18:59:58.539 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-crt-multibyte-l1-1-0.dll", hr=0x0 2026-02-08T18:59:58.902 Engine:Setting original file name "sbscmp10.dll" for "c:\windows\winsxs\x86_netfx-sbs_wminet_utils_dll_31bf3856ad364e35_10.0.17763.1_none_9542401b25897567\sbs_wminet_utils.dll", hr=0x0 2026-02-08T18:59:59.212 Engine:Setting original file name "Windows.Security.Credentials.UI.CredentialPicker.exe" for "c:\windows\winsxs\wow64_microsoft-windows-s..y-credential-picker_31bf3856ad364e35_10.0.17763.1697_none_0851a88541e7c4ce\windows.security.credentials.ui.credentialpicker.dll", hr=0x0 2026-02-08T19:00:01.033 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\it-it\msprivs.dll.mui", hr=0x0 2026-02-08T19:00:01.084 Engine:Setting original file name "netiougc.exe.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-tcpip.resources_31bf3856ad364e35_10.0.17763.1_en-us_bd08633e254d6a99_netiougc.exe.mui_ad7a9e4d", hr=0x0 2026-02-08T19:00:01.122 Engine:Setting original file name "SR.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-narrator.resources_31bf3856ad364e35_10.0.17763.1_en-us_b71b946ba89732f6\narrator.exe.mui", hr=0x0 2026-02-08T19:00:03.563 Engine:Setting original file name "wersvc" for "c:\windows\system32\en-us\wersvc.dll.mui", hr=0x0 2026-02-08T19:00:04.394 Engine:Setting original file name "spwizres.dll" for "c:\windows\syswow64\spwizimg.dll", hr=0x0 2026-02-08T19:00:04.634 Engine:Setting original file name ".NET Host Resolver - 5.0.0" for "c:\manager\licence\bin\hostfxr.dll", hr=0x0 2026-02-08T19:00:04.721 Engine:Setting original file name "IPRTRMGR.DLL.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-rasserver.resources_31bf3856ad364e35_10.0.17763.1_en-us_6c06fe2b1464c7cc_iprtrmgr.dll.mui_eb023b92", hr=0x0 2026-02-08T19:00:06.084 Engine:Setting original file name "git.exe" for "c:\program files\git\git-cmd.exe", hr=0x0 2026-02-08T19:00:06.446 Engine:Setting original file name "OLBNAME" for "c:\program files\microsoft office\root\office16\msprj.olb", hr=0x0 2026-02-08T19:00:06.552 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-security-lsalookup-l2-1-1.dll", hr=0x0 2026-02-08T19:00:06.971 Engine:Setting original file name "System.Drawing.dll" for "c:\windows\winsxs\amd64_netfx4-system_drawing_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_0c09af3eb391f312\system.drawing.tlb", hr=0x0 2026-02-08T19:00:07.296 Engine:Setting original file name "DefaultGPOFix" for "c:\windows\winsxs\amd64_microsoft-windows-g..o-restore.resources_31bf3856ad364e35_10.0.17763.1_en-us_bf4059b20212ecf7\dcgpofix.exe.mui", hr=0x0 2026-02-08T19:00:07.816 Engine:Setting original file name "iismui" for "c:\windows\winsxs\amd64_microsoft-windows-i..acysnapin.resources_31bf3856ad364e35_10.0.17763.1_en-us_a8454c1deaba74c1\iismui.dll.mui", hr=0x0 2026-02-08T19:00:08.354 Engine:Setting original file name "SgrmEnclave.dll" for "c:\windows\system32\sgrmenclave_secure.dll", hr=0x0 2026-02-08T19:00:10.606 Engine:Setting original file name "idmcchandler.dll" for "c:\program files (x86)\internet download manager\idmcchandler2_64.dll", hr=0x0 2026-02-08T19:00:12.558 Engine:Setting original file name "rasauto.dll.mui" for "c:\windows\winsxs\backup\wow64_microsoft-windows-rasauto-mui.resources_31bf3856ad364e35_10.0.17763.1_en-us_c24c30edd2c9a5f1_rasauto.dll.mui_12fa2c50", hr=0x0 2026-02-08T19:00:12.930 Engine:Setting original file name "MicrosoftEdgeUpdateSetup.exe" for "c:\users\administrator\downloads\programs\microsoftedgesetup.exe", hr=0x0 2026-02-08T19:00:13.316 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\fi-fi\msprivs.dll.mui", hr=0x0 2026-02-08T19:00:13.497 Engine:Setting original file name "davsvc.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-w..r-webclnt.resources_31bf3856ad364e35_10.0.17763.1_en-us_3030de7428c7c284\webclnt.dll.mui", hr=0x0 2026-02-08T19:00:14.256 Engine:Setting original file name "WindowsMediaPlayerPlayDVD_DiagPackage.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_10.0.17763.1_en-us_9181baef114b29b6\diagpackage.dll.mui", hr=0x0 2026-02-08T19:00:14.853 Engine:Setting original file name "WIASERVC.DLL.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-w..eservices.resources_31bf3856ad364e35_10.0.17763.1_en-us_ca1d7e44124f7a48_wiaservc.dll.mui_54051b53", hr=0x0 2026-02-08T19:00:16.888 Engine:Setting original file name "LicProtectorEXE" for "c:\program files\vs revo group\revo uninstaller pro\ruplp.exe", hr=0x0 2026-02-08T19:00:18.607 Engine:Setting original file name "IEBrowseWeb_DiagPackage.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-i..iagnostic.resources_31bf3856ad364e35_10.0.17763.1_en-us_e34220f01fb2b602\diagpackage.dll.mui", hr=0x0 2026-02-08T19:00:19.103 Engine:Setting original file name "OGL" for "c:\program files\microsoft office\root\office16\ocogl.dll", hr=0x0 2026-02-08T19:00:19.422 Engine:Setting original file name "DrvInst.EXE.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-pnp-drvinst.resources_31bf3856ad364e35_10.0.17763.1_en-us_a6aff57dee6bf902_drvinst.exe.mui_e88f4c73", hr=0x0 2026-02-08T19:00:19.532 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-threadpool-legacy-l1-1-0.dll", hr=0x0 2026-02-08T19:00:20.274 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-heap-obsolete-l1-1-0.dll", hr=0x0 2026-02-08T19:00:21.132 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-kernel32-legacy-l1-1-1.dll", hr=0x0 2026-02-08T19:00:21.882 Engine:Setting original file name "partmgr.sys.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-p..onmanager.resources_31bf3856ad364e35_10.0.17763.1_en-us_eef1af88a2cfbd4e_partmgr.sys.mui_b800c491", hr=0x0 2026-02-08T19:00:22.436 Engine:Setting original file name "MPX Interface.DLL" for "c:\program files\microsoft office\root\office16\mpxint.dll", hr=0x0 2026-02-08T19:00:22.447 Engine:Setting original file name "intldate" for "c:\program files\microsoft office\root\office16\ocintldate.dll", hr=0x0 2026-02-08T19:00:22.749 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-string-obsolete-l1-1-0.dll", hr=0x0 2026-02-08T19:00:23.149 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-libraryloader-l1-1-0.dll", hr=0x0 2026-02-08T19:00:23.170 Engine:Setting original file name "pwsh.dll" for "c:\program files\powershell\7\pwsh.exe", hr=0x0 2026-02-08T19:00:23.207 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-processthreads-l1-1-1.dll", hr=0x0 2026-02-08T19:00:25.891 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-service-management-l2-1-0.dll", hr=0x0 2026-02-08T19:00:25.966 Engine:Setting original file name "ADs" for "c:\windows\system32\en-us\activeds.dll.mui", hr=0x0 2026-02-08T19:00:25.987 OriginalFileName Maintenance::8753 files in Moac, 0 skipped (cached), 320 filename set 2026-02-08T19:00:25.987 [AutoPurge] Routine task for Cache Maintenance has ended. 2026-02-08T19:12:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T19:13:55.916 CheckProductDisabled(fWaitWSC: 0, fRemoveConfigs: 1) ... 2026-02-08T19:13:55.935 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-08T19:13:55.935 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-08T19:13:55.935 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-08T19:13:55.935 [RTP] [RtpConfig] Config change detected, type: 4 2026-02-08T19:13:55.935 [RTP] [RtpConfig] Config change detected, type: 8 2026-02-08T19:13:55.935 [RTP] [RtpConfig] Config change detected, type: 16 2026-02-08T19:13:55.935 [RTP] [RtpConfig] Config change detected, type: 1024 2026-02-08T19:13:55.935 [RTP] [RtpConfig] Config change detected, type: 2048 2026-02-08T19:13:55.935 [RTP] Setting DisableAsyncScanOnClose to 0 (hr=0). 2026-02-08T19:13:55.935 [RTP] Setting DisableAsyncScanOnOpen to 0 in wdfilter (hr=0). 2026-02-08T19:13:55.935 [RTP] Setting FilterExperimentMode to 0 (hr=0). 2026-02-08T19:13:55.950 [NRI] Stopping NIS service ... 2026-02-08T19:13:55.951 [NRI] Stopping NIS service ... 2026-02-08T19:13:55.951 [NRI] Stopping NIS service ... 2026-02-08T19:13:55.952 [NRI] Stopping NIS service ... 2026-02-08T19:13:55.953 [NRI] Stopping NIS service ... 2026-02-08T19:13:55.984 [RTP] Setting DisableDriverUnload to 1 (hr=0). 2026-02-08T19:13:55.984 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-08T19:13:55.984 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-08T19:13:55.991 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-08T19:13:55.991 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-08T19:13:55.991 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-08T19:13:56.026 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-08T19:13:56.026 [RTP] [RTP] LastAccessTimeSuppression for network files is enabled by configuration. 2026-02-08T19:13:56.026 [RTP] [RtpConfig] Config change detected, type: 64 2026-02-08T19:13:58.438 [RTP] Duplicating the current plugin configuration object... 2026-02-08T19:13:58.438 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-08T19:13:58.438 [RTP] Updating plugin configuration due to recent config changes (0x43e) ... 2026-02-08T19:13:58.438 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-08T19:13:58.438 [RTP] Calling GenerateEngineConfigStruct (0x18) ... 2026-02-08T19:13:58.481 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x43e, Changed: 0x218 2026-02-08T19:23:55.387 [AutoPurge] AutoPurgeWorker triggered with dwWork=0x3 2026-02-08T19:23:55.388 Job Notification: New process added to job (15632) 2026-02-08T19:23:55.390 Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) launched 2026-02-08T19:23:55.392 Aggressive catchup quick scan threshold: 728654028446 / 25920000000000 2026-02-08T19:23:55.393 Job Notification: New process added to job (15248) 2026-02-08T19:23:55.397 [RTP] [Mini-filter] Denied OB operation OpenProcess[\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe][Pid:15632] from process [\Device\HarddiskVolume4\Windows\System32\conhost.exe][Pid:15248]. OriginalDesiredAccess: [0x1fffff] ResultingAccess: [0x1ff7d4] 2026-02-08T19:23:55.495 Job Notification: New process added to job (16080) 2026-02-08T19:23:55.496 Task(SignaturesUpdateService -ScheduleJob -UnmanagedUpdate) launched 2026-02-08T19:23:55.497 Job Notification: New process added to job (17140) 2026-02-08T19:23:55.500 [RTP] [Mini-filter] Denied OB operation OpenProcess[\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe][Pid:16080] from process [\Device\HarddiskVolume4\Windows\System32\conhost.exe][Pid:17140]. OriginalDesiredAccess: [0x1fffff] ResultingAccess: [0x1ff7d4] 2026-02-08T19:23:55.909 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-08T19:23:55.909 [RTP] Duplicating the current plugin configuration object... 2026-02-08T19:23:55.909 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-08T19:23:55.909 [RTP] Updating plugin configuration due to recent config changes (0x20) ... 2026-02-08T19:23:55.909 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-08T19:23:55.909 [RTP] No config change detected. Not updating plugin configuration. 2026-02-08T19:23:55.909 [RTP] No config changes found. No configuration switch. 2026-02-08T19:23:55.909 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x20, Changed: 0 2026-02-08T19:27:26.770 UpdateEngine start: Source: 1, szUpdateDirectory: C:\Windows\Temp\E3B154FA-DF4C-4A86-BB99-89A40E50D2B03f14.1dc9930f273ca05 2026-02-08T19:27:27.005 Verifying engine and signature files (source: 0) ... 2026-02-08T19:27:27.005 Skipped verification of [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{05CF7E2D-BEDD-41C3-839A-ACD5FE3DB290}\mpengine.dll] due to PPL. 2026-02-08T19:27:27.005 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{05CF7E2D-BEDD-41C3-839A-ACD5FE3DB290}\mpasbase.vdm] (file in cache) 2026-02-08T19:27:27.005 MpCacheManagerIsTrustedFile [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{05CF7E2D-BEDD-41C3-839A-ACD5FE3DB290}\mpasdlta.vdm]. File not in cache (0x1) 2026-02-08T19:27:27.045 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{05CF7E2D-BEDD-41C3-839A-ACD5FE3DB290}\mpasdlta.vdm] 2026-02-08T19:27:27.045 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{05CF7E2D-BEDD-41C3-839A-ACD5FE3DB290}\mpavbase.vdm] (file in cache) 2026-02-08T19:27:27.045 MpCacheManagerIsTrustedFile [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{05CF7E2D-BEDD-41C3-839A-ACD5FE3DB290}\mpavdlta.vdm]. File not in cache (0x1) 2026-02-08T19:27:27.073 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{05CF7E2D-BEDD-41C3-839A-ACD5FE3DB290}\mpavdlta.vdm] 2026-02-08T19:27:27.392 [Engine] IsHybridMode: 0 2026-02-08T19:27:27.405 [KSL]KSL(1.1.25080.5) Is available via CAMP. KslDevice : KslD, TDTDevice : TDT 2026-02-08T19:27:27.597 Database:Can't find offline cache cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-ACA25A35A0CC0368D4FB273BFF20CE90E82196EA.bin): 0x00000002 2026-02-08T19:27:27.623 Database:Creating offline cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-ACA25A35A0CC0368D4FB273BFF20CE90E82196EA.bin) 2026-02-08T19:27:27.624 Database:Product:1, ProductVersion:5, Platform:6, PlatformVersion:19, IsBeta:0, IsAdvancedAtLoad:0, IsParanoid: 0, IsOffline: 0 2026-02-08T19:27:27.624 Database:IsEmbedded: 0, IsIEVEnabled: 0, IsServerSku: 1, IsRsdhSku: 1, IsEnterpriseProduct: 0, IsMsft: 0, IsSeville: 0, IsMsSense: 0, IsImmune: 0, IsMba: 0, IsPus: 0, IsManaged: 0, IsSmode: 0 2026-02-08T19:27:27.624 Database:IsAutoSubmit:0, IsPusRem:0, LoadedAS:1, LoadedAV:1, LoadedInternal: 0, PassiveMode: 0, SxsPassiveMode:0, IsDevMode:0, IsTestSigning:0, IsWCOS: 0, IsInsideContainer: 0, IsHybridMode: 0 2026-02-08T19:27:27.624 Database:kLCID:1033, kOsVersion:655360, kProcessorArch:9, dwIsTest:0, fTdtCapable:0, fTdtUVE:0, dwTDTSiloType:0, kOOsVersion:655360, kOsSP:0, kOsBld:17763, dwPvpRing=0xffffffff 2026-02-08T19:27:40.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) IDynamicConfig::ReportError value=BruteForceProtectionIPExclusion hr=0x8007007b IDynamicConfig::ReportError value=BruteForceProtectionStatus hr=0x8007007b IDynamicConfig::ReportError value=DisableGradualRelease hr=0x8007007b IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007b IDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000d IDynamicConfig::ReportError value=MpCampRingThrottled hr=0x8007007b IDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d IDynamicConfig::ReportError value=MpEngineRingThrottled hr=0x8007007b 2026-02-08T19:27:46.785 Geo ID not found using standard default set: :SOAP:https://wdcp.microsoft.com/WdCpSrvc.asmx 2026-02-08T19:27:46.794 [AutoExclusion] Applied roles from cache. 2026-02-08T19:27:46.794 [AutoExclusion] Started roles monitoring. 2026-02-08T19:27:46.852 [Engine] RSIG_ENGINE_PRE_SHUTDOWN, 0x00007FF926286240, lRefCount: 5, hr=0 2026-02-08T19:27:46.854 [Engine] New active engine 00007FF91E006240 replacing engine 00007FF926286240. Number of active engines: 2 2026-02-08T19:27:46.868 EngineInit:Global ASOC is enabled 2026-02-08T19:27:46.868 EngineInit:ASOO is enabled for developer volumes 2026-02-08T19:27:47.048 Engine-HIPS:Loaded ASR vdm rule "Block use of copied or impersonated system tools", State=5, Action=0, Type=9, Duplicates(Interval=288000000000, scope=0x100) 2026-02-08T19:27:47.048 Engine-HIPS:Loaded ASR vdm rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-08T19:27:47.048 Engine-HIPS:Loaded ASR vdm rule "Block credential stealing from the Windows local security authority subsystem (lsass.exe)", State=5, Action=7, Type=1, Duplicates(Interval=288000000000, scope=0x380) 2026-02-08T19:27:47.049 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from injecting code into other processes", State=5, Action=2, Type=24, Duplicates(Interval=144000000000, scope=0x380) 2026-02-08T19:27:47.049 Engine-HIPS:Loaded ASR vdm rule "Controlled folder access", State=0, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-08T19:27:47.050 Engine-HIPS:Loaded ASR vdm rule "Block untrusted and unsigned processes that run from USB", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-08T19:27:47.050 Engine-HIPS:Loaded ASR vdm rule "Block Adobe Reader from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-08T19:27:47.050 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from creating executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-08T19:27:47.051 Engine-HIPS:Loaded ASR vdm rule "Block Webshell creation for Servers", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-08T19:27:47.051 Engine-HIPS:Loaded ASR vdm rule "Block Office communication application from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-08T19:27:47.051 Engine-HIPS:Loaded ASR vdm rule "Block abuse of in-the-wild exploited vulnerable signed drivers", State=5, Action=0, Type=1, Duplicates(Interval=36000000000, scope=0x100) 2026-02-08T19:27:47.052 Engine-HIPS:Loaded ASR vdm rule "Block all Office applications from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-08T19:27:47.052 Engine-HIPS:Loaded ASR vdm rule "Use advanced protection against ransomware", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-08T19:27:47.052 Engine-HIPS:Loaded ASR vdm rule "Block Process Creations originating from PSExec & WMI commands", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-08T19:27:47.053 Engine-HIPS:Loaded ASR vdm rule "Block Launching of executable content from email attachment", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-08T19:27:47.053 Engine-HIPS:Loaded ASR vdm rule "Block JavaScript or VBScript from launching downloaded executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-08T19:27:47.053 Engine-HIPS:Loaded ASR vdm rule "Block persistence through WMI event subscription", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-08T19:27:47.054 Engine-HIPS:Loaded ASR vdm rule "Block rebooting machine in Safe Mode", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-08T19:27:47.054 Engine-HIPS:Loaded ASR vdm rule "Block execution of potentially obfuscated scripts", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-08T19:27:47.066 MpWriteUupSignatureVersion 1.443.1072.0, hr = 0 2026-02-08T19:27:47.067 ForceSyncMoacInsertion config from engine is 0, hr = 0x0 2026-02-08T19:27:47.174 [RTP] [Mini-filter] MpFC: MpFC_Kernel_HardenUxProcesses=0;MpFC_Kernel_SystemIoRequestWorkOnBehalfOf=0x1;MpFC_Kernel_PreventBindfltAbuse=0x1;MpFC_Kernel_ParentProcessObHardeningAllow=0;MpFC_Kernel_ReduceOfficeInjectRuleFP=0x1;MPC_Kernel_CheckValidityOfProcessFilterFlagsInASR=0x1;MpFc_Kernel_UseLowPrioThreadsForAsyncScans=0x1;MpFc_Kernel_DisableFileDirtyLogic=0;MpFC_Kernel_DisableDLPPort=0x1;MpFC_Kernel_DlpFeatures=0;MpFC_Kernel_EnableFolderGuardOnPostCreate=0x1;MpFC_Kernel_StrictTiChildrenMatch=0;MpFC_Kernel_PPLReduxMitigationFlags=0x3;MpFc_Kernel_UseLowPriAsyncScansDevDrvOnly=0x1;MpFc_Kernel_DisableOfficeInjectUevSuppression=0x1;MpFc_Kernel_CopyChunkFileHintMask=0;MpFc_Kernel_DisableScanOnCloseForNetworkFiles=0x1;MpFc_Kernel_MaxAsyncWorkQueue=0x400;MpFc_Kernel_DlpIgnoreSystemFolder=0x1;MpFc_Kernel_DlpPassThroughMode=0;MpFc_Kernel_L2StateCache_DefaultStreamsOnly=0x1;MpFc_Kernel_L2StateCache_SupportGenericFileState=0x1;MpFc_Kernel_CryptSvcPreScanFilter=0x1;MpFc_Kernel_SystemPreScanFilter=0x1;MpFC_Kernel_CheckValidit 2026-02-08T19:27:47.193 [HybridMode] HybridMode change notification isHybridModePolicyEnabled: 0, isVerifiedAndReputableTrustModeEnabled: 0 2026-02-08T19:27:47.193 Hybrid mode change notification called, no change detected in verified and reputable trust mode (0 -> 0)! 2026-02-08T19:27:47.193 Hybrid mode change notification called, no change detected in Hybrid mode (0 -> 0)!ApplyDefenderProcessTokenTrustLableAce succeeded to set. 2026-02-08T19:27:47.202 MpUpdateUpdateResiliencyConfiguration updated to 0 2026-02-08T19:27:47.202 [Plugin] Initializing RTP plugin state... 2026-02-08T19:27:47.202 [Plugin] Normal mode, or passive mode with shadow protection enabled. Will not force RTP off. 2026-02-08T19:27:47.202 [RTP] ****************************RTP Perf Log*************************** RTP Start:‎02‎-‎07‎-‎2026 22:24:39 Last Perf:‎02‎-‎07‎-‎2026 22:24:38 First RTP Scan:N/A Plugin States: AV:1 AS:1 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\OInstall_x64.exe C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\files C:\Users\Administrator\Downloads\InternetDownloadManager6.42Build3.c.taiwebs.com\Internet Download Manager 6.42 Build 3 Multilingual\Patch C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\OInstall.exe Ext Exclusions: Temp Exclusions: Worker Threads: AM:18 Async:4 Cache Flushes: RTP:1 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:1,5,0 SetEngine:1,1,0 SetState:0,0,0 SetUser:0,1,0 Config:0,1,0 ProcExcl:0,1,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:281166 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:277306 AsyncQCurrent:0 BMFlags:1160 ServiceMaj:0 ServiceMin:0 NumInstance:6 TotalStreamCon:7682 NTFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:-1247818478 TotalHits:0 InstanceCacheInserts:250372 InstanceCacheUpdates:0 InstanceCacheDeletes:91116 InstanceCacheHits:3617 InstanceCacheMisses:1671885 InstanceCacheOverflows:155638 CSVFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 SyncProcessCreateDuration:-1ms (0/0) Success: 0, failures: 0 (last code: 0x0), timeouts: 0, baddata: 0 **************************END RTP Perf Log************************* 2026-02-08T19:27:47.202 [Engine] Loaded C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{05CF7E2D-BEDD-41C3-839A-ACD5FE3DB290} 2026-02-08T19:27:47.202 [Engine] Skip removing C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{94ADE063-745B-436A-92A0-597CED6C0FC8}, C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{94ADE063-745B-436A-92A0-597CED6C0FC8}\mpasbase.vdm in use, hr=0x80070020 2026-02-08T19:27:47.202 [SCC][CID=433831437_11120] [1DS] SCCState hr=0x0 msg={"error":"","hr":"0x0","init":false,"source":"None","state":"None"} 2026-02-08T19:27:47.203 Failed to retrieve config value from engine or configurations for config key (MdCpuSensorCollectionLag) hr = 0x8050800f 2026-02-08T19:27:47.203 Failed to retrieve config value from engine or configurations for config key (MdCrashSensorCollectionLag) hr = 0x8050800f 2026-02-08T19:27:47.203 Failed to retrieve config value from engine or configurations for config key (MdDiskSensorCollectionLag) hr = 0x8050800f 2026-02-08T19:27:47.203 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-08T19:27:47.203 Failed to retrieve config value from engine or configurations for config key (MdMemorySensorCollectionLag) hr = 0x8050800f 2026-02-08T19:27:47.203 MdCoreSvc is supported in this platform and OS Beginning quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Target: Flags:131074 Start time:02-08-2026 19:27:47 Finished quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Result:0 End time:02-08-2026 19:27:47 2026-02-08T19:27:47.205 MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0 2026-02-08T19:27:47.205 MpPlatformKillbitsFromEngineEx (0x0) (0x0) written, hr = 0 2026-02-08T19:27:47.205 [NRI] Stopping NIS service ... 2026-02-08T19:27:47.206 Failed to retrieve config value from engine or configurations for config key (MdCpuSensorCollectionLag) hr = 0x8050800f 2026-02-08T19:27:47.206 Failed to retrieve config value from engine or configurations for config key (MdCrashSensorCollectionLag) hr = 0x8050800f 2026-02-08T19:27:47.206 Failed to retrieve config value from engine or configurations for config key (MdDiskSensorCollectionLag) hr = 0x8050800f 2026-02-08T19:27:47.206 Failed to retrieve config value from engine or configurations for config key (MdMemorySensorCollectionLag) hr = 0x8050800f 2026-02-08T19:27:47.206 MdCoreSvc is supported in this platform and OS Signature updated on 02-08-2026 19:27:47 Product Version: 4.18.25110.6 Service Version: 4.18.25110.6 Engine Version: 1.1.25110.1 AS Signature Version: 1.443.1072.0 AV Signature Version: 1.443.1072.0 ************************************************************ 2026-02-08T19:27:47.208 [Update] Performing ScanOnUpdate, GetConfigHr: 0x0, dwDisableScanOnUpdate: 0, passiveMode: 0, killbit: 0 2026-02-08T19:27:47.208 UpdateEngine finished with 0: Source: 1, szUpdateDirectory: C:\Windows\Temp\E3B154FA-DF4C-4A86-BB99-89A40E50D2B03f14.1dc9930f273ca05 2026-02-08T19:27:47.210 Process scan (postsignatureupdatescan) started. 2026-02-08T19:27:47.236 [TP] State change. FeatureAvialable: False, NewState: 0x2, OldState: 0x2, Scenario: Consumer, Source: Signatures, ConfigChange: Remove 2026-02-08T19:27:47.237 [TP] TP Enabled: 0, SecureConfigEnabled: 0, DisableTPExclusionBypass: 0, EnableTPExclusion via FC: 0, IsIntuneManagedDefender: 0, IsSCCMManagedDefender: 0, IsMDEAttachManagedDefender: 0, IsSCCMOnlyManagedDefender: 0, IsStrictPolicyModeEnabled: 0 (from snapshot: 0), Effective EnableTPExclusions: 0, Previous EnableTPExclusions: 0, Delayed call: 0 2026-02-08T19:27:47.334 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-08T19:27:47.334 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-08T19:27:47.334 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-08T19:27:47.334 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-08T19:27:47.334 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-08T19:27:47.471 [Engine] Engine 00007FF926286240 no longer in use. Number of active engines: 1 2026-02-08T19:27:47.471 [RTP] [RTP] FilterCommunicator object 0x00000200AE3185E0 StopCommunication (\MicrosoftMalwareProtectionPortWD, \MicrosoftMalwareProtectionVeryLowIoPortWD), threads: 8 normal, 2 very low, 0 alt, thread pool threads: 0 normal, 0 very low, 8 alt 2026-02-08T19:27:47.571 CheckProductDisabled(fWaitWSC: 0, fRemoveConfigs: 1) ... IDynamicConfig::ReportError value=BruteForceProtectionIPExclusion hr=0x8007007b IDynamicConfig::ReportError value=BruteForceProtectionStatus hr=0x8007007b IDynamicConfig::ReportError value=DisableGradualRelease hr=0x8007007b IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007b IDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000d IDynamicConfig::ReportError value=MpCampRingThrottled hr=0x8007007b IDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d IDynamicConfig::ReportError value=MpEngineRingThrottled hr=0x8007007b 2026-02-08T19:27:47.575 [KSL] Entering CKSLEngine::EnableKSL. State: [3] 2026-02-08T19:27:47.575 [KSL] CKSLEngine::EnableKSL feature is already enabled. 2026-02-08T19:27:47.575 [KSL] Leaving CKSLEngine::EnableKsl(0). 2026-02-08T19:27:47.575 [KSL] Entering CKSLEngine::EnableKSL. State: [3] 2026-02-08T19:27:47.575 [KSL] CKSLEngine::EnableKSL feature is already enabled. 2026-02-08T19:27:47.575 [KSL] Leaving CKSLEngine::EnableKsl(0). 2026-02-08T19:27:47.577 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-08T19:27:47.577 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-08T19:27:47.577 [RTP] [RtpConfig] Config change detected, type: 4 2026-02-08T19:27:47.577 [RTP] [RtpConfig] Config change detected, type: 8 2026-02-08T19:27:47.577 [RTP] [RtpConfig] Config change detected, type: 1024 2026-02-08T19:27:47.577 [RTP] [RtpConfig] Config change detected, type: 2048 2026-02-08T19:27:47.577 [NRI] Stopping NIS service ... 2026-02-08T19:27:47.577 [RTP] Setting DisableAsyncScanOnClose to 0 (hr=0). 2026-02-08T19:27:47.577 [RTP] Setting DisableAsyncScanOnOpen to 0 in wdfilter (hr=0). 2026-02-08T19:27:47.577 [RTP] Setting FilterExperimentMode to 0 (hr=0). 2026-02-08T19:27:47.577 [RTP] Setting DisableDriverUnload to 1 (hr=0). 2026-02-08T19:27:47.577 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-08T19:27:47.577 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-08T19:27:47.577 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-08T19:27:47.577 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-08T19:27:47.577 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-08T19:27:47.577 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-08T19:27:47.577 [RTP] [RTP] LastAccessTimeSuppression for network files is enabled by configuration. 2026-02-08T19:27:47.578 [RTP] [RtpConfig] Config change detected, type: 64 2026-02-08T19:27:47.578 [NRI] Stopping NIS service ... 2026-02-08T19:27:47.578 [NRI] Stopping NIS service ... 2026-02-08T19:27:47.579 [NRI] Stopping NIS service ... 2026-02-08T19:27:47.580 [NRI] Stopping NIS service ... Signature updated via MicrosoftUpdateServer on 02-08-2026 19:27:48 ************************************************************ 2026-02-08T19:27:48.469 Job Notification: Process exited from job (15632) 2026-02-08T19:27:48.470 Job Notification: Process exited from job (15248) 2026-02-08T19:27:48.954 Job Notification: Process exited from job (16080) 2026-02-08T19:27:48.955 Job Notification: Process exited from job (17140) 2026-02-08T19:27:50.081 [RTP] Duplicating the current plugin configuration object... 2026-02-08T19:27:50.081 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-08T19:27:50.081 [RTP] Updating plugin configuration due to recent config changes (0x42e) ... 2026-02-08T19:27:50.081 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-08T19:27:50.081 [RTP] Calling GenerateEngineConfigStruct (0x18) ... 2026-02-08T19:27:50.081 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x42e, Changed: 0x218 2026-02-08T19:27:58.916 [Engine] RSIG_UNLOADENGINE, 00007FF926286240, err=0x0 2026-02-08T19:27:58.988 [Engine] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{94ADE063-745B-436A-92A0-597CED6C0FC8} removed Internal signature match:subtype=Lowfi, sigseq=0x0000157E55A4A794, sigsha=0d6df75c878ae2057e5184c1c65cd97a922b0f0b, cached=false, source=0, resourceid=0xa865ed51 Internal signature match:subtype=Lowfi, sigseq=0x0000E6E7336DF01B, sigsha=be63f9765c0dd90c9044d12b0531e6ad0a7aa965, cached=false, source=0, resourceid=0x0e132b6d 2026-02-08T19:28:28.382 Process scan (postsignatureupdatescan) completed. 2026-02-08T19:32:46.982 [RbM] Setting Last known good engine candidate. hr = 0 2026-02-08T19:42:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T19:57:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T20:12:55.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T20:28:00.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T20:43:05.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T20:58:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T21:13:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T21:28:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T21:43:25.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T21:58:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T22:13:35.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T22:28:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T22:43:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T22:58:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T23:09:30.047 Created on demand scan context for ScanType:1. ScanTrigger:55, ScanId:6B97272E-F520-4A95-A79C-42AF8C928B34, Source: MPSOURCE_SYSTEM(2), EngineSource: MP_SCANSOURCE_SCHEDULED(1) 2026-02-08T23:09:30.048 Scheduled scan with Id 6B97272E-F520-4A95-A79C-42AF8C928B34 configured CPU priority: normal (LowCpuPriority: 0) 2026-02-08T23:09:30.066 [SFC] MpCmIsBuildPermissible(1) returns S_OK. Start SFC build. 2026-02-08T23:09:30.066 [SFC] System file cache build is not needed (already completed) Internal signature match:subtype=Lowfi, sigseq=0x0000E6E7336DF01B, sigsha=be63f9765c0dd90c9044d12b0531e6ad0a7aa965, cached=false, source=0, resourceid=0x0e132b6d Internal signature match:subtype=Lowfi, sigseq=0x00001080BD474309, sigsha=12dcaa1fa061982b60965c79a12b1fa9857cd220, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x000010806C1FBEBC, sigsha=62d527f22a73e99676b1b698fda24d54631bc5e6, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x000010807F33016C, sigsha=3969d92ccecc920f2b38c26959c245b73df4cddd, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x00001080DCA721BD, sigsha=13bf421faa34d3dab1e680e23c46d4dcb5ca3d0a, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x00004AE7F6712C36, sigsha=d96c66db50bb3adef460233484cf124f27fd61c2, cached=false, source=0, resourceid=0xc8ebb48e Internal signature match:subtype=Lowfi, sigseq=0x00004AE7F6712C36, sigsha=d96c66db50bb3adef460233484cf124f27fd61c2, cached=false, source=0, resourceid=0x49ced1a9 2026-02-08T23:10:57.035 Engine:Triggered AR EMS scan 2026-02-08T23:10:57.046 Engine:EMS scan for process: lsass pid: 748, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.118 Engine:EMS scan for process: svchost pid: 956, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.121 Engine:EMS scan for process: svchost pid: 980, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.133 Engine:EMS scan for process: svchost pid: 84, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.134 Engine:EMS scan for process: svchost pid: 396, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.136 Engine:EMS scan for process: svchost pid: 1048, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.143 Engine:EMS scan for process: svchost pid: 1132, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.147 Engine:EMS scan for process: svchost pid: 1164, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.150 Engine:EMS scan for process: svchost pid: 1316, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.151 Engine:EMS scan for process: svchost pid: 1324, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.152 Engine:EMS scan for process: svchost pid: 1332, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.153 Engine:EMS scan for process: svchost pid: 1340, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.154 Engine:EMS scan for process: svchost pid: 1452, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.154 Engine:EMS scan for process: svchost pid: 1476, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.156 Engine:EMS scan for process: svchost pid: 1584, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.157 Engine:EMS scan for process: svchost pid: 1612, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.159 Engine:EMS scan for process: svchost pid: 1668, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.161 Engine:EMS scan for process: svchost pid: 1732, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.165 Engine:EMS scan for process: svchost pid: 1780, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.169 Engine:EMS scan for process: svchost pid: 1788, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.171 Engine:EMS scan for process: svchost pid: 1796, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.171 Engine:EMS scan for process: svchost pid: 1912, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.173 Engine:EMS scan for process: svchost pid: 1960, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.175 Engine:EMS scan for process: svchost pid: 2020, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.177 Engine:EMS scan for process: svchost pid: 1564, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.178 Engine:EMS scan for process: svchost pid: 2068, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.179 Engine:EMS scan for process: svchost pid: 2144, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.183 Engine:EMS scan for process: svchost pid: 2152, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.184 Engine:EMS scan for process: svchost pid: 2340, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.186 Engine:EMS scan for process: svchost pid: 2356, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.190 Engine:EMS scan for process: svchost pid: 2444, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.192 Engine:EMS scan for process: svchost pid: 2792, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.193 Engine:EMS scan for process: svchost pid: 2860, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.194 Engine:EMS scan for process: svchost pid: 2948, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.199 Engine:EMS scan for process: svchost pid: 2632, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.202 Engine:EMS scan for process: svchost pid: 3268, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.206 Engine:EMS scan for process: svchost pid: 3308, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.226 Engine:EMS scan for process: svchost pid: 3316, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.231 Engine:EMS scan for process: services pid: 3324, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.256 Engine:EMS scan for process: svchost pid: 3356, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.257 Engine:EMS scan for process: svchost pid: 3364, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.261 Engine:EMS scan for process: svchost pid: 3376, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.264 Engine:EMS scan for process: svchost pid: 3384, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.267 Engine:EMS scan for process: svchost pid: 3392, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.269 Engine:EMS scan for process: svchost pid: 3400, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.271 Engine:EMS scan for process: svchost pid: 3408, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.272 Engine:EMS scan for process: svchost pid: 3416, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.273 Engine:EMS scan for process: svchost pid: 3584, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.274 Engine:EMS scan for process: svchost pid: 4148, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.278 Engine:EMS scan for process: svchost pid: 4320, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.283 Engine:EMS scan for process: svchost pid: 4396, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.286 Engine:EMS scan for process: svchost pid: 4568, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.288 Engine:EMS scan for process: svchost pid: 5448, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.291 Engine:EMS scan for process: dllhost pid: 2480, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.294 Engine:EMS scan for process: svchost pid: 7148, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.296 Engine:EMS scan for process: svchost pid: 1356, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.297 Engine:EMS scan for process: svchost pid: 1084, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.300 Engine:EMS scan for process: svchost pid: 6444, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.302 Engine:EMS scan for process: svchost pid: 1924, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.306 Engine:EMS scan for process: svchost pid: 7616, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.308 Engine:EMS scan for process: svchost pid: 7768, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.315 Engine:EMS scan for process: svchost pid: 1392, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.318 Engine:EMS scan for process: svchost pid: 3504, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.321 Engine:EMS scan for process: svchost pid: 8332, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.325 Engine:EMS scan for process: svchost pid: 8168, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.328 Engine:EMS scan for process: svchost pid: 7980, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.330 Engine:EMS scan for process: svchost pid: 7700, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.332 Engine:EMS scan for process: svchost pid: 12000, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.335 Engine:EMS scan for process: svchost pid: 7692, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.338 Engine:EMS scan for process: svchost pid: 13524, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.345 Engine:EMS scan for process: dllhost pid: 12048, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.346 Engine:EMS scan for process: dllhost pid: 13580, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.347 Engine:EMS scan for process: svchost pid: 7696, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.348 Engine:EMS scan for process: svchost pid: 12648, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.350 Engine:EMS scan for process: svchost pid: 7244, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.353 Engine:EMS scan for process: svchost pid: 12008, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.358 Engine:EMS scan for process: svchost pid: 16544, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.360 Engine:EMS scan for process: svchost pid: 9004, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-08T23:10:57.362 Engine:EMS scan for process: svchost pid: 6472, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 Internal signature match:subtype=Lowfi, sigseq=0x0000157EF1BEF48F, sigsha=88199b23bf19d286f43e8f883776ee295b1669db, cached=false, source=0, resourceid=0xdb500b9d Internal signature match:subtype=Lowfi, sigseq=0x0000AAE7671D16B6, sigsha=3c5f73131fd9b5bec7ddb911a1fa2acc81ec3877, cached=false, source=0, resourceid=0x0e3a6362 Internal signature match:subtype=Lowfi, sigseq=0x0000157EF1BEF48F, sigsha=88199b23bf19d286f43e8f883776ee295b1669db, cached=false, source=0, resourceid=0xc742a477 Internal signature match:subtype=Lowfi, sigseq=0x000078E7B6D8B30B, sigsha=7e39caa16cef41cd13040adae6e049354306a445, cached=false, source=0, resourceid=0xc742a477 2026-02-08T23:13:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T23:14:57.791 QuickScan:ScanID:6B97272E-F520-4A95-A79C-42AF8C928B34: Quick scan finished with error 0 2026-02-08T23:14:58.381 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-08T23:14:58.381 [RTP] Duplicating the current plugin configuration object... 2026-02-08T23:14:58.381 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-08T23:14:58.381 [RTP] Updating plugin configuration due to recent config changes (0x20) ... 2026-02-08T23:14:58.407 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-08T23:14:58.407 [RTP] No config change detected. Not updating plugin configuration. 2026-02-08T23:14:58.407 [RTP] No config changes found. No configuration switch. 2026-02-08T23:14:58.407 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x20, Changed: 0 2026-02-08T23:29:00.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T23:44:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-08T23:59:10.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T00:14:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T00:29:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T00:44:25.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T00:59:30.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T01:14:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T01:29:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T01:44:45.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T01:59:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T02:14:55.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T02:30:00.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T02:45:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T03:00:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T03:15:15.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T03:30:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T03:45:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T04:00:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T04:15:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T04:30:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T04:45:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T05:00:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T05:15:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T05:31:00.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T05:46:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T06:01:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T06:16:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T06:31:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T06:46:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T07:01:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T07:16:35.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T07:31:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T07:46:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T08:01:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T08:16:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T08:32:00.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T08:47:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T09:02:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T09:17:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T09:32:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T09:47:25.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T10:02:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T10:17:35.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T10:32:40.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T10:47:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T11:02:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T11:17:55.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T11:33:00.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T11:48:05.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T12:03:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T12:18:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T12:33:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T12:48:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T13:03:30.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T13:18:35.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T13:33:40.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T13:48:45.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T14:03:50.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T14:18:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T14:34:00.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T14:49:05.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T15:04:10.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T15:19:15.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T15:34:20.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T15:49:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T16:04:30.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T16:19:35.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T16:34:40.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T16:49:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T17:04:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T17:19:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T17:35:00.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T17:50:05.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T18:05:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T18:20:15.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T18:35:20.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T18:50:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T19:05:30.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T19:20:35.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T19:23:55.387 [AutoPurge] AutoPurgeWorker triggered with dwWork=0x3 2026-02-09T19:23:56.443 Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) launched 2026-02-09T19:23:56.443 Aggressive catchup quick scan threshold: 728663774928 / 25920000000000 2026-02-09T19:23:56.462 Job Notification: New process added to job (8720) 2026-02-09T19:23:56.484 Job Notification: New process added to job (12808) 2026-02-09T19:23:56.488 [RTP] [Mini-filter] Denied OB operation OpenProcess[\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe][Pid:8720] from process [\Device\HarddiskVolume4\Windows\System32\conhost.exe][Pid:12808]. OriginalDesiredAccess: [0x1fffff] ResultingAccess: [0x1ff7d4] 2026-02-09T19:23:56.965 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-09T19:23:56.965 [RTP] Duplicating the current plugin configuration object... 2026-02-09T19:23:56.965 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-09T19:23:56.965 [RTP] Updating plugin configuration due to recent config changes (0x20) ... 2026-02-09T19:23:57.208 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-09T19:23:57.208 [RTP] No config change detected. Not updating plugin configuration. 2026-02-09T19:23:57.208 [RTP] No config changes found. No configuration switch. 2026-02-09T19:23:57.208 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x20, Changed: 0 2026-02-09T19:23:58.748 Job Notification: New process added to job (1192) 2026-02-09T19:23:58.748 Task(SignaturesUpdateService -ScheduleJob -UnmanagedUpdate) launched 2026-02-09T19:23:58.750 Job Notification: New process added to job (9368) 2026-02-09T19:23:58.754 [RTP] [Mini-filter] Denied OB operation OpenProcess[\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe][Pid:1192] from process [\Device\HarddiskVolume4\Windows\System32\conhost.exe][Pid:9368]. OriginalDesiredAccess: [0x1fffff] ResultingAccess: [0x1ff7d4] 2026-02-09T19:25:38.010 UpdateEngine start: Source: 1, szUpdateDirectory: C:\Windows\Temp\5BBD07E9-F638-4B0F-BC83-3D26A69645672488.1dc99f9d32d0b95 2026-02-09T19:25:39.789 Verifying engine and signature files (source: 0) ... 2026-02-09T19:25:39.789 Skipped verification of [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D5F77898-0FB2-4261-8EAC-B886D96D8FD6}\mpengine.dll] due to PPL. 2026-02-09T19:25:39.789 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D5F77898-0FB2-4261-8EAC-B886D96D8FD6}\mpasbase.vdm] (file in cache) 2026-02-09T19:25:39.789 MpCacheManagerIsTrustedFile [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D5F77898-0FB2-4261-8EAC-B886D96D8FD6}\mpasdlta.vdm]. File not in cache (0x1) 2026-02-09T19:25:40.595 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D5F77898-0FB2-4261-8EAC-B886D96D8FD6}\mpasdlta.vdm] 2026-02-09T19:25:40.595 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D5F77898-0FB2-4261-8EAC-B886D96D8FD6}\mpavbase.vdm] (file in cache) 2026-02-09T19:25:40.595 MpCacheManagerIsTrustedFile [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D5F77898-0FB2-4261-8EAC-B886D96D8FD6}\mpavdlta.vdm]. File not in cache (0x1) 2026-02-09T19:25:40.622 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D5F77898-0FB2-4261-8EAC-B886D96D8FD6}\mpavdlta.vdm] 2026-02-09T19:25:54.487 [Engine] IsHybridMode: 0 2026-02-09T19:25:58.839 [KSL]KSL(1.1.25080.5) Is available via CAMP. KslDevice : KslD, TDTDevice : TDT 2026-02-09T19:31:58.956 Job Notification: Process exited from job (1192) 2026-02-09T19:31:58.958 Job Notification: Process exited from job (9368) 2026-02-09T19:32:08.682 Database:Can't find offline cache cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-285A18115622E776E2028F58DCB0E298E79EC217.bin): 0x00000002 2026-02-09T19:32:09.257 Job Notification: Process exited from job (8720) 2026-02-09T19:32:09.257 Job Notification: Process exited from job (12808) 2026-02-09T19:32:22.604 Database:Creating offline cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-285A18115622E776E2028F58DCB0E298E79EC217.bin) 2026-02-09T19:32:22.604 Database:Product:1, ProductVersion:5, Platform:6, PlatformVersion:19, IsBeta:0, IsAdvancedAtLoad:0, IsParanoid: 0, IsOffline: 0 2026-02-09T19:32:22.604 Database:IsEmbedded: 0, IsIEVEnabled: 0, IsServerSku: 1, IsRsdhSku: 1, IsEnterpriseProduct: 0, IsMsft: 0, IsSeville: 0, IsMsSense: 0, IsImmune: 0, IsMba: 0, IsPus: 0, IsManaged: 0, IsSmode: 0 2026-02-09T19:32:22.604 Database:IsAutoSubmit:0, IsPusRem:0, LoadedAS:1, LoadedAV:1, LoadedInternal: 0, PassiveMode: 0, SxsPassiveMode:0, IsDevMode:0, IsTestSigning:0, IsWCOS: 0, IsInsideContainer: 0, IsHybridMode: 0 2026-02-09T19:32:22.604 Database:kLCID:1033, kOsVersion:655360, kProcessorArch:9, dwIsTest:0, fTdtCapable:0, fTdtUVE:0, dwTDTSiloType:0, kOOsVersion:655360, kOsSP:0, kOsBld:17763, dwPvpRing=0xffffffff 2026-02-09T19:35:40.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T19:50:45.632 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) IDynamicConfig::ReportError value=BruteForceProtectionIPExclusion hr=0x8007007b IDynamicConfig::ReportError value=BruteForceProtectionStatus hr=0x8007007b IDynamicConfig::ReportError value=DisableGradualRelease hr=0x8007007b IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007b IDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000d IDynamicConfig::ReportError value=MpCampRingThrottled hr=0x8007007b IDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d IDynamicConfig::ReportError value=MpEngineRingThrottled hr=0x8007007b 2026-02-09T19:54:02.014 Geo ID not found using standard default set: :SOAP:https://wdcp.microsoft.com/WdCpSrvc.asmx 2026-02-09T19:54:04.832 [AutoExclusion] Applied roles from cache. 2026-02-09T19:54:04.832 [AutoExclusion] Started roles monitoring. 2026-02-09T19:54:12.762 [Engine] RSIG_ENGINE_PRE_SHUTDOWN, 0x00007FF91E006240, lRefCount: 5, hr=0 2026-02-09T19:54:12.770 [Engine] New active engine 00007FF924F86240 replacing engine 00007FF91E006240. Number of active engines: 2 2026-02-09T19:54:13.695 EngineInit:Global ASOC is enabled 2026-02-09T19:54:13.695 EngineInit:ASOO is enabled for developer volumes 2026-02-09T19:54:15.136 Engine-HIPS:Loaded ASR vdm rule "Block use of copied or impersonated system tools", State=5, Action=0, Type=9, Duplicates(Interval=288000000000, scope=0x100) 2026-02-09T19:54:15.136 Engine-HIPS:Loaded ASR vdm rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-09T19:54:15.136 Engine-HIPS:Loaded ASR vdm rule "Block credential stealing from the Windows local security authority subsystem (lsass.exe)", State=5, Action=7, Type=1, Duplicates(Interval=288000000000, scope=0x380) 2026-02-09T19:54:15.136 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from injecting code into other processes", State=5, Action=2, Type=24, Duplicates(Interval=144000000000, scope=0x380) 2026-02-09T19:54:15.136 Engine-HIPS:Loaded ASR vdm rule "Controlled folder access", State=0, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-09T19:54:15.136 Engine-HIPS:Loaded ASR vdm rule "Block untrusted and unsigned processes that run from USB", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-09T19:54:15.136 Engine-HIPS:Loaded ASR vdm rule "Block Adobe Reader from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-09T19:54:15.136 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from creating executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-09T19:54:15.177 Engine-HIPS:Loaded ASR vdm rule "Block Webshell creation for Servers", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-09T19:54:15.177 Engine-HIPS:Loaded ASR vdm rule "Block Office communication application from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-09T19:54:15.177 Engine-HIPS:Loaded ASR vdm rule "Block abuse of in-the-wild exploited vulnerable signed drivers", State=5, Action=0, Type=1, Duplicates(Interval=36000000000, scope=0x100) 2026-02-09T19:54:15.177 Engine-HIPS:Loaded ASR vdm rule "Block all Office applications from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-09T19:54:15.177 Engine-HIPS:Loaded ASR vdm rule "Use advanced protection against ransomware", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-09T19:54:15.177 Engine-HIPS:Loaded ASR vdm rule "Block Process Creations originating from PSExec & WMI commands", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-09T19:54:15.178 Engine-HIPS:Loaded ASR vdm rule "Block Launching of executable content from email attachment", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-09T19:54:15.245 Engine-HIPS:Loaded ASR vdm rule "Block JavaScript or VBScript from launching downloaded executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-09T19:54:15.245 Engine-HIPS:Loaded ASR vdm rule "Block persistence through WMI event subscription", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-09T19:54:15.245 Engine-HIPS:Loaded ASR vdm rule "Block rebooting machine in Safe Mode", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-09T19:54:15.245 Engine-HIPS:Loaded ASR vdm rule "Block execution of potentially obfuscated scripts", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-09T19:54:15.396 MpWriteUupSignatureVersion 1.443.1091.0, hr = 0 2026-02-09T19:54:15.422 ForceSyncMoacInsertion config from engine is 0, hr = 0x0 2026-02-09T19:54:15.590 [RTP] [Mini-filter] MpFC: MpFC_Kernel_HardenUxProcesses=0;MpFC_Kernel_SystemIoRequestWorkOnBehalfOf=0x1;MpFC_Kernel_PreventBindfltAbuse=0x1;MpFC_Kernel_ParentProcessObHardeningAllow=0;MpFC_Kernel_ReduceOfficeInjectRuleFP=0x1;MPC_Kernel_CheckValidityOfProcessFilterFlagsInASR=0x1;MpFc_Kernel_UseLowPrioThreadsForAsyncScans=0x1;MpFc_Kernel_DisableFileDirtyLogic=0;MpFC_Kernel_DisableDLPPort=0x1;MpFC_Kernel_DlpFeatures=0;MpFC_Kernel_EnableFolderGuardOnPostCreate=0x1;MpFC_Kernel_StrictTiChildrenMatch=0;MpFC_Kernel_PPLReduxMitigationFlags=0x3;MpFc_Kernel_UseLowPriAsyncScansDevDrvOnly=0x1;MpFc_Kernel_DisableOfficeInjectUevSuppression=0x1;MpFc_Kernel_CopyChunkFileHintMask=0;MpFc_Kernel_DisableScanOnCloseForNetworkFiles=0x1;MpFc_Kernel_MaxAsyncWorkQueue=0x400;MpFc_Kernel_DlpIgnoreSystemFolder=0x1;MpFc_Kernel_DlpPassThroughMode=0;MpFc_Kernel_L2StateCache_DefaultStreamsOnly=0x1;MpFc_Kernel_L2StateCache_SupportGenericFileState=0x1;MpFc_Kernel_CryptSvcPreScanFilter=0x1;MpFc_Kernel_SystemPreScanFilter=0x1;MpFC_Kernel_CheckValidit 2026-02-09T19:54:15.591 [HybridMode] HybridMode change notification isHybridModePolicyEnabled: 0, isVerifiedAndReputableTrustModeEnabled: 0 2026-02-09T19:54:15.591 Hybrid mode change notification called, no change detected in verified and reputable trust mode (0 -> 0)! 2026-02-09T19:54:15.591 Hybrid mode change notification called, no change detected in Hybrid mode (0 -> 0)!ApplyDefenderProcessTokenTrustLableAce succeeded to set. 2026-02-09T19:54:15.674 MpUpdateUpdateResiliencyConfiguration updated to 0 2026-02-09T19:54:15.674 [Plugin] Initializing RTP plugin state... 2026-02-09T19:54:15.674 [Plugin] Normal mode, or passive mode with shadow protection enabled. Will not force RTP off. 2026-02-09T19:54:15.674 [RTP] ****************************RTP Perf Log*************************** RTP Start:‎02‎-‎08‎-‎2026 22:27:47 Last Perf:‎02‎-‎08‎-‎2026 22:27:47 First RTP Scan:N/A Plugin States: AV:1 AS:1 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\OInstall_x64.exe C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\files C:\Users\Administrator\Downloads\InternetDownloadManager6.42Build3.c.taiwebs.com\Internet Download Manager 6.42 Build 3 Multilingual\Patch C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\OInstall.exe Ext Exclusions: Temp Exclusions: Worker Threads: AM:18 Async:4 Cache Flushes: RTP:1 System File Cache: Hits:0 Misses:0 BM Queue:0,3,0 Proc:0,3,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:1,3,0 SetEngine:1,1,0 SetState:0,1,0 SetUser:0,1,0 Config:0,1,0 ProcExcl:0,1,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:281166 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:284086 AsyncQCurrent:0 BMFlags:1160 ServiceMaj:0 ServiceMin:0 NumInstance:6 TotalStreamCon:5928 NTFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:-1187174193 TotalHits:0 InstanceCacheInserts:255203 InstanceCacheUpdates:0 InstanceCacheDeletes:91118 InstanceCacheHits:4131 InstanceCacheMisses:1882833 InstanceCacheOverflows:155638 CSVFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 SyncProcessCreateDuration:-1ms (0/0) Success: 0, failures: 0 (last code: 0x0), timeouts: 0, baddata: 0 **************************END RTP Perf Log************************* 2026-02-09T19:54:15.674 [Engine] Loaded C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D5F77898-0FB2-4261-8EAC-B886D96D8FD6} 2026-02-09T19:54:15.674 [Engine] Skip removing C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{05CF7E2D-BEDD-41C3-839A-ACD5FE3DB290}, C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{05CF7E2D-BEDD-41C3-839A-ACD5FE3DB290}\mpasbase.vdm in use, hr=0x80070020 2026-02-09T19:54:15.674 [SCC][CID=433831437_11120] [1DS] SCCState hr=0x0 msg={"error":"","hr":"0x0","init":false,"source":"None","state":"None"} 2026-02-09T19:54:15.708 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-09T19:54:15.727 Failed to retrieve config value from engine or configurations for config key (MdCpuSensorCollectionLag) hr = 0x8050800f 2026-02-09T19:54:15.727 Failed to retrieve config value from engine or configurations for config key (MdCrashSensorCollectionLag) hr = 0x8050800f 2026-02-09T19:54:15.728 Failed to retrieve config value from engine or configurations for config key (MdDiskSensorCollectionLag) hr = 0x8050800f 2026-02-09T19:54:15.728 Failed to retrieve config value from engine or configurations for config key (MdMemorySensorCollectionLag) hr = 0x8050800f 2026-02-09T19:54:15.728 MdCoreSvc is supported in this platform and OS Beginning quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Target: Flags:131074 Start time:02-09-2026 19:54:15 Finished quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Result:0 End time:02-09-2026 19:54:15 2026-02-09T19:54:15.807 [TP] State change. FeatureAvialable: False, NewState: 0x2, OldState: 0x2, Scenario: Consumer, Source: Signatures, ConfigChange: Remove 2026-02-09T19:54:15.808 [TP] TP Enabled: 0, SecureConfigEnabled: 0, DisableTPExclusionBypass: 0, EnableTPExclusion via FC: 0, IsIntuneManagedDefender: 0, IsSCCMManagedDefender: 0, IsMDEAttachManagedDefender: 0, IsSCCMOnlyManagedDefender: 0, IsStrictPolicyModeEnabled: 0 (from snapshot: 0), Effective EnableTPExclusions: 0, Previous EnableTPExclusions: 0, Delayed call: 0 2026-02-09T19:54:15.919 CheckProductDisabled(fWaitWSC: 0, fRemoveConfigs: 1) ... IDynamicConfig::ReportError value=BruteForceProtectionIPExclusion hr=0x8007007b IDynamicConfig::ReportError value=BruteForceProtectionStatus hr=0x8007007b IDynamicConfig::ReportError value=DisableGradualRelease hr=0x8007007b IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007b IDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000d IDynamicConfig::ReportError value=MpCampRingThrottled hr=0x8007007b IDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d IDynamicConfig::ReportError value=MpEngineRingThrottled hr=0x8007007b 2026-02-09T19:54:16.056 [KSL] Entering CKSLEngine::EnableKSL. State: [3] 2026-02-09T19:54:16.056 [KSL] CKSLEngine::EnableKSL feature is already enabled. 2026-02-09T19:54:16.056 [KSL] Leaving CKSLEngine::EnableKsl(0). 2026-02-09T19:54:16.057 [KSL] Entering CKSLEngine::EnableKSL. State: [3] 2026-02-09T19:54:16.057 [KSL] CKSLEngine::EnableKSL feature is already enabled. 2026-02-09T19:54:16.057 [KSL] Leaving CKSLEngine::EnableKsl(0). 2026-02-09T19:54:16.058 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-09T19:54:16.058 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-09T19:54:16.058 [RTP] [RtpConfig] Config change detected, type: 4 2026-02-09T19:54:16.058 [RTP] [RtpConfig] Config change detected, type: 8 2026-02-09T19:54:16.058 [RTP] [RtpConfig] Config change detected, type: 1024 2026-02-09T19:54:16.058 [RTP] [RtpConfig] Config change detected, type: 2048 2026-02-09T19:54:16.058 [RTP] Setting DisableAsyncScanOnClose to 0 (hr=0). 2026-02-09T19:54:16.058 [RTP] Setting DisableAsyncScanOnOpen to 0 in wdfilter (hr=0). 2026-02-09T19:54:16.058 [RTP] Setting FilterExperimentMode to 0 (hr=0). 2026-02-09T19:54:16.058 [RTP] Setting DisableDriverUnload to 1 (hr=0). 2026-02-09T19:54:16.058 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-09T19:54:16.058 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-09T19:54:16.058 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-09T19:54:16.058 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-09T19:54:16.059 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-09T19:54:16.059 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-09T19:54:16.059 [RTP] [RTP] LastAccessTimeSuppression for network files is enabled by configuration. 2026-02-09T19:54:16.059 [RTP] [RtpConfig] Config change detected, type: 64 2026-02-09T19:54:16.059 [NRI] Stopping NIS service ... 2026-02-09T19:54:16.059 [NRI] Stopping NIS service ... 2026-02-09T19:54:16.060 [NRI] Stopping NIS service ... 2026-02-09T19:54:16.060 [NRI] Stopping NIS service ... 2026-02-09T19:54:16.061 [NRI] Stopping NIS service ... 2026-02-09T19:54:16.088 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-09T19:54:16.088 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-09T19:54:16.088 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-09T19:54:16.088 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-09T19:54:16.088 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-09T19:54:16.095 MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0 2026-02-09T19:54:16.095 MpPlatformKillbitsFromEngineEx (0x0) (0x0) written, hr = 0 2026-02-09T19:54:16.095 [NRI] Stopping NIS service ... 2026-02-09T19:54:16.096 Failed to retrieve config value from engine or configurations for config key (MdCpuSensorCollectionLag) hr = 0x8050800f 2026-02-09T19:54:16.096 Failed to retrieve config value from engine or configurations for config key (MdCrashSensorCollectionLag) hr = 0x8050800f 2026-02-09T19:54:16.096 Failed to retrieve config value from engine or configurations for config key (MdDiskSensorCollectionLag) hr = 0x8050800f 2026-02-09T19:54:16.096 Failed to retrieve config value from engine or configurations for config key (MdMemorySensorCollectionLag) hr = 0x8050800f 2026-02-09T19:54:16.096 MdCoreSvc is supported in this platform and OS Signature updated on 02-09-2026 19:54:16 Product Version: 4.18.25110.6 Service Version: 4.18.25110.6 Engine Version: 1.1.25110.1 AS Signature Version: 1.443.1091.0 AV Signature Version: 1.443.1091.0 ************************************************************ 2026-02-09T19:54:16.404 [Update] Performing ScanOnUpdate, GetConfigHr: 0x0, dwDisableScanOnUpdate: 0, passiveMode: 0, killbit: 0 2026-02-09T19:54:16.404 UpdateEngine finished with 0: Source: 1, szUpdateDirectory: C:\Windows\Temp\5BBD07E9-F638-4B0F-BC83-3D26A69645672488.1dc99f9d32d0b95 2026-02-09T19:54:16.405 Process scan (postsignatureupdatescan) started. 2026-02-09T19:54:17.883 [Engine] Engine 00007FF91E006240 no longer in use. Number of active engines: 1 2026-02-09T19:54:17.884 [RTP] [RTP] FilterCommunicator object 0x00000200AE3185E0 StopCommunication (\MicrosoftMalwareProtectionPortWD, \MicrosoftMalwareProtectionVeryLowIoPortWD), threads: 8 normal, 2 very low, 0 alt, thread pool threads: 0 normal, 0 very low, 8 alt 2026-02-09T19:54:20.388 [RTP] Duplicating the current plugin configuration object... 2026-02-09T19:54:20.388 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-09T19:54:20.388 [RTP] Updating plugin configuration due to recent config changes (0x42e) ... 2026-02-09T19:54:20.388 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-09T19:54:20.388 [RTP] Calling GenerateEngineConfigStruct (0x18) ... 2026-02-09T19:54:21.165 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x42e, Changed: 0x218 2026-02-09T19:54:59.531 [Engine] RSIG_UNLOADENGINE, 00007FF91E006240, err=0x0 2026-02-09T19:55:00.171 [Engine] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{05CF7E2D-BEDD-41C3-839A-ACD5FE3DB290} removed Internal signature match:subtype=Lowfi, sigseq=0x0000157E55A4A794, sigsha=0d6df75c878ae2057e5184c1c65cd97a922b0f0b, cached=false, source=0, resourceid=0xa865ed51 Internal signature match:subtype=Lowfi, sigseq=0x0000E6E7336DF01B, sigsha=be63f9765c0dd90c9044d12b0531e6ad0a7aa965, cached=false, source=0, resourceid=0x0e132b6d 2026-02-09T19:56:36.548 Process scan (postsignatureupdatescan) completed. 2026-02-09T19:59:26.292 [RbM] Setting Last known good engine candidate. hr = 0 2026-02-09T20:05:50.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T20:20:55.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T20:36:00.496 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T20:51:05.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T21:04:45.890 [AutoPurge] Cleanup Routine tasks have started. 2026-02-09T21:04:45.890 [AutoPurge] Routine task for Cache Maintenance has started. 2026-02-09T21:04:45.890 [AutoPurge] Verification Routine tasks have started. 2026-02-09T21:04:45.936 [AutoPurge] Routine task for Cache Maintenance ... 2026-02-09T21:04:45.936 [AutoPurge] Routine task for MpSFCBuild ... 2026-02-09T21:04:45.936 [AutoPurge] MpCmIsBuildCompleted() - S_OK 2026-02-09T21:04:45.936 [AutoPurge] MpSignalMaintenanceMode ...ApplyDefenderProcessTokenTrustLableAce succeeded to set. 2026-02-09T21:04:47.952 Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0) 2026-02-09T21:04:48.433 [AutoPurge] Purged 0 expired detection item(s) from a total of 0. 2026-02-09T21:04:48.729 [AutoPurge] 0 expired file(s) deleted under C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store (total: 0, expiration in 86400 seconds) Beginning quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Target: Flags:65538 Start time:02-09-2026 21:04:49 Finished quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Result:0 End time:02-09-2026 21:04:49 2026-02-09T21:04:49.524 [PlatUpd] Purging orphaned platform update directories under C:\ProgramData\Microsoft\Windows Defender\Platform ... 2026-02-09T21:04:49.524 [PlatUpd] Not purging current location C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0 ... 2026-02-09T21:04:49.524 [PlatUpd] Not purging backup location C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.5-0 ... 2026-02-09T21:04:49.524 [PlatUpd] Deleting orphaned platform update directory C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25100.9008-0 ... 2026-02-09T21:04:49.636 [PlatUpd] Purging orphaned platform update directories under C:\Program Files\Windows Defender\Platform ... 2026-02-09T21:04:49.636 [AutoPurge] Cleanup Routine tasks have ended. 2026-02-09T21:04:51.145 EnsureProtectedFolderAcls(), hr = 0x0 2026-02-09T21:04:51.146 [AutoPurge] MpReinforceServiceAcls: 0 2026-02-09T21:04:51.156 [AutoPurge] Readded platform files to MOAC after ACL enforcement. hr=0 2026-02-09T21:04:51.267 [AutoPurge] SendHeartbeatTelemetryIfDue failed. hr = 0x80508015 2026-02-09T21:04:51.287 [AutoPurge] Removing expired default signature package ... 2026-02-09T21:04:58.854 Job Notification: New process added to job (11720) 2026-02-09T21:04:59.928 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-shlwapi-legacy-l1-1-0.dll", hr=0x0 2026-02-09T21:05:00.625 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\pcat\pt-br\memtest.exe.mui", hr=0x0 2026-02-09T21:05:08.372 Engine:Setting original file name "memdiag.exe" for "c:\windows\winsxs\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.17763.107_sv-se_1b4fcd368d229221\memtest.exe.mui", hr=0x0 2026-02-09T21:05:15.747 Engine:Setting original file name "MSIDENT.DLL.MUI" for "c:\windows\system32\en-us\msidntld.dll.mui", hr=0x0 2026-02-09T21:05:16.585 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-interlocked-l1-1-0.dll", hr=0x0 2026-02-09T21:05:16.674 Job Notification: Process exited from job (11720) 2026-02-09T21:05:17.862 [AutoPurge] Verification Routine tasks have ended. 2026-02-09T21:05:17.945 Engine:Setting original file name "Windows SDK" for "c:\windows\system32\winmetadata\windows.services.winmd", hr=0x0 2026-02-09T21:05:24.744 Engine:Setting original file name "WIADSS DLL" for "c:\windows\syswow64\en-us\wiadss.dll.mui", hr=0x0 2026-02-09T21:05:25.854 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\pcat\fi-fi\memtest.exe.mui", hr=0x0 2026-02-09T21:05:36.263 Engine:Setting original file name ""MTF.DYNLINK"" for "c:\windows\winsxs\amd64_microsoft-windows-mtf_31bf3856ad364e35_10.0.17763.7919_none_f5cf7ad52d5df808\mtf.dll", hr=0x0 2026-02-09T21:05:39.799 Engine:Setting original file name "outllibr.dll" for "c:\program files\microsoft office\root\office16\outllibr.common.dll", hr=0x0 2026-02-09T21:05:52.584 Engine:Setting original file name "Audio_DiagPackage.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-a..iagnostic.resources_31bf3856ad364e35_10.0.17763.1_en-us_07405ada24951d3a\diagpackage.dll.mui", hr=0x0 2026-02-09T21:05:53.461 Engine:Setting original file name "ir41_32.ax.mui" for "c:\windows\winsxs\x86_microsoft-windows-i..o4-codecs.resources_31bf3856ad364e35_10.0.17763.1_en-us_92a66f78f66fddfc\ir41_32original.dll.mui", hr=0x0 2026-02-09T21:05:53.584 Engine:Setting original file name "Adobe PDF Toolbar for IE" for "c:\program files\common files\adobe\acrobat\wcieactivex\dc\acroiefavclient.dll", hr=0x0 2026-02-09T21:05:58.111 Engine:Setting original file name "DeviceCategories.dll" for "c:\windows\syswow64\ddores.dll", hr=0x0 2026-02-09T21:06:02.508 Engine:Setting original file name "SharedPC.CredentialProvider.dll.MUI" for "c:\windows\winsxs\amd64_microsoft-windows-s..lprovider.resources_31bf3856ad364e35_10.0.17763.1_en-us_dee4accf766e94d4\windows.sharedpc.credentialprovider.dll.mui", hr=0x0 2026-02-09T21:06:02.666 Engine:Setting original file name "AppSharingChromeHookController.exe" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\appsharinghookcontroller.exe", hr=0x0 2026-02-09T21:06:03.971 Engine:Setting original file name "msvcr100_clr0400.dll" for "c:\windows\syswow64\msvcr100.dll", hr=0x0 2026-02-09T21:06:06.168 Engine:Setting original file name "RasCredProv" for "c:\windows\winsxs\wow64_microsoft-windows-rasplap-mui.resources_31bf3856ad364e35_10.0.17763.1_en-us_8b7b75796fafa195\rasplap.dll.mui", hr=0x0 2026-02-09T21:06:08.044 Engine:Setting original file name "WMIC.exe" for "c:\windows\system32\wbem\wmic.exe", hr=0x0 2026-02-09T21:06:10.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T21:06:17.312 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-security-base-l1-1-0.dll", hr=0x0 2026-02-09T21:06:23.045 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-realtime-l1-1-0.dll", hr=0x0 2026-02-09T21:06:23.190 Engine:Setting original file name "aero.msstyles" for "c:\windows\resources\themes\aero\aerolite.msstyles", hr=0x0 2026-02-09T21:06:23.270 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\pcat\de-de\memtest.exe.mui", hr=0x0 2026-02-09T21:06:24.727 Engine:Setting original file name "WLRMNDR.EXE" for "c:\windows\winsxs\amd64_microsoft-windows-winlogon-tools_31bf3856ad364e35_10.0.17763.1697_none_e1e870c05edca249\wlrmdr.exe", hr=0x0 2026-02-09T21:06:27.463 Engine:Setting original file name "hiberrsm.exe" for "c:\windows\system32\boot\en-us\winresume.efi.mui", hr=0x0 2026-02-09T21:06:29.798 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\de-de\memtest.efi.mui", hr=0x0 2026-02-09T21:06:30.952 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_6208593b31ff9592\api-ms-win-security-lsapolicy-l1-1-0.dll", hr=0x0 2026-02-09T21:06:31.270 Engine:Setting original file name "hiberrsm.exe" for "c:\windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.17763.8146_none_a8cce3593e637340\winresume.exe", hr=0x0 2026-02-09T21:06:31.343 Engine:Setting original file name "dcficons.exe" for "c:\program files\microsoft office\root\vfs\windows\installer\{90160000-000f-0000-1000-0000000ff1ce}\dbcicons.exe", hr=0x0 2026-02-09T21:06:32.561 Engine:Setting original file name "LicensingWinRuntime.dll" for "c:\windows\winsxs\amd64_microsoft-windows-security-spp-ux_31bf3856ad364e35_10.0.17763.7919_none_a90e016670d2a7af\licensingwinrt.dll", hr=0x0 2026-02-09T21:06:34.177 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-comm-l1-1-0.dll", hr=0x0 2026-02-09T21:06:36.571 Engine:Setting original file name "Microsoft.JScript.dll" for "c:\windows\winsxs\x86_netfx-scripting_engine_tlb_b03f5f7f11d50a3a_10.0.17763.1_none_71a956c570486d6b\microsoft.jscript.tlb", hr=0x0 2026-02-09T21:06:36.657 Engine:Setting original file name "setup" for "c:\program files\google\chrome\application\144.0.7559.133\installer\chrmstp.exe", hr=0x0 2026-02-09T21:06:38.867 Engine:Setting original file name "PresentationNative" for "c:\manager\licence\bin\presentationnative_cor3.dll", hr=0x0 2026-02-09T21:06:40.532 Engine:Setting original file name "dpmodemx.dll" for "c:\windows\syswow64\dplaysvr.exe", hr=0x0 2026-02-09T21:06:40.921 Engine:Setting original file name "lhdfrgui.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-d..g-adminui.resources_31bf3856ad364e35_10.0.17763.1_en-us_a91c08b0bd0d09ea\dfrgui.exe.mui", hr=0x0 2026-02-09T21:06:41.098 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.media.winmd", hr=0x0 2026-02-09T21:06:43.640 Engine:Setting original file name "msfltr32.acm" for "c:\windows\winsxs\amd64_microsoft-windows-audio-mmecore-acm_31bf3856ad364e35_10.0.17763.1_none_d1ab73043932dad7\msacm32.dll", hr=0x0 2026-02-09T21:06:45.981 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-crt-filesystem-l1-1-0.dll", hr=0x0 2026-02-09T21:06:47.905 Engine:Setting original file name "gdi32" for "c:\windows\syswow64\gdi32full.dll", hr=0x0 2026-02-09T21:06:51.996 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-kernel32-private-l1-1-0.dll", hr=0x0 2026-02-09T21:06:58.296 Engine:Setting original file name "setup" for "c:\users\administrator\downloads\programs\python-3.12.1-amd64.exe", hr=0x0 2026-02-09T21:06:59.680 Engine:Setting original file name "dpmodemx.dll" for "c:\windows\syswow64\dpnaddr.dll", hr=0x0 2026-02-09T21:07:01.092 Engine:Setting original file name "System.Drawing.dll" for "c:\windows\microsoft.net\framework64\v2.0.50727\system.drawing.tlb", hr=0x0 2026-02-09T21:07:01.444 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.perception.winmd", hr=0x0 2026-02-09T21:07:02.191 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-datetime-l1-1-1.dll", hr=0x0 2026-02-09T21:07:02.331 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.security.winmd", hr=0x0 2026-02-09T21:07:02.596 Engine:Setting original file name "RRASUPG.DLL" for "c:\windows\winsxs\amd64_microsoft-windows-rasserver_31bf3856ad364e35_10.0.17763.8024_none_f9585f663982f226\rasmigplugin.dll", hr=0x0 2026-02-09T21:07:03.534 Engine:Setting original file name "osloader.exe" for "c:\windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.17763.8146_none_a8cce3593e637340\winload.exe", hr=0x0 2026-02-09T21:07:06.117 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-heap-obsolete-l1-1-0.dll", hr=0x0 2026-02-09T21:07:06.855 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-threadpool-private-l1-1-0.dll", hr=0x0 2026-02-09T21:07:06.894 Engine:Setting original file name "Video_DiagPackage.dll.mui" for "c:\windows\diagnostics\system\video\en-us\diagpackage.dll.mui", hr=0x0 2026-02-09T21:07:10.378 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-io-l1-1-0.dll", hr=0x0 2026-02-09T21:07:13.324 Engine:Setting original file name "WEXTRACT.EXE .MUI" for "c:\windows\winsxs\amd64_microsoft-windows-ie-iexpress.resources_31bf3856ad364e35_11.0.17763.1_en-us_483cea70e7d68328\wextract.exe.mui", hr=0x0 2026-02-09T21:07:15.805 Engine:Setting original file name "msdxm.ocx" for "c:\windows\system32\dxmasf.dll", hr=0x0 2026-02-09T21:07:16.355 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\api-ms-win-crt-heap-l1-1-0.dll", hr=0x0 2026-02-09T21:07:18.117 Engine:Setting original file name "UccApp.dll" for "c:\program files\microsoft office\root\office16\uccapi.dll", hr=0x0 2026-02-09T21:07:22.325 Engine:Setting original file name "unpnhost.dll.mui" for "c:\windows\system32\en-us\upnphost.dll.mui", hr=0x0 2026-02-09T21:07:23.668 Engine:Setting original file name "mp4sdmod.dll" for "c:\windows\winsxs\amd64_microsoft-windows-mp4sdecd_31bf3856ad364e35_10.0.17763.7919_none_5c34cb3f3f29a7ed\mp4sdecd.dll", hr=0x0 2026-02-09T21:07:27.972 Engine:Setting original file name "UNKNOWN_FILE" for "c:\windows\winsxs\amd64_netfx4-scripting_engine_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_28bfff5fa28f873e\microsoft.jscript.tlb", hr=0x0 2026-02-09T21:07:32.754 Engine:Setting original file name "mscordaccore.dll" for "c:\users\administrator\downloads\compressed\managerserver\mscordaccore_amd64_amd64_8.0.624.26715.dll", hr=0x0 2026-02-09T21:07:34.439 Engine:Setting original file name "Tally Setup" for "c:\program files\tallyprimeeditlog (3)\setup.exe", hr=0x0 2026-02-09T21:07:34.792 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-libraryloader-l1-1-0.dll", hr=0x0 2026-02-09T21:07:37.796 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-eventing-legacy-l1-1-0.dll", hr=0x0 2026-02-09T21:07:48.096 Engine:Setting original file name "audioepb.dll.mui" for "c:\windows\system32\en-us\audioendpointbuilder.dll.mui", hr=0x0 2026-02-09T21:07:48.331 Engine:Setting original file name "ImagingDevices.cpl.mui" for "c:\windows\winsxs\x86_microsoft-windows-i..trolpanel.resources_31bf3856ad364e35_10.0.17763.1_en-us_6bdc508f71f0f023\imagingdevices.exe.mui", hr=0x0 2026-02-09T21:07:50.903 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-timezone-l1-1-0.dll", hr=0x0 2026-02-09T21:07:53.451 Engine:Setting original file name "penusa.dll" for "c:\program files (x86)\common files\microsoft shared\ink\penchs.dll", hr=0x0 2026-02-09T21:07:54.454 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-errorhandling-l1-1-0.dll", hr=0x0 2026-02-09T21:07:54.943 Engine:Setting original file name "MSVidCtl" for "c:\windows\system32\en-us\msvidctl.dll.mui", hr=0x0 2026-02-09T21:07:55.374 Engine:Setting original file name "sbscmp10.dll" for "c:\windows\winsxs\x86_netfx-sbs_sys_enterprisesvc_dll_31bf3856ad364e35_10.0.17763.1_none_f5d0a7ecc59d9f58\sbs_system.enterpriseservices.dll", hr=0x0 2026-02-09T21:07:55.666 Engine:Setting original file name "Windows SDK" for "c:\windows\system32\winmetadata\windows.media.winmd", hr=0x0 2026-02-09T21:07:56.836 Engine:Setting original file name "TARGET_NAME.dll" for "c:\program files\microsoft office\root\office16\cpprestsdk.dll", hr=0x0 2026-02-09T21:07:57.840 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-file-l1-2-1.dll", hr=0x0 2026-02-09T21:08:01.397 Engine:Setting original file name "powershell.exe" for "c:\windows\system32\windowspowershell\v1.0\powershell.exe", hr=0x0 2026-02-09T21:08:07.366 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-eventing-classicprovider-l1-1-0.dll", hr=0x0 2026-02-09T21:08:08.729 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-registry-l2-1-0.dll", hr=0x0 2026-02-09T21:08:09.113 Engine:Setting original file name "SensorsPerformanceEvents.dll.mui" for "c:\windows\system32\en-us\sensorperformanceevents.dll.mui", hr=0x0 2026-02-09T21:08:09.356 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-threadpool-l1-2-0.dll", hr=0x0 2026-02-09T21:08:09.476 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-memory-l1-1-1.dll", hr=0x0 2026-02-09T21:08:09.905 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\api-ms-win-core-file-l2-1-0.dll", hr=0x0 2026-02-09T21:08:11.588 Engine:Setting original file name "LODCTR.DLL.MUI" for "c:\windows\winsxs\amd64_microsoft-windows-p..xecutable.resources_31bf3856ad364e35_10.0.17763.1_en-us_5a008fb4bc58faa4\loadperf.dll.mui", hr=0x0 2026-02-09T21:08:15.134 Engine:Setting original file name "empty" for "c:\manager\licence\bin\clrcompression.dll", hr=0x0 2026-02-09T21:08:18.722 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-memory-l1-1-2.dll", hr=0x0 2026-02-09T21:08:19.061 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-fibers-l1-1-0.dll", hr=0x0 2026-02-09T21:08:21.207 Engine:Setting original file name "Microsoft® Windows® Operating System" for "c:\windows\system32\aitstatic.exe", hr=0x0 2026-02-09T21:08:25.238 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-io-l1-1-0.dll", hr=0x0 2026-02-09T21:08:27.953 Engine:Setting original file name "MSCOREE.DLL" for "c:\windows\winsxs\amd64_netfx-mscoree_tlb_b03f5f7f11d50a3a_10.0.17763.1_none_57db62d5ffb05363\mscoree.tlb", hr=0x0 2026-02-09T21:08:28.364 Engine:Setting original file name "setup" for "c:\programdata\package cache\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}\vc_redist.x86.exe", hr=0x0 2026-02-09T21:08:28.665 Engine:Setting original file name "System.EnterpriseServices.dll" for "c:\windows\winsxs\amd64_netfx4-system_enterpriseservices_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_18a048c882317d25\system.enterpriseservices.tlb", hr=0x0 2026-02-09T21:08:30.300 Engine:Setting original file name "targetmgr" for "c:\windows\winsxs\amd64_microsoft-windows-f..targetmgr.resources_31bf3856ad364e35_10.0.17763.1_en-us_61e66740e8f216f5\targetmgr.exe.mui", hr=0x0 2026-02-09T21:08:32.040 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-c..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_c8bf93a1ea0d4b2f\api-ms-win-core-com-l1-1-0.dll", hr=0x0 2026-02-09T21:08:33.560 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\it-it\memtest.efi.mui", hr=0x0 2026-02-09T21:08:34.487 Engine:Setting original file name "KMDDSP.TSP.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-rasbase.resources_31bf3856ad364e35_10.0.17763.1_en-us_4edd7b2b0dcac8a6_kmddsp.tsp.mui_80ddeedb", hr=0x0 2026-02-09T21:08:35.675 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.devices.winmd", hr=0x0 2026-02-09T21:08:36.121 Engine:Setting original file name "BCP47Lang.dll" for "c:\windows\system32\bcp47langs.dll", hr=0x0 2026-02-09T21:08:39.983 Engine:Setting original file name "HeidiSQL" for "c:\program files (x86)\common files\mariadbshared\heidisql\heidisql.exe", hr=0x0 2026-02-09T21:08:42.392 Engine:Setting original file name "git.exe" for "c:\program files\git\cmd\git-gui.exe", hr=0x0 2026-02-09T21:08:44.606 Engine:Setting original file name "Windows.Internal.ShellCommon.DevicePairingExperienceMEM.dll.MUI" for "c:\windows\system32\en-us\devicepairingexperiencemem.dll.mui", hr=0x0 2026-02-09T21:08:44.707 Engine:Setting original file name "winsqlite3" for "c:\windows\system32\winsqlite3.dll", hr=0x0 2026-02-09T21:08:48.202 Engine:Setting original file name "System.Drawing.dll" for "c:\windows\microsoft.net\framework\v2.0.50727\system.drawing.tlb", hr=0x0 2026-02-09T21:08:51.277 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\zh-tw\msprivs.dll.mui", hr=0x0 2026-02-09T21:08:54.227 Engine:Setting original file name "bootres" for "c:\windows\winsxs\amd64_microsoft-windows-bootres.resources_31bf3856ad364e35_10.0.17763.1_en-us_d28b5274aecae1e5\bootres.dll.mui", hr=0x0 2026-02-09T21:08:57.912 Engine:Setting original file name "Windows SDK" for "c:\windows\system32\winmetadata\windows.storage.winmd", hr=0x0 2026-02-09T21:09:00.562 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\zh-cn\memtest.efi.mui", hr=0x0 2026-02-09T21:09:00.772 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-timezone-l1-1-0.dll", hr=0x0 2026-02-09T21:09:04.541 Engine:Setting original file name "DeviceCategories.dll" for "c:\windows\system32\ddores.dll", hr=0x0 2026-02-09T21:09:04.919 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-url-l1-1-0.dll", hr=0x0 2026-02-09T21:09:04.951 Engine:Setting original file name "PSAPI" for "c:\windows\syswow64\psapi.dll", hr=0x0 2026-02-09T21:09:05.417 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-processthreads-l1-1-2.dll", hr=0x0 2026-02-09T21:09:09.168 Engine:Setting original file name "shimconsole.exe" for "c:\program files\common files\oracle\java\javapath_target_1206494656\java.exe", hr=0x0 2026-02-09T21:09:17.282 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-xstate-l2-1-0.dll", hr=0x0 2026-02-09T21:09:27.172 Engine:Setting original file name "sens.dll.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-sens-service.resources_31bf3856ad364e35_10.0.17763.1_en-us_0607cde57a2ea2cc_sens.dll.mui_64739194", hr=0x0 2026-02-09T21:09:29.066 Engine:Setting original file name "bootstr.exe.mui" for "c:\windows\system32\en-us\bootstr.dll.mui", hr=0x0 2026-02-09T21:09:33.436 Engine:Setting original file name "Adobe PDF Toolbar for IE" for "c:\program files\common files\adobe\acrobat\wcieactivex\dc\x64\acroiefavstub.dll", hr=0x0 2026-02-09T21:09:33.516 Engine:Setting original file name "nbtinfo.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-nbtstat.resources_31bf3856ad364e35_10.0.17763.1_en-us_ac36a91c73bfce21\nbtstat.exe.mui", hr=0x0 2026-02-09T21:09:33.790 Engine:Setting original file name "NearByShareExperience.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-i..xperience.resources_31bf3856ad364e35_10.0.17763.1_en-us_eca21517d6d5f82e\microsoft-windows-internal-shell-nearshareexperience.dll.mui", hr=0x0 2026-02-09T21:09:37.861 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-processthreads-l1-1-2.dll", hr=0x0 2026-02-09T21:09:39.062 Engine:Setting original file name ""mshwLatin.dll".mui" for "c:\program files (x86)\common files\microsoft shared\ink\en-us\mshwlatin.dll.mui", hr=0x0 2026-02-09T21:09:42.194 Engine:Setting original file name "WindowsSpeakerReco.dll" for "c:\program files\microsoft office\root\office16\windowsspeakerrecosdk.dll", hr=0x0 2026-02-09T21:09:42.356 Engine:Setting original file name "WIADSS DLL" for "c:\windows\winsxs\amd64_microsoft-windows-w..aincompat.resources_31bf3856ad364e35_10.0.17763.1_en-us_42a2f01362154e35\wiadss.dll.mui", hr=0x0 2026-02-09T21:09:42.895 Engine:Setting original file name "WerMgr" for "c:\windows\system32\wermgr.exe", hr=0x0 2026-02-09T21:09:43.945 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-eventlog-legacy-l1-1-0.dll", hr=0x0 2026-02-09T21:09:45.028 Engine:Setting original file name "ScreenMagnifier.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-magnify.resources_31bf3856ad364e35_10.0.17763.1_en-us_e652eaab44cc724a\magnify.exe.mui", hr=0x0 2026-02-09T21:09:45.881 Engine:Setting original file name "MMFUtil.exe.mui" for "c:\windows\winsxs\wow64_microsoft-windows-w..t-snapins.resources_31bf3856ad364e35_10.0.17763.1_en-us_d3fb56d7d58de414\mmfutil.dll.mui", hr=0x0 2026-02-09T21:09:52.048 Engine:Setting original file name "DefaultGPOFix" for "c:\windows\winsxs\x86_microsoft-windows-g..o-restore.resources_31bf3856ad364e35_10.0.17763.1_en-us_6321be2e49b57bc1\dcgpofix.exe.mui", hr=0x0 2026-02-09T21:09:53.226 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\qps-ploc\memtest.efi.mui", hr=0x0 2026-02-09T21:09:55.587 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\fi-fi\memtest.efi.mui", hr=0x0 2026-02-09T21:09:56.441 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\office16\api-ms-win-core-localization-l1-2-0.dll", hr=0x0 2026-02-09T21:09:58.875 Engine:Setting original file name "user32" for "c:\windows\syswow64\user32.dll", hr=0x0 2026-02-09T21:09:59.927 Engine:Setting original file name "Windows.StateRepositoryBroker.dll" for "c:\windows\system32\windows.staterepositoryclient.dll", hr=0x0 2026-02-09T21:10:04.185 Engine:Setting original file name "security.dll" for "c:\windows\syswow64\sspicli.dll", hr=0x0 2026-02-09T21:10:06.609 Engine:Setting original file name "Microsoft® Windows® Operating System" for "c:\windows\winsxs\amd64_microsoft-windows-a..on-logger.resources_31bf3856ad364e35_10.0.17763.1_en-us_8a5e32c180625499\aeevts.dll.mui", hr=0x0 2026-02-09T21:10:08.670 Engine:Setting original file name "clusapi" for "c:\windows\system32\en-us\clusapi.dll.mui", hr=0x0 2026-02-09T21:10:09.205 Engine:Setting original file name "filterLib.dll" for "c:\windows\syswow64\fltlib.dll", hr=0x0 2026-02-09T21:10:13.027 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-crt-stdio-l1-1-0.dll", hr=0x0 2026-02-09T21:10:14.449 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\office16\api-ms-win-crt-private-l1-1-0.dll", hr=0x0 2026-02-09T21:10:15.907 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-synch-l1-1-0.dll", hr=0x0 2026-02-09T21:10:16.015 Engine:Setting original file name "user32" for "c:\windows\system32\user32.dll", hr=0x0 2026-02-09T21:10:16.026 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_6208593b31ff9592\api-ms-win-eventing-controller-l1-1-0.dll", hr=0x0 2026-02-09T21:10:19.031 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-shlwapi-obsolete-l1-1-0.dll", hr=0x0 2026-02-09T21:10:20.828 Engine:Setting original file name "netcfgx.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-tcpip.resources_31bf3856ad364e35_10.0.17763.1_en-us_bd08633e254d6a99\tcpipcfg.dll.mui", hr=0x0 2026-02-09T21:10:22.733 Engine:Setting original file name " " for "c:\program files\microsoft vs code\unins000.exe", hr=0x0 2026-02-09T21:10:23.083 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-processenvironment-l1-2-0.dll", hr=0x0 2026-02-09T21:10:23.936 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\api-ms-win-crt-multibyte-l1-1-0.dll", hr=0x0 2026-02-09T21:10:24.457 Engine:Setting original file name "Tally Setup" for "c:\program files\tallyprimeeditlog (2)\setup.exe", hr=0x0 2026-02-09T21:10:24.946 Engine:Setting original file name "MSCOREE.DLL" for "c:\windows\winsxs\x86_netfx4-mscoree_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_d337c9373f0e13b8\mscoree.tlb", hr=0x0 2026-02-09T21:10:32.094 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\nl-nl\memtest.efi.mui", hr=0x0 2026-02-09T21:10:32.599 Engine:Setting original file name "CertPKICmdlet" for "c:\windows\winsxs\amd64_microsoft.certifica..ts.native.resources_31bf3856ad364e35_10.0.17763.1_en-us_c877ddc9c9d4decb\certpkicmdlet.dll.mui", hr=0x0 2026-02-09T21:10:33.943 Engine:Setting original file name "w32time.dll.mui" for "c:\windows\system32\en-us\w32tm.exe.mui", hr=0x0 2026-02-09T21:10:37.003 Engine:Setting original file name "sbscmp10.dll" for "c:\windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.17763.1_none_fb1eb83d06e1a353\sharedreg12.dll", hr=0x0 2026-02-09T21:10:37.478 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\x86_microsoft-windows-o..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_d5c4712a21f80a67\api-ms-win-shcore-stream-l1-1-0.dll", hr=0x0 2026-02-09T21:10:38.057 Engine:Setting original file name "DWrite" for "c:\windows\system32\en-us\dwrite.dll.mui", hr=0x0 2026-02-09T21:10:40.268 Engine:Setting original file name "XLCALL.DLL" for "c:\program files\microsoft office\root\office16\xlcall32.dll", hr=0x0 2026-02-09T21:10:40.646 Engine:Setting original file name ""EventTracingManagement.dll".mui" for "c:\windows\winsxs\amd64_microsoft-windows-e..2provider.resources_31bf3856ad364e35_10.0.17763.1_en-us_4338e3bad64c10c7\eventtracingmanagement.dll.mui", hr=0x0 2026-02-09T21:10:41.294 Engine:Setting original file name "Windows SDK" for "c:\windows\system32\winmetadata\windows.data.winmd", hr=0x0 2026-02-09T21:10:42.820 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-file-l2-1-1.dll", hr=0x0 2026-02-09T21:10:45.532 Engine:Setting original file name "libssl" for "c:\program files (x86)\internet download manager\libssl.dll", hr=0x0 2026-02-09T21:10:46.361 Engine:Setting original file name "sqlaccess" for "c:\windows\winsxs\amd64_microsoft-windows-wid_31bf3856ad364e35_10.0.17763.1_none_9870f12fb40ec83a\sqlaccess.dll", hr=0x0 2026-02-09T21:10:46.427 Engine:Setting original file name "MFC40.DLL.MUI" for "c:\windows\syswow64\en-us\mfc40u.dll.mui", hr=0x0 2026-02-09T21:10:46.726 Engine:Setting original file name "idmmzcc.dll" for "c:\program files (x86)\internet download manager\idmmzcc7_64.dll", hr=0x0 2026-02-09T21:10:46.852 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-debug-l1-1-1.dll", hr=0x0 2026-02-09T21:10:48.405 Engine:Setting original file name "URLRedirection.dll" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\urlredir.dll", hr=0x0 2026-02-09T21:10:48.571 Engine:Setting original file name "penusa.dll" for "c:\program files (x86)\common files\microsoft shared\ink\pipres.dll", hr=0x0 2026-02-09T21:10:49.157 Engine:Setting original file name "MSACC9.OLB" for "c:\program files\microsoft office\root\office16\msacc.olb", hr=0x0 2026-02-09T21:10:52.544 Engine:Setting original file name "Apphelp" for "c:\windows\winsxs\backup\wow64_microsoft-windows-a..structure.resources_31bf3856ad364e35_10.0.17763.1_en-us_f342dcde232b0063_apphelp.dll.mui_59096153", hr=0x0 2026-02-09T21:10:52.795 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_6208593b31ff9592\api-ms-win-security-cryptoapi-l1-1-0.dll", hr=0x0 2026-02-09T21:10:53.340 Engine:Setting original file name "imapi.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-i..egacyshim.resources_31bf3856ad364e35_10.0.17763.1_en-us_143a195f713bf014\imapi.dll.mui", hr=0x0 2026-02-09T21:10:54.356 Engine:Setting original file name "TSSignTool.exe.mui" for "c:\windows\system32\en-us\rdpsign.exe.mui", hr=0x0 2026-02-09T21:10:55.618 Engine:Setting original file name "msvcr100_clr0400.dll" for "c:\windows\system32\msvcr100.dll", hr=0x0 2026-02-09T21:10:59.001 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\office16\api-ms-win-core-processthreads-l1-1-1.dll", hr=0x0 2026-02-09T21:11:00.244 Engine:Setting original file name "Microsoft.Vsa.dll" for "c:\windows\microsoft.net\framework64\v2.0.50727\microsoft.vsa.tlb", hr=0x0 2026-02-09T21:11:00.955 Engine:Setting original file name "filterLib.dll.mui" for "c:\windows\system32\en-us\fltlib.dll.mui", hr=0x0 2026-02-09T21:11:01.667 Engine:Setting original file name ""TextInputFramework.DYNLINK"" for "c:\windows\system32\textinputframework.dll", hr=0x0 2026-02-09T21:11:02.086 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-processthreads-l1-1-1.dll", hr=0x0 2026-02-09T21:11:04.486 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-eventing-controller-l1-1-0.dll", hr=0x0 2026-02-09T21:11:04.989 Engine:Setting original file name "PCW_DiagPackage.dll.mui" for "c:\windows\diagnostics\system\pcw\en-us\diagpackage.dll.mui", hr=0x0 2026-02-09T21:11:10.301 Engine:Setting original file name "WUDFHost.exe.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-d..-usermode.resources_31bf3856ad364e35_10.0.17763.1_en-us_b7aa707aafd4e071_wudfhost.exe.mui_1fc689ff", hr=0x0 2026-02-09T21:11:10.657 Engine:Setting original file name "git.exe" for "c:\program files\git\cmd\scalar.exe", hr=0x0 2026-02-09T21:11:10.950 Engine:Setting original file name "sbscmp10.dll" for "c:\windows\winsxs\x86_netfx-sbs_mscorrc_dll_31bf3856ad364e35_10.0.17763.1_none_36012ac10d1b059e\sbs_mscorrc.dll", hr=0x0 2026-02-09T21:11:11.549 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\office16\api-ms-win-crt-stdio-l1-1-0.dll", hr=0x0 2026-02-09T21:11:12.066 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-service-management-l1-1-0.dll", hr=0x0 2026-02-09T21:11:12.660 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-delayload-l1-1-0.dll", hr=0x0 2026-02-09T21:11:14.176 Engine:Setting original file name "evcreate.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-eventcreate.resources_31bf3856ad364e35_10.0.17763.1_en-us_093c3fa01f64dd5f\eventcreate.exe.mui", hr=0x0 2026-02-09T21:11:24.756 Engine:Setting original file name "MSPPT12.OLB" for "c:\program files\microsoft office\root\office16\msppt.olb", hr=0x0 2026-02-09T21:11:26.873 Engine:Setting original file name "MrmCore.dll" for "c:\windows\syswow64\mrmcorer.dll", hr=0x0 2026-02-09T21:11:26.888 Engine:Setting original file name "penusa.dll" for "c:\program files (x86)\common files\microsoft shared\ink\skchobj.dll", hr=0x0 2026-02-09T21:11:28.241 Engine:Setting original file name "CLEANMGR.DLL.MUI" for "c:\windows\system32\en-us\cleanmgr.exe.mui", hr=0x0 2026-02-09T21:11:28.684 Engine:Setting original file name "Android Studio" for "c:\program files\android\android studio\uninstall.exe", hr=0x0 2026-02-09T21:11:29.835 Engine:Setting original file name "ServDeps.exe.mui" for "c:\windows\winsxs\wow64_microsoft-windows-w..t-snapins.resources_31bf3856ad364e35_10.0.17763.1_en-us_d3fb56d7d58de414\servdeps.dll.mui", hr=0x0 2026-02-09T21:11:35.253 Engine:Setting original file name "AppVEntSubsystems.dll" for "c:\windows\syswow64\appventsubsystems32.dll", hr=0x0 2026-02-09T21:11:35.539 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-profile-l1-1-0.dll", hr=0x0 2026-02-09T21:11:39.424 Engine:Setting original file name ".NET Host Policy - 5.0.0" for "c:\manager\licence\bin\hostpolicy.dll", hr=0x0 2026-02-09T21:11:40.411 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-handle-l1-1-0.dll", hr=0x0 2026-02-09T21:11:40.603 Engine:Setting original file name "oledsldp" for "c:\windows\system32\en-us\adsmsext.dll.mui", hr=0x0 2026-02-09T21:11:40.904 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-memory-l1-1-2.dll", hr=0x0 2026-02-09T21:11:41.061 Engine:Setting original file name "VpnSohDesktop.dll.mui" for "c:\windows\system32\en-us\windows.perception.stub.dll.mui", hr=0x0 2026-02-09T21:11:41.117 Engine:Setting original file name "CertCli" for "c:\windows\system32\en-us\certcli.dll.mui", hr=0x0 2026-02-09T21:11:45.953 Engine:Setting original file name "iccvid.drv.mui" for "c:\windows\syswow64\en-us\iccvid.dll.mui", hr=0x0 2026-02-09T21:11:46.788 Engine:Setting original file name "setup" for "c:\programdata\package cache\{e7a7b1c1-36dd-4cae-bfcb-8bc676ab68c3}\powershell-7.5.4-win-x64.exe", hr=0x0 2026-02-09T21:11:46.823 Engine:Setting original file name "mavinject64.exe" for "c:\windows\system32\mavinject.exe", hr=0x0 2026-02-09T21:11:47.088 Engine:Setting original file name "AppVEntSubsystems.dll" for "c:\windows\system32\appventsubsystems64.dll", hr=0x0 2026-02-09T21:11:47.611 Engine:Setting original file name "winsqlite3" for "c:\windows\winsxs\wow64_microsoft-windows-winsqlite3_31bf3856ad364e35_10.0.17763.5696_none_6e26d5082fb1d30b\winsqlite3.dll", hr=0x0 2026-02-09T21:11:50.585 Engine:Setting original file name "audioadg.exe.mui" for "c:\windows\system32\en-us\audiodg.exe.mui", hr=0x0 2026-02-09T21:11:51.053 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.data.winmd", hr=0x0 2026-02-09T21:11:52.841 Engine:Setting original file name "FX_VER_INTERNALNAME_STR" for "c:\manager\licence\bin\mscorrc.dll", hr=0x0 2026-02-09T21:11:57.653 Engine:Setting original file name "GitHub Desktop" for "c:\users\administrator\appdata\local\githubdesktop\githubdesktop.exe", hr=0x0 2026-02-09T21:11:57.972 Engine:Setting original file name "MSCORLIB.DLL" for "c:\windows\winsxs\x86_netfx4-mscorlib_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_53015c3aad4760ed\mscorlib.tlb", hr=0x0 2026-02-09T21:12:00.347 Engine:Setting original file name "dxmasf.dll" for "c:\windows\syswow64\msdxm.ocx", hr=0x0 2026-02-09T21:12:04.591 Engine:Setting original file name "gprslt.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-g..linetools.resources_31bf3856ad364e35_10.0.17763.1_en-us_84d8c08cfe8bdc4e\gpresult.exe.mui", hr=0x0 2026-02-09T21:12:08.575 Engine:Setting original file name "SSystemPropertiesProtection.EXE.MUI" for "c:\windows\system32\en-us\systempropertiesprotection.exe.mui", hr=0x0 2026-02-09T21:12:09.126 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-datetime-l1-1-1.dll", hr=0x0 2026-02-09T21:12:11.169 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\api-ms-win-crt-filesystem-l1-1-0.dll", hr=0x0 2026-02-09T21:12:11.261 Engine:Setting original file name "UNKNOWN_FILE" for "c:\windows\winsxs\x86_netfx-sys_windows_forms_tlb_b03f5f7f11d50a3a_10.0.17763.1_none_54001bc1d6d8ab30\system.windows.forms.tlb", hr=0x0 2026-02-09T21:12:14.462 Engine:Setting original file name "mpg4dmod.dll" for "c:\windows\system32\mp43decd.dll", hr=0x0 2026-02-09T21:12:17.082 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-sysinfo-l1-2-0.dll", hr=0x0 2026-02-09T21:12:17.616 Engine:Setting original file name "WMIC.exe" for "c:\windows\winsxs\wow64_microsoft-windows-w..ommand-line-utility_31bf3856ad364e35_10.0.17763.1_none_9cc4699659612012\wmic.exe", hr=0x0 2026-02-09T21:12:18.584 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-shutdown-l1-1-0.dll", hr=0x0 2026-02-09T21:12:24.101 Engine:Setting original file name "ndisimplatwmi.DLL.MUI" for "c:\windows\syswow64\wbem\en-us\ndisimplatcim.dll.mui", hr=0x0 2026-02-09T21:12:26.718 Engine:Setting original file name "mscordaccore.dll" for "c:\users\administrator\downloads\compressed\managerserver-win-x64_10\mscordaccore_amd64_amd64_8.0.724.31311.dll", hr=0x0 2026-02-09T21:12:31.511 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-stringansi-l1-1-0.dll", hr=0x0 2026-02-09T21:12:33.674 Engine:Setting original file name "KSLDriver.sys" for "c:\windows\system32\mpenginestore\mpksldrv.sys", hr=0x0 2026-02-09T21:12:37.044 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\pt-br\msprivs.dll.mui", hr=0x0 2026-02-09T21:12:41.287 Engine:Setting original file name "Tally Setup" for "c:\program files\tallyprimeeditlog (1)\setup.exe", hr=0x0 2026-02-09T21:12:42.691 Engine:Setting original file name "SaveAsWebVML.vsl" for "c:\program files\microsoft office\root\office16\savwbras.dll", hr=0x0 2026-02-09T21:12:44.046 Engine:Setting original file name "msedgeupdate.dll" for "c:\program files (x86)\microsoft\edgeupdate\1.3.217.3\psmachine_64.dll", hr=0x0 2026-02-09T21:12:46.372 Engine:Setting original file name "devinfoset.DLL" for "c:\windows\winsxs\wow64_microsoft-onecore-pnp-devicemanagement_31bf3856ad364e35_10.0.17763.2145_none_9b5bd494641118e6\devobj.dll", hr=0x0 2026-02-09T21:12:46.482 Engine:Setting original file name "Ribbons" for "c:\windows\winsxs\amd64_microsoft-windows-ribbons.resources_31bf3856ad364e35_10.0.17763.1_en-us_ec3052a9df5f4b2c\ribbons.scr.mui", hr=0x0 2026-02-09T21:12:55.674 Engine:Setting original file name "Mystify" for "c:\windows\winsxs\amd64_microsoft-windows-mystify.resources_31bf3856ad364e35_10.0.17763.1_en-us_3eaef1343edc066c\mystify.scr.mui", hr=0x0 2026-02-09T21:12:57.406 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-memory-l1-1-0.dll", hr=0x0 2026-02-09T21:13:02.583 Engine:Setting original file name "SETUP.EXE.MUI" for "c:\windows\syswow64\en-us\setup16.exe.mui", hr=0x0 2026-02-09T21:13:06.343 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-xstate-l1-1-0.dll", hr=0x0 2026-02-09T21:13:09.777 Engine:Setting original file name "FontCacheService" for "c:\windows\system32\en-us\fntcache.dll.mui", hr=0x0 2026-02-09T21:13:12.223 Engine:Setting original file name "setup" for "c:\program files\google\chrome\application\144.0.7559.133\installer\setup.exe", hr=0x0 2026-02-09T21:13:13.944 Engine:Setting original file name "BITS_DiagPackage.dll.mui" for "c:\windows\diagnostics\system\bits\en-us\diagpackage.dll.mui", hr=0x0 2026-02-09T21:13:22.765 Engine:Setting original file name "SOA1000.DLL" for "c:\program files\microsoft office\root\office16\soa.dll", hr=0x0 2026-02-09T21:13:23.430 Engine:Setting original file name "MPRDIM.DLL.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-rasserver.resources_31bf3856ad364e35_10.0.17763.1_en-us_6c06fe2b1464c7cc_mprdim.dll.mui_11b5ef08", hr=0x0 2026-02-09T21:13:24.531 Engine:Setting original file name "msvcr100_clr0400.dll" for "c:\program files\microsoft office\root\vfs\system\msvcr100.dll", hr=0x0 2026-02-09T21:13:26.109 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-localization-obsolete-l1-2-0.dll", hr=0x0 2026-02-09T21:13:27.553 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-crt-private-l1-1-0.dll", hr=0x0 2026-02-09T21:13:37.400 Engine:Setting original file name "memdiag.exe" for "c:\windows\winsxs\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.17763.107_ru-ru_7f54e2c195f987c6\memtest.exe.mui", hr=0x0 2026-02-09T21:13:37.983 Engine:Setting original file name "MSJINT40.DLL" for "c:\windows\syswow64\en-us\msjint40.dll.mui", hr=0x0 2026-02-09T21:13:41.857 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\el-gr\msprivs.dll.mui", hr=0x0 2026-02-09T21:13:43.255 Engine:Setting original file name "MediumIL" for "c:\program files (x86)\internet download manager\mediumilstart.exe", hr=0x0 2026-02-09T21:13:43.728 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-crt-conio-l1-1-0.dll", hr=0x0 2026-02-09T21:13:46.999 Engine:Setting original file name "CMMIGR.DLL" for "c:\windows\syswow64\setup\pbkmigr.dll", hr=0x0 2026-02-09T21:13:48.299 Engine:Setting original file name "digsig32.dll" for "c:\program files\microsoft office\root\office16\exsec32.dll", hr=0x0 2026-02-09T21:13:54.602 Engine:Setting original file name "DeviceCategories.dll.mui" for "c:\windows\system32\en-us\ddores.dll.mui", hr=0x0 2026-02-09T21:13:55.128 Engine:Setting original file name "EtwEseProviderResources" for "c:\windows\winsxs\wow64_microsoft-etw-ese.resources_31bf3856ad364e35_10.0.17763.1_en-us_ef6d6d2b6c07370c\etweseproviderresources.dll.mui", hr=0x0 2026-02-09T21:13:56.379 CheckProductDisabled(fWaitWSC: 0, fRemoveConfigs: 1) ... 2026-02-09T21:13:56.551 [NRI] Stopping NIS service ... 2026-02-09T21:13:56.552 [NRI] Stopping NIS service ... 2026-02-09T21:13:56.552 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-09T21:13:56.552 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-09T21:13:56.552 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-09T21:13:56.552 [RTP] [RtpConfig] Config change detected, type: 4 2026-02-09T21:13:56.552 [RTP] [RtpConfig] Config change detected, type: 8 2026-02-09T21:13:56.552 [RTP] [RtpConfig] Config change detected, type: 16 2026-02-09T21:13:56.552 [RTP] [RtpConfig] Config change detected, type: 1024 2026-02-09T21:13:56.552 [RTP] [RtpConfig] Config change detected, type: 2048 2026-02-09T21:13:56.552 [RTP] Setting DisableAsyncScanOnClose to 0 (hr=0). 2026-02-09T21:13:56.553 [RTP] Setting DisableAsyncScanOnOpen to 0 in wdfilter (hr=0). 2026-02-09T21:13:56.553 [RTP] Setting FilterExperimentMode to 0 (hr=0). 2026-02-09T21:13:56.553 [NRI] Stopping NIS service ... 2026-02-09T21:13:56.553 [RTP] Setting DisableDriverUnload to 1 (hr=0). 2026-02-09T21:13:56.553 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-09T21:13:56.553 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-09T21:13:56.553 [NRI] Stopping NIS service ... 2026-02-09T21:13:56.553 [NRI] Stopping NIS service ... 2026-02-09T21:13:56.747 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-09T21:13:56.747 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-09T21:13:56.747 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-09T21:13:56.786 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-09T21:13:56.786 [RTP] [RTP] LastAccessTimeSuppression for network files is enabled by configuration. 2026-02-09T21:13:56.786 [RTP] [RtpConfig] Config change detected, type: 64 2026-02-09T21:13:59.056 [RTP] Duplicating the current plugin configuration object... 2026-02-09T21:13:59.056 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-09T21:13:59.056 [RTP] Updating plugin configuration due to recent config changes (0x43e) ... 2026-02-09T21:13:59.056 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-09T21:13:59.056 [RTP] Calling GenerateEngineConfigStruct (0x18) ... 2026-02-09T21:13:59.245 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x43e, Changed: 0x218 2026-02-09T21:14:06.287 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-processenvironment-l1-2-0.dll", hr=0x0 2026-02-09T21:14:12.511 Engine:Setting original file name "WUDFPf.sys.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-d..-usermode.resources_31bf3856ad364e35_10.0.17763.1_en-us_b7aa707aafd4e071_wudfpf.sys.mui_f61e9e86", hr=0x0 2026-02-09T21:14:13.745 Engine:Setting original file name "TSThemeS.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-t..ces-theme.resources_31bf3856ad364e35_10.0.17763.1_en-us_c2c2ce7a9a17fba3\tstheme.exe.mui", hr=0x0 2026-02-09T21:14:19.401 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-memory-l1-1-1.dll", hr=0x0 2026-02-09T21:14:19.493 Engine:Setting original file name "Microsoft.RightsManagementServices.Admin.SnapinAbout.dll.MUI" for "c:\windows\winsxs\amd64_microsoft-windows-r..resources.resources_31bf3856ad364e35_10.0.17763.1_en-us_55b81315ae52fc40\microsoft.rightsmanagementservices.admin.snapinaboutresource.dll.mui", hr=0x0 2026-02-09T21:14:20.038 Engine:Setting original file name "DynaMon.dll.mui" for "c:\windows\system32\en-us\usbmon.dll.mui", hr=0x0 2026-02-09T21:14:22.988 Engine:Setting original file name "ISOLMIG.DLL" for "c:\windows\syswow64\migisol.dll", hr=0x0 2026-02-09T21:14:23.542 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\pcat\el-gr\memtest.exe.mui", hr=0x0 2026-02-09T21:14:23.779 Engine:Setting original file name "Device_DiagPackage.dll.mui" for "c:\windows\diagnostics\system\device\en-us\diagpackage.dll.mui", hr=0x0 2026-02-09T21:14:35.843 Engine:Setting original file name "Microsoft.JScript.dll" for "c:\windows\winsxs\amd64_netfx-scripting_engine_tlb_b03f5f7f11d50a3a_10.0.17763.1_none_29fc1fee5bcc4465\microsoft.jscript.tlb", hr=0x0 2026-02-09T21:14:35.967 Engine:Setting original file name "ProMgr.dll" for "c:\program files\microsoft office\root\office16\propmgr.dll", hr=0x0 2026-02-09T21:14:37.684 Engine:Setting original file name "WLRMNDR.EXE.MUI" for "c:\windows\winsxs\amd64_microsoft-windows-w..gon-tools.resources_31bf3856ad364e35_10.0.17763.1_en-us_06727a76e9dd94de\wlrmdr.exe.mui", hr=0x0 2026-02-09T21:14:46.770 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\sv-se\memtest.efi.mui", hr=0x0 2026-02-09T21:14:47.881 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-base-util-l1-1-0.dll", hr=0x0 2026-02-09T21:14:53.624 Engine:Setting original file name "SaveAsWebHF.vsl" for "c:\program files\microsoft office\root\office16\savwbhf.dll", hr=0x0 2026-02-09T21:14:55.428 Engine:Setting original file name "libcrypto" for "c:\program files (x86)\internet download manager\libcrypto.dll", hr=0x0 2026-02-09T21:14:56.154 Engine:Setting original file name "Register-CimProvider2.exe.mui" for "c:\windows\winsxs\wow64_microsoft-windows-w..vider-exe.resources_31bf3856ad364e35_10.0.17763.1_en-us_25273528434aea61\register-cimprovider.exe.mui", hr=0x0 2026-02-09T21:14:58.718 Engine:Setting original file name "ProjectModel.dll" for "c:\program files\microsoft office\root\office16\projmodl.dll", hr=0x0 2026-02-09T21:14:59.973 Engine:Setting original file name "gdi32" for "c:\windows\system32\gdi32.dll", hr=0x0 2026-02-09T21:15:00.284 Engine:Setting original file name "schtasks.exe" for "c:\windows\system32\schtasks.exe", hr=0x0 2026-02-09T21:15:01.335 Engine:Setting original file name "utilman2.exe.mui" for "c:\windows\system32\en-us\utilman.exe.mui", hr=0x0 2026-02-09T21:15:08.509 Engine:Setting original file name "dwmcore" for "c:\windows\winsxs\amd64_microsoft-windows-d..ompositor.resources_31bf3856ad364e35_10.0.17763.1_en-us_54404e4dd1f94676\dwmcore.dll.mui", hr=0x0 2026-02-09T21:15:12.857 Engine:Setting original file name " " for "c:\users\administrator\downloads\composer-setup.exe", hr=0x0 2026-02-09T21:15:14.077 Engine:Setting original file name "mapistub.dll" for "c:\windows\system32\mapi32.dll", hr=0x0 2026-02-09T21:15:14.957 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-security-sddl-l1-1-0.dll", hr=0x0 2026-02-09T21:15:15.917 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-threadpool-private-l1-1-0.dll", hr=0x0 2026-02-09T21:15:16.487 Engine:Setting original file name "LyncHtmlConvPxy.cnv" for "c:\program files\microsoft office\root\office16\lynchtmlconvpxy.dll", hr=0x0 2026-02-09T21:15:22.155 Engine:Setting original file name "Adobe PDF Toolbar for IE" for "c:\program files\common files\adobe\acrobat\wcieactivex\dc\x64\acroiefavclient.dll", hr=0x0 2026-02-09T21:15:27.326 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-file-l1-2-1.dll", hr=0x0 2026-02-09T21:15:48.913 Engine:Setting original file name "WindowsUpdate_DiagPackage.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_10.0.17763.1_en-us_72c71197add3cdc6\diagpackage.dll.mui", hr=0x0 2026-02-09T21:15:50.232 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-stringloader-l1-1-1.dll", hr=0x0 2026-02-09T21:15:51.489 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-crt-multibyte-l1-1-0.dll", hr=0x0 2026-02-09T21:15:52.619 Engine:Setting original file name "sbscmp10.dll" for "c:\windows\winsxs\x86_netfx-sbs_wminet_utils_dll_31bf3856ad364e35_10.0.17763.1_none_9542401b25897567\sbs_wminet_utils.dll", hr=0x0 2026-02-09T21:15:54.031 Engine:Setting original file name "Windows.Security.Credentials.UI.CredentialPicker.exe" for "c:\windows\winsxs\wow64_microsoft-windows-s..y-credential-picker_31bf3856ad364e35_10.0.17763.1697_none_0851a88541e7c4ce\windows.security.credentials.ui.credentialpicker.dll", hr=0x0 2026-02-09T21:15:58.497 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\it-it\msprivs.dll.mui", hr=0x0 2026-02-09T21:15:58.718 Engine:Setting original file name "netiougc.exe.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-tcpip.resources_31bf3856ad364e35_10.0.17763.1_en-us_bd08633e254d6a99_netiougc.exe.mui_ad7a9e4d", hr=0x0 2026-02-09T21:15:58.830 Engine:Setting original file name "SR.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-narrator.resources_31bf3856ad364e35_10.0.17763.1_en-us_b71b946ba89732f6\narrator.exe.mui", hr=0x0 2026-02-09T21:16:09.522 Engine:Setting original file name "wersvc" for "c:\windows\system32\en-us\wersvc.dll.mui", hr=0x0 2026-02-09T21:16:13.555 Engine:Setting original file name "spwizres.dll" for "c:\windows\syswow64\spwizimg.dll", hr=0x0 2026-02-09T21:16:14.518 Engine:Setting original file name ".NET Host Resolver - 5.0.0" for "c:\manager\licence\bin\hostfxr.dll", hr=0x0 2026-02-09T21:16:15.155 Engine:Setting original file name "IPRTRMGR.DLL.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-rasserver.resources_31bf3856ad364e35_10.0.17763.1_en-us_6c06fe2b1464c7cc_iprtrmgr.dll.mui_eb023b92", hr=0x0 2026-02-09T21:16:20.493 Engine:Setting original file name "git.exe" for "c:\program files\git\git-cmd.exe", hr=0x0 2026-02-09T21:16:22.362 Engine:Setting original file name "OLBNAME" for "c:\program files\microsoft office\root\office16\msprj.olb", hr=0x0 2026-02-09T21:16:22.836 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-security-lsalookup-l2-1-1.dll", hr=0x0 2026-02-09T21:16:24.112 Engine:Setting original file name "System.Drawing.dll" for "c:\windows\winsxs\amd64_netfx4-system_drawing_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_0c09af3eb391f312\system.drawing.tlb", hr=0x0 2026-02-09T21:16:24.888 Engine:Setting original file name "DefaultGPOFix" for "c:\windows\winsxs\amd64_microsoft-windows-g..o-restore.resources_31bf3856ad364e35_10.0.17763.1_en-us_bf4059b20212ecf7\dcgpofix.exe.mui", hr=0x0 2026-02-09T21:16:25.811 Engine:Setting original file name "iismui" for "c:\windows\winsxs\amd64_microsoft-windows-i..acysnapin.resources_31bf3856ad364e35_10.0.17763.1_en-us_a8454c1deaba74c1\iismui.dll.mui", hr=0x0 2026-02-09T21:16:26.589 Engine:Setting original file name "SgrmEnclave.dll" for "c:\windows\system32\sgrmenclave_secure.dll", hr=0x0 2026-02-09T21:16:34.628 Engine:Setting original file name "idmcchandler.dll" for "c:\program files (x86)\internet download manager\idmcchandler2_64.dll", hr=0x0 2026-02-09T21:16:40.806 Engine:Setting original file name "rasauto.dll.mui" for "c:\windows\winsxs\backup\wow64_microsoft-windows-rasauto-mui.resources_31bf3856ad364e35_10.0.17763.1_en-us_c24c30edd2c9a5f1_rasauto.dll.mui_12fa2c50", hr=0x0 2026-02-09T21:16:42.582 Engine:Setting original file name "MicrosoftEdgeUpdateSetup.exe" for "c:\users\administrator\downloads\programs\microsoftedgesetup.exe", hr=0x0 2026-02-09T21:16:43.186 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\fi-fi\msprivs.dll.mui", hr=0x0 2026-02-09T21:16:43.751 Engine:Setting original file name "davsvc.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-w..r-webclnt.resources_31bf3856ad364e35_10.0.17763.1_en-us_3030de7428c7c284\webclnt.dll.mui", hr=0x0 2026-02-09T21:16:48.720 Engine:Setting original file name "WindowsMediaPlayerPlayDVD_DiagPackage.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_10.0.17763.1_en-us_9181baef114b29b6\diagpackage.dll.mui", hr=0x0 2026-02-09T21:16:50.332 Engine:Setting original file name "WIASERVC.DLL.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-w..eservices.resources_31bf3856ad364e35_10.0.17763.1_en-us_ca1d7e44124f7a48_wiaservc.dll.mui_54051b53", hr=0x0 2026-02-09T21:16:58.177 Engine:Setting original file name "LicProtectorEXE" for "c:\program files\vs revo group\revo uninstaller pro\ruplp.exe", hr=0x0 2026-02-09T21:17:07.679 Engine:Setting original file name "IEBrowseWeb_DiagPackage.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-i..iagnostic.resources_31bf3856ad364e35_10.0.17763.1_en-us_e34220f01fb2b602\diagpackage.dll.mui", hr=0x0 2026-02-09T21:17:09.619 Engine:Setting original file name "OGL" for "c:\program files\microsoft office\root\office16\ocogl.dll", hr=0x0 2026-02-09T21:17:11.205 Engine:Setting original file name "DrvInst.EXE.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-pnp-drvinst.resources_31bf3856ad364e35_10.0.17763.1_en-us_a6aff57dee6bf902_drvinst.exe.mui_e88f4c73", hr=0x0 2026-02-09T21:17:11.884 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-threadpool-legacy-l1-1-0.dll", hr=0x0 2026-02-09T21:17:13.633 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-heap-obsolete-l1-1-0.dll", hr=0x0 2026-02-09T21:17:15.010 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-kernel32-legacy-l1-1-1.dll", hr=0x0 2026-02-09T21:17:16.877 Engine:Setting original file name "partmgr.sys.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-p..onmanager.resources_31bf3856ad364e35_10.0.17763.1_en-us_eef1af88a2cfbd4e_partmgr.sys.mui_b800c491", hr=0x0 2026-02-09T21:17:18.541 Engine:Setting original file name "MPX Interface.DLL" for "c:\program files\microsoft office\root\office16\mpxint.dll", hr=0x0 2026-02-09T21:17:18.584 Engine:Setting original file name "intldate" for "c:\program files\microsoft office\root\office16\ocintldate.dll", hr=0x0 2026-02-09T21:17:19.145 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-string-obsolete-l1-1-0.dll", hr=0x0 2026-02-09T21:17:20.318 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-libraryloader-l1-1-0.dll", hr=0x0 2026-02-09T21:17:20.398 Engine:Setting original file name "pwsh.dll" for "c:\program files\powershell\7\pwsh.exe", hr=0x0 2026-02-09T21:17:20.552 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-processthreads-l1-1-1.dll", hr=0x0 2026-02-09T21:17:32.181 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-service-management-l2-1-0.dll", hr=0x0 2026-02-09T21:17:32.330 Engine:Setting original file name "ADs" for "c:\windows\system32\en-us\activeds.dll.mui", hr=0x0 2026-02-09T21:17:32.628 OriginalFileName Maintenance::8756 files in Moac, 0 skipped (cached), 320 filename set 2026-02-09T21:17:32.728 [AutoPurge] Routine task for Cache Maintenance has ended. 2026-02-09T21:21:15.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T21:36:20.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T21:51:25.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T22:06:30.408 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T22:21:35.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T22:36:40.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T22:51:45.387 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T23:06:50.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T23:10:32.317 Created on demand scan context for ScanType:1. ScanTrigger:55, ScanId:FA8CB10C-CDA7-4CBE-8475-8264483D1450, Source: MPSOURCE_SYSTEM(2), EngineSource: MP_SCANSOURCE_SCHEDULED(1) 2026-02-09T23:10:32.317 Scheduled scan with Id FA8CB10C-CDA7-4CBE-8475-8264483D1450 configured CPU priority: normal (LowCpuPriority: 0) 2026-02-09T23:10:32.319 [SFC] MpCmIsBuildPermissible(1) returns S_OK. Start SFC build. 2026-02-09T23:10:32.319 [SFC] System file cache build is not needed (already completed) Internal signature match:subtype=Lowfi, sigseq=0x0000E6E7336DF01B, sigsha=be63f9765c0dd90c9044d12b0531e6ad0a7aa965, cached=false, source=0, resourceid=0x0e132b6d Internal signature match:subtype=Lowfi, sigseq=0x00001080BD474309, sigsha=12dcaa1fa061982b60965c79a12b1fa9857cd220, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x000010806C1FBEBC, sigsha=62d527f22a73e99676b1b698fda24d54631bc5e6, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x000010807F33016C, sigsha=3969d92ccecc920f2b38c26959c245b73df4cddd, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x00001080DCA721BD, sigsha=13bf421faa34d3dab1e680e23c46d4dcb5ca3d0a, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x00004AE7F6712C36, sigsha=d96c66db50bb3adef460233484cf124f27fd61c2, cached=false, source=0, resourceid=0xc8ebb48e Internal signature match:subtype=Lowfi, sigseq=0x00004AE7F6712C36, sigsha=d96c66db50bb3adef460233484cf124f27fd61c2, cached=false, source=0, resourceid=0x49ced1a9 2026-02-09T23:21:55.386 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-09T23:23:03.391 Engine:Triggered AR EMS scan 2026-02-09T23:23:03.433 Engine:EMS scan for process: lsass pid: 748, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-09T23:23:03.708 Engine:EMS scan for process: svchost pid: 956, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-09T23:23:03.717 Engine:EMS scan for process: svchost pid: 980, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-09T23:23:03.721 Engine:EMS scan for process: svchost pid: 84, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-09T23:23:03.723 Engine:EMS scan for process: svchost pid: 396, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-09T23:23:03.724 Engine:EMS scan for process: svchost pid: 1048, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-09T23:23:03.732 Engine:EMS scan for process: svchost pid: 1132, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-09T23:23:03.738 Engine:EMS scan for process: svchost pid: 1164, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-09T23:23:03.740 Engine:EMS scan for process: svchost pid: 1316, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-09T23:23:03.741 Engine:EMS scan for process: svchost pid: 1324, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-09T23:23:03.742 Engine:EMS scan for process: svchost pid: 1332, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-09T23:23:03.746 Engine:EMS scan for process: svchost pid: 1340, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-09T23:23:03.748 Engine:EMS scan for process: svchost pid: 1452, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-09T23:23:03.749 Engine:EMS scan for process: svchost pid: 1476, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-09T23:23:03.751 Engine:EMS scan for process: svchost pid: 1584, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-09T23:23:03.753 Engine:EMS scan for process: svchost pid: 1612, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-09T23:23:03.754 Engine:EMS scan for process: svchost pid: 1668, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 -------------------------------------------------------------------------------- Windows Defender Antivirus (77BDAF73-B396-481F-9042-AD358843EC24) Service Log Started On 02-10-2026 02:21:05 ************************************************************ OS install time: 04/14/2022 09:07:59.0 UTC Current time: 02/10/2026 02:21:05.235045000 UTC (95859 ms since boot) 2026-02-10T02:21:08.380 MpEnsureProcessMitigationPolicy(0x7) returns 0x1 2026-02-10T02:21:08.451 WARNING: the previous service shutdown was not expected. 2026-02-10T02:21:09.253 ProductId: 2, ProductFeature: 0, LaunchedProtected: 3, IsWcos: 0, IsContainerOs: 0, DirtyShutdownDetected: 1, PassiveRemediation: 0, IsHybridModePolicyEnabled: 0, IsVerifiedAndReputableTrustModeEnabled: 0 2026-02-10T02:21:14.480 [WPP] Starting WPP trace with buffersize 4MB, maxfilesize: 16MB, filename: MpWppTracing-20260210-022114-00000003-fffffffeffffffff.bin ... 2026-02-10T02:21:24.912 [WPP] Trace session started - MpWppTracing-20260210-022114-00000003-fffffffeffffffff.bin 2026-02-10T02:21:24.936 MpReinforceExclusionsAcls from LoadCapability: (hr = 0) 2026-02-10T02:21:24.999 [RbM] Rollback manager succesfully initialized. 2026-02-10T02:21:24.999 [RbM] Rollback manager EnableRollbackManager called. 2026-02-10T02:21:25.015 [RbM] Rollback manager EnableRollbackManager completed. 2026-02-10T02:21:25.015 [PlatUpd] Service launched successfully from: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0 2026-02-10T02:21:25.024 MpWriteUupPlatformVersion 4.18.25110.6, hr = 0 2026-02-10T02:21:25.035 [PlatUpd] Failed to read Misc config regarding new coreservice lifecycle management, using legacy core service lifecycle management anyway. hr = 0x80070002 2026-02-10T02:21:25.035 Failed to retrieve config value from engine or configurations for config key (MdTimerInitalDelay) hr = 0x80004004 2026-02-10T02:21:25.035 Failed to retrieve config value from engine or configurations for config key (MdTimerMonitorInterval) hr = 0x80004004 2026-02-10T02:21:25.035 Failed to retrieve config value from engine or configurations for config key (MdDisableResController) hr = 0x80004004 2026-02-10T02:21:25.035 Failed to retrieve config value from engine or configurations for config key (MdEnableDailySensorChecks) hr = 0x80004004 2026-02-10T02:21:25.035 Failed to retrieve config value from engine or configurations for config key (MdAlertMonitorWindow) hr = 0x80004004 2026-02-10T02:21:25.035 Failed to retrieve config value from engine or configurations for config key (MdAlertMinInterval) hr = 0x80004004 2026-02-10T02:21:25.035 Failed to retrieve config value from engine or configurations for config key (MdCpuSensorCollectionLag) hr = 0x80004004 2026-02-10T02:21:25.035 Failed to retrieve config value from engine or configurations for config key (MdCrashSensorCollectionLag) hr = 0x80004004 2026-02-10T02:21:25.035 Failed to retrieve config value from engine or configurations for config key (MdDiskSensorCollectionLag) hr = 0x80004004 2026-02-10T02:21:25.035 Failed to retrieve config value from engine or configurations for config key (MdMemorySensorEnableLeakDetector) hr = 0x80004004 2026-02-10T02:21:25.035 Failed to retrieve config value from engine or configurations for config key (MdMemorySensorCollectionLag) hr = 0x80004004 2026-02-10T02:21:25.391 MdCoreSvc is supported in this platform and OS 2026-02-10T02:21:25.391 MdCoreSvc is supported in this platform and OS 2026-02-10T02:21:25.391 [PlatUpd] MDCoreSvc is supported by the version of the platform we are switching to. Making sure the service is registered with SCM 2026-02-10T02:21:25.391 [PlatUpd] Starting MdCoreSvc service 2026-02-10T02:23:47.401 [PlatUpd] MpAddMpUxRegistration succeeded 2026-02-10T02:23:47.401 [PlatUpd] MpManagementUpdateHandler: starting update for install path %ProgramData%\Microsoft\Windows Defender\Platform\4.18.25110.6-0. 2026-02-10T02:23:47.401 [PlatUpd] MpManagementUpdateHandler: calling MpUpdateManagement() 2026-02-10T02:23:47.401 [PlatUpd] MpUpdateManagement: Management platform update started for components (3) 2026-02-10T02:23:47.401 [PlatUpd] Defender MDM CSP platform update not supported on Server SKUs 2026-02-10T02:23:47.401 [PlatUpd] WMI/PS provider platform update started 2026-02-10T02:23:47.401 [PlatUpd] WMI/PS provider platform update not required 2026-02-10T02:23:47.401 [PlatUpd] MpUpdateManagement: Management platform update completed 2026-02-10T02:23:47.401 MdCoreSvc is supported in this platform and OS 2026-02-10T02:23:47.401 [PlatUpd] MDCoreSvc is supported by the version of the platform we are switching to. Making sure the service is registered with SCM 2026-02-10T02:23:47.401 [PlatUpd] Starting MdCoreSvc service 2026-02-10T02:23:47.401 [PlatUpd] MpCheckAndUpdateBinaryLocationTo(%ProgramData%\Microsoft\Windows Defender\Platform\4.18.25110.6-0): 10 items checked, 0 required update. hrMui: 0x1 hrEtw: 0 2026-02-10T02:23:47.427 [TS] Troublshooting mode is not available! 2026-02-10T02:23:47.514 [TP] State change. FeatureAvialable: False, NewState: 0x2, OldState: 0, Scenario: Consumer, Source: Unknown, ConfigChange: Remove 2026-02-10T02:23:47.532 CheckProductDisabled(fWaitWSC: 1, fRemoveConfigs: 0) ... 2026-02-10T02:23:47.534 [Service] Enabling IOAV/IEV/ShellExt/EtwLogger registrations ... 2026-02-10T02:23:47.534 [Service] Enabling AutoLoggers ... 2026-02-10T02:23:47.535 [Service] Enabling AMSI registration ... 2026-02-10T02:23:47.535 [Service] Leaving EnableIOAVWorker(1, 0) with hr = 0 2026-02-10T02:23:49.407 Cache C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\3ADE5ADB-88D2-4AC6-A4B1-AD77CAEA8D6C-1.bin loaded.**********Cache stats************ No. Of buckets -> 39062 Each Bucket has max capacity of -> 1 entries number of Entries is 24997 Number of invalid entries is 0 Number of inserts issued is 509177 Number of replaces issued is 0 Number of insert failures is 94 Number of inserts with duplicate entries is 29547 Number of lookups is 151077820 Number of lookup misses is 7218558 Number of fast lookup misses is 103290271 Number of false fast lookups is 7218553 Number of invalidations is 298197 Number of maintenance invalidations is 72395 Current File Size is 958464 Journal ID = 1d84ffedf6511fc Trusted image state = 2 USN = 506af Setup boot count = 2 2026-02-10T02:23:49.408 Verifying license file... 2026-02-10T02:23:49.408 Verified [C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\msmplics.dll] (file in cache) 2026-02-10T02:23:50.527 SharedSignatureRoot not configured. Disabling remote image load for msmpeng.exe. Once disabled, it can no longer be enabled without a service restart. hr=0x1 2026-02-10T02:23:50.527 Loaded module#0 MpComServer. 2026-02-10T02:23:50.527 Loaded module#1 StartupPolicies. 2026-02-10T02:23:50.529 COM server initialized successfully. 2026-02-10T02:23:51.185 MpRefreshDefenderCoreConfigs: failed because engine is not ready, we cannot let the process continue because we might start core service while its configuration is not ready. 2026-02-10T02:23:51.281 [Plugin] Verifying C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\mprtp.dll ... 2026-02-10T02:23:51.281 Skipped verification of [C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\mprtp.dll] due to PPL. 2026-02-10T02:23:51.784 [RTP] [RTP] FilterCommunicator object 0x00000281D4D94990 initialized (\MicrosoftMalwareProtectionAsyncPortWD, , ), threads: 0 normal, 0 very low, 0 alt, thread pool threads: 4 normal, 0 very low, 0 alt 2026-02-10T02:23:51.786 [RTP] Setting DisableAsyncScanOnClose to 0 (hr=0). 2026-02-10T02:23:51.786 [RTP] Setting DisableAsyncScanOnOpen to 0 in wdfilter (hr=0). 2026-02-10T02:23:51.786 [RTP] Setting FilterExperimentMode to 0 (hr=0). 2026-02-10T02:23:51.786 [RTP] Setting DisableDriverUnload to 1 (hr=0). 2026-02-10T02:23:51.786 [RTP] Setting RegLinkHardeningMode to 0 (hr=0). 2026-02-10T02:23:51.786 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-10T02:23:51.786 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-10T02:23:51.786 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-10T02:23:51.786 [RTP] Setting PreventPagingFileAbuse to 1 (hr=0). 2026-02-10T02:23:51.786 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-10T02:23:51.786 [RTP] [RTP] LastAccessTimeSuppression for network files is enabled by configuration. 2026-02-10T02:23:51.786 [RTP] [RTP] FilterCommunicator object 0x00000281D4D94BA0 initialized (\MicrosoftMalwareProtectionPortWD, \MicrosoftMalwareProtectionVeryLowIoPortWD, \MicrosoftMalwareProtectionRemoteIoPortWD), threads: 8 normal, 2 very low, 0 alt, thread pool threads: 0 normal, 0 very low, 8 alt 2026-02-10T02:23:51.786 [RTP] SyncDssAvailableThreads cap limit initialized by MiscConfig to: 18 2026-02-10T02:23:51.787 [RTP] [RtpCopyAccelerator] Windows19H1 0, WindowsCobalt 0, IsServerSKU 1, IsPassiveOrSideBySidePassiveMode 0, IsDevMode 0, fIsWindowsInhouseBuild 0, BuildLabEx 17763.1.amd64fre.rs5_release.180914-1434 2026-02-10T02:23:51.787 [RTP] [RTP] StartCommunication 0x00000281D4D94990 (\MicrosoftMalwareProtectionAsyncPortWD, ), threads: 0 normal, 0 very low, 0 alt, thread pool threads: 4 normal, 0 very low, 0 alt 2026-02-10T02:23:51.787 [init][RTP] RTPPlugin initialization completed 2026-02-10T02:23:51.787 OS boot count = 2 2026-02-10T02:23:51.787 OS Install = 0 2026-02-10T02:23:51.792 [init] MpAddMpUxRegistrationForToast failed (Ignored). hr = 0x8000401a 2026-02-10T02:23:51.793 [KSL] Entering CKSLEngine::Initialize. 2026-02-10T02:23:51.793 [KSL] Leaving CKSLEngine::Initialize(0). 2026-02-10T02:23:51.793 [KSL] Entering CKSLEngine::EnableKSL. State: [1] 2026-02-10T02:23:51.794 [KSL] MpInstallKslD: hr=0x1 2026-02-10T02:23:51.794 [KSL] MpRegisterKslD: hr=0 2026-02-10T02:23:51.899 [KSL] MpStartKslD: hr=0 2026-02-10T02:23:51.949 [KSL] Leaving CKSLEngine::EnableKsl(0). 2026-02-10T02:23:51.949 Loading engine... 2026-02-10T02:23:52.909 Verifying engine and signature files (source: 1) ... 2026-02-10T02:23:52.909 Skipped verification of [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D5F77898-0FB2-4261-8EAC-B886D96D8FD6}\mpengine.dll] due to PPL. 2026-02-10T02:23:52.909 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D5F77898-0FB2-4261-8EAC-B886D96D8FD6}\mpasbase.vdm] (file in cache) 2026-02-10T02:23:52.909 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D5F77898-0FB2-4261-8EAC-B886D96D8FD6}\mpasdlta.vdm] (file in cache) 2026-02-10T02:23:52.909 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D5F77898-0FB2-4261-8EAC-B886D96D8FD6}\mpavbase.vdm] (file in cache) 2026-02-10T02:23:52.909 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D5F77898-0FB2-4261-8EAC-B886D96D8FD6}\mpavdlta.vdm] (file in cache) 2026-02-10T02:23:54.715 [Engine] IsHybridMode: 0 2026-02-10T02:23:54.747 [KSL]KSL(1.1.25080.5) Is available via CAMP. KslDevice : KslD, TDTDevice : TDT 2026-02-10T02:23:56.433 Database:Can't find offline cache cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6B971BABED49B823269FDEA3E3C20E90163573EA.bin): 0x00000002 2026-02-10T02:23:57.490 Database:Creating offline cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6B971BABED49B823269FDEA3E3C20E90163573EA.bin) 2026-02-10T02:23:57.490 Database:Product:1, ProductVersion:5, Platform:6, PlatformVersion:19, IsBeta:0, IsAdvancedAtLoad:0, IsParanoid: 0, IsOffline: 0 2026-02-10T02:23:57.490 Database:IsEmbedded: 0, IsIEVEnabled: 0, IsServerSku: 1, IsRsdhSku: 1, IsEnterpriseProduct: 0, IsMsft: 0, IsSeville: 0, IsMsSense: 0, IsImmune: 0, IsMba: 0, IsPus: 0, IsManaged: 0, IsSmode: 0 2026-02-10T02:23:57.490 Database:IsAutoSubmit:0, IsPusRem:0, LoadedAS:1, LoadedAV:1, LoadedInternal: 0, PassiveMode: 0, SxsPassiveMode:0, IsDevMode:0, IsTestSigning:0, IsWCOS: 0, IsInsideContainer: 0, IsHybridMode: 0 2026-02-10T02:23:57.490 Database:kLCID:1033, kOsVersion:655360, kProcessorArch:9, dwIsTest:0, fTdtCapable:0, fTdtUVE:0, dwTDTSiloType:0, kOOsVersion:655360, kOsSP:0, kOsBld:17763, dwPvpRing=0xffffffff IDynamicConfig::ReportError value=BruteForceProtectionIPExclusion hr=0x8007007b IDynamicConfig::ReportError value=BruteForceProtectionStatus hr=0x8007007b IDynamicConfig::ReportError value=DisableGradualRelease hr=0x8007007b IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007b IDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000d IDynamicConfig::ReportError value=MpCampRingThrottled hr=0x8007007b IDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d IDynamicConfig::ReportError value=MpEngineRingThrottled hr=0x8007007b 2026-02-10T02:24:49.971 Geo ID not found using standard default set: :SOAP:https://wdcp.microsoft.com/WdCpSrvc.asmx 2026-02-10T02:24:49.984 [AutoExclusion] Applied roles from cache. 2026-02-10T02:24:49.984 [AutoExclusion] Started roles monitoring. 2026-02-10T02:24:49.984 [Engine] New active engine 00007FFB91036240 (no old engine). Number of active engines: 1 2026-02-10T02:24:50.595 EngineInit:Global ASOC is enabled 2026-02-10T02:24:50.595 EngineInit:ASOO is enabled for developer volumes 2026-02-10T02:24:52.187 Engine-HIPS:Loaded ASR vdm rule "Block use of copied or impersonated system tools", State=5, Action=0, Type=9, Duplicates(Interval=288000000000, scope=0x100) 2026-02-10T02:24:52.188 Engine-HIPS:Loaded ASR vdm rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:24:52.188 Engine-HIPS:Loaded ASR vdm rule "Block credential stealing from the Windows local security authority subsystem (lsass.exe)", State=5, Action=7, Type=1, Duplicates(Interval=288000000000, scope=0x380) 2026-02-10T02:24:52.189 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from injecting code into other processes", State=5, Action=2, Type=24, Duplicates(Interval=144000000000, scope=0x380) 2026-02-10T02:24:52.189 Engine-HIPS:Loaded ASR vdm rule "Controlled folder access", State=0, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-10T02:24:52.189 Engine-HIPS:Loaded ASR vdm rule "Block untrusted and unsigned processes that run from USB", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:24:52.190 Engine-HIPS:Loaded ASR vdm rule "Block Adobe Reader from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:24:52.190 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from creating executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:24:52.190 Engine-HIPS:Loaded ASR vdm rule "Block Webshell creation for Servers", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-10T02:24:52.191 Engine-HIPS:Loaded ASR vdm rule "Block Office communication application from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:24:52.191 Engine-HIPS:Loaded ASR vdm rule "Block abuse of in-the-wild exploited vulnerable signed drivers", State=5, Action=0, Type=1, Duplicates(Interval=36000000000, scope=0x100) 2026-02-10T02:24:52.191 Engine-HIPS:Loaded ASR vdm rule "Block all Office applications from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:24:52.192 Engine-HIPS:Loaded ASR vdm rule "Use advanced protection against ransomware", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:24:52.192 Engine-HIPS:Loaded ASR vdm rule "Block Process Creations originating from PSExec & WMI commands", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:24:52.192 Engine-HIPS:Loaded ASR vdm rule "Block Launching of executable content from email attachment", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:24:52.193 Engine-HIPS:Loaded ASR vdm rule "Block JavaScript or VBScript from launching downloaded executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:24:52.193 Engine-HIPS:Loaded ASR vdm rule "Block persistence through WMI event subscription", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:24:52.218 Engine-HIPS:Loaded ASR vdm rule "Block rebooting machine in Safe Mode", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:24:52.218 Engine-HIPS:Loaded ASR vdm rule "Block execution of potentially obfuscated scripts", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:24:52.748 MpWriteUupSignatureVersion 1.443.1091.0, hr = 0 2026-02-10T02:24:52.749 [SigStatUpd] CSignatureStatus: back to good 2026-02-10T02:24:52.749 ForceSyncMoacInsertion config from engine is 0, hr = 0x0 2026-02-10T02:24:52.759 [RTP] [Mini-filter] MpFC: MpFC_Kernel_HardenUxProcesses=0;MpFC_Kernel_SystemIoRequestWorkOnBehalfOf=0x1;MpFC_Kernel_PreventBindfltAbuse=0x1;MpFC_Kernel_ParentProcessObHardeningAllow=0;MpFC_Kernel_ReduceOfficeInjectRuleFP=0x1;MPC_Kernel_CheckValidityOfProcessFilterFlagsInASR=0x1;MpFc_Kernel_UseLowPrioThreadsForAsyncScans=0x1;MpFc_Kernel_DisableFileDirtyLogic=0;MpFC_Kernel_DisableDLPPort=0x1;MpFC_Kernel_DlpFeatures=0;MpFC_Kernel_EnableFolderGuardOnPostCreate=0x1;MpFC_Kernel_StrictTiChildrenMatch=0;MpFC_Kernel_PPLReduxMitigationFlags=0x3;MpFc_Kernel_UseLowPriAsyncScansDevDrvOnly=0x1;MpFc_Kernel_DisableOfficeInjectUevSuppression=0x1;MpFc_Kernel_CopyChunkFileHintMask=0;MpFc_Kernel_DisableScanOnCloseForNetworkFiles=0x1;MpFc_Kernel_MaxAsyncWorkQueue=0x400;MpFc_Kernel_DlpIgnoreSystemFolder=0x1;MpFc_Kernel_DlpPassThroughMode=0;MpFc_Kernel_L2StateCache_DefaultStreamsOnly=0x1;MpFc_Kernel_L2StateCache_SupportGenericFileState=0x1;MpFc_Kernel_CryptSvcPreScanFilter=0x1;MpFc_Kernel_SystemPreScanFilter=0x1;MpFC_Kernel_CheckValidit 2026-02-10T02:24:52.760 [HybridMode] HybridMode change notification isHybridModePolicyEnabled: 0, isVerifiedAndReputableTrustModeEnabled: 0 2026-02-10T02:24:52.760 Hybrid mode change notification called, no change detected in verified and reputable trust mode (0 -> 0)! 2026-02-10T02:24:52.760 Hybrid mode change notification called, no change detected in Hybrid mode (0 -> 0)!ApplyDefenderProcessTokenTrustLableAce succeeded to set. 2026-02-10T02:24:52.781 MpUpdateUpdateResiliencyConfiguration updated to 0 2026-02-10T02:24:52.781 [Plugin] Initializing RTP plugin state... 2026-02-10T02:24:52.781 [Plugin] Normal mode, or passive mode with shadow protection enabled. Will not force RTP off. 2026-02-10T02:24:52.781 [RTP] ****************************RTP Perf Log*************************** RTP Start:N/A Last Perf:(null) First RTP Scan:N/A Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\OInstall_x64.exe C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\files C:\Users\Administrator\Downloads\InternetDownloadManager6.42Build3.c.taiwebs.com\Internet Download Manager 6.42 Build 3 Multilingual\Patch C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\OInstall.exe Ext Exclusions: Temp Exclusions: Worker Threads: AM:18 Async:4 Cache Flushes: RTP:0 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:1,1,0 SetEngine:1,1,0 SetState:0,0,0 SetUser:0,0,0 Config:0,0,0 ProcExcl:0,0,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:2882 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:2102 AsyncQCurrent:0 BMFlags:8 ServiceMaj:0 ServiceMin:0 NumInstance:6 TotalStreamCon:6421 NTFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:118418 TotalHits:0 InstanceCacheInserts:109 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:2 InstanceCacheMisses:8682 InstanceCacheOverflows:0 CSVFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 SyncProcessCreateDuration:-1ms (0/0) Success: 0, failures: 0 (last code: 0x0), timeouts: 0, baddata: 0 **************************END RTP Perf Log************************* 2026-02-10T02:24:52.781 [Engine] Loaded C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D5F77898-0FB2-4261-8EAC-B886D96D8FD6} 2026-02-10T02:24:52.781 [SCC][CID=323406_6108] [1DS] SCCState hr=0x0 msg={"error":"","hr":"0x0","init":false,"source":"None","state":"None"} 2026-02-10T02:24:52.782 Failed to retrieve config value from engine or configurations for config key (MdCpuSensorCollectionLag) hr = 0x8050800f 2026-02-10T02:24:52.782 Failed to retrieve config value from engine or configurations for config key (MdCrashSensorCollectionLag) hr = 0x8050800f 2026-02-10T02:24:52.782 Failed to retrieve config value from engine or configurations for config key (MdDiskSensorCollectionLag) hr = 0x8050800f 2026-02-10T02:24:52.782 Failed to retrieve config value from engine or configurations for config key (MdMemorySensorCollectionLag) hr = 0x8050800f 2026-02-10T02:24:52.782 MdCoreSvc is supported in this platform and OS 2026-02-10T02:24:52.782 Engine loaded! 2026-02-10T02:24:52.782 [DLP] Create FeatureControlState instance 2026-02-10T02:24:52.784 Engine:Failure in process enumeration: Image:, Error:GetImageNameConfigurationEx, 0x80078020, PID: 0 2026-02-10T02:24:52.784 Engine:Failure in process enumeration: Image:, Error:GetImageNameConfigurationEx, 0x80078020, PID: 4 2026-02-10T02:24:52.980 RegisterSModeChangeListener: hr = 0x1 2026-02-10T02:24:52.980 RegisterHybridModeChangeListener: hr = 0x1 2026-02-10T02:24:52.991 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-10T02:24:53.123 [TP] State change. FeatureAvialable: False, NewState: 0x2, OldState: 0x2, Scenario: Consumer, Source: Signatures, ConfigChange: Remove 2026-02-10T02:24:53.151 [TP] TP Enabled: 0, SecureConfigEnabled: 0, DisableTPExclusionBypass: 0, EnableTPExclusion via FC: 0, IsIntuneManagedDefender: 0, IsSCCMManagedDefender: 0, IsMDEAttachManagedDefender: 0, IsSCCMOnlyManagedDefender: 0, IsStrictPolicyModeEnabled: 0 (from snapshot: 0), Effective EnableTPExclusions: 0, Previous EnableTPExclusions: 0, Delayed call: 0 2026-02-10T02:24:53.173 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-10T02:24:53.173 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-10T02:24:53.173 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-10T02:24:53.173 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-10T02:24:53.173 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-10T02:24:53.173 [RTP] Generating the base plugin configuration ... 2026-02-10T02:24:53.173 [RTP] Path exclusion changed, new size in bytes: 850 2026-02-10T02:24:53.173 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-10T02:24:53.173 [RTP] Calling GenerateEngineConfigStruct (0x3e) ... 2026-02-10T02:24:53.174 [RTP] [RTP] RTPPlugin state has changed as follow: ASStatus:0->1, AVStatus:0->1, RTPStatus:0->2 2026-02-10T02:24:53.174 [RTP] [RTP] FilterCommunicator object 0x00000281D4D94BA0 StopCommunication (\MicrosoftMalwareProtectionPortWD, \MicrosoftMalwareProtectionVeryLowIoPortWD), threads: 8 normal, 2 very low, 0 alt, thread pool threads: 0 normal, 0 very low, 8 alt 2026-02-10T02:24:53.251 [AutoPurge] Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms) 2026-02-10T02:24:53.251 [SigReleaseHb] Initialized with Stage 0 2026-02-10T02:24:53.251 [EmergencySigManager] Emergency sig checks are currently disabled. Timer interval: 15 minutes. 2026-02-10T02:24:53.251 [SCC][CID=323406_6108] Initializing ... 2026-02-10T02:24:53.251 [SCC][CID=323406_6108] SCC Initialize! The feature is OFF on this machine (E5 = 0), hr: 0x80004001 2026-02-10T02:24:53.252 MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0 2026-02-10T02:24:53.252 MpPlatformKillbitsFromEngineEx (0x0) (0x0) written, hr = 0 2026-02-10T02:24:53.256 CheckProductDisabled(fWaitWSC: 0, fRemoveConfigs: 1) ... IDynamicConfig::ReportError value=BruteForceProtectionIPExclusion hr=0x8007007b IDynamicConfig::ReportError value=BruteForceProtectionStatus hr=0x8007007b IDynamicConfig::ReportError value=DisableGradualRelease hr=0x8007007b IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007b IDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000d IDynamicConfig::ReportError value=MpCampRingThrottled hr=0x8007007b IDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d IDynamicConfig::ReportError value=MpEngineRingThrottled hr=0x8007007b 2026-02-10T02:24:53.260 [KSL] Entering CKSLEngine::EnableKSL. State: [3] 2026-02-10T02:24:53.260 [KSL] CKSLEngine::EnableKSL feature is already enabled. 2026-02-10T02:24:53.260 [KSL] Leaving CKSLEngine::EnableKsl(0). 2026-02-10T02:24:53.260 [KSL] Entering CKSLEngine::EnableKSL. State: [3] 2026-02-10T02:24:53.260 [KSL] CKSLEngine::EnableKSL feature is already enabled. 2026-02-10T02:24:53.260 [KSL] Leaving CKSLEngine::EnableKsl(0). 2026-02-10T02:24:53.321 [NRI] Stopping NIS service ... 2026-02-10T02:24:53.321 [RTP] [RTP] Killbits updated: 0x200000000000000 -> 0x4000000 2026-02-10T02:24:53.321 [RTP] [RTP] LastAccessTimeSuppression is enabled (default behavior). Product Version: 4.18.25110.6 Service Version: 4.18.25110.6 Engine Version: 1.1.25110.1 AS Signature Version: 1.443.1091.0 AV Signature Version: 1.443.1091.0 ************************************************************ 2026-02-10T02:24:53.321 Resource usage Monitoring is enabled 2026-02-10T02:24:53.322 Job Notification: New process added to job (3784) 2026-02-10T02:24:53.322 Ci Endpoint Security Policy Installation: Unsupported, hr = 0x00000001 2026-02-10T02:24:55.677 [RTP] Duplicating the current plugin configuration object... 2026-02-10T02:24:55.677 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-10T02:24:55.677 [RTP] Updating plugin configuration due to recent config changes (0x600) ... 2026-02-10T02:24:55.677 [RTP] Calling GenerateEngineConfigStruct (0x18) ... 2026-02-10T02:24:55.952 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x600, Changed: 0x218 2026-02-10T02:29:50.331 [RbM] Setting Last known good engine candidate. hr = 0 2026-02-10T02:29:53.251 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T02:34:53.251 Timer callback: Initializating/verifying scheduled tasks ... 2026-02-10T02:34:53.251 [AutoPurge] AutoPurgeWorker triggered with dwWork=0x3 2026-02-10T02:34:53.296 Job Notification: New process added to job (1480) 2026-02-10T02:34:53.297 Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) launched 2026-02-10T02:34:53.328 Job Notification: New process added to job (7424) 2026-02-10T02:34:53.337 [RTP] [Mini-filter] Denied OB operation OpenProcess[\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe][Pid:1480] from process [\Device\HarddiskVolume4\Windows\System32\conhost.exe][Pid:7424]. OriginalDesiredAccess: [0x1fffff] ResultingAccess: [0x1ff7d4] 2026-02-10T02:34:53.453 Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2 -ScanTrigger 52) is scheduled to run in 75203606(ms) from now at 02:28 (23:28 UTC) with period 86400000(ms). Daily task start time is randomized to reduce spikes. 2026-02-10T02:34:53.503 Job Notification: New process added to job (7436) 2026-02-10T02:34:53.503 Task(SignaturesUpdateService -ScheduleJob -UnmanagedUpdate) launched 2026-02-10T02:34:53.504 Job Notification: New process added to job (496) 2026-02-10T02:34:53.517 [RTP] [Mini-filter] Denied OB operation OpenProcess[\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe][Pid:7436] from process [\Device\HarddiskVolume4\Windows\System32\conhost.exe][Pid:496]. OriginalDesiredAccess: [0x1fffff] ResultingAccess: [0x1ff7d4] 2026-02-10T02:35:38.650 UpdateEngine start: Source: 1, szUpdateDirectory: C:\Windows\Temp\EA2B3C43-85F5-4FD1-B838-23570348E9E01f4c.1dc9a35ee2c79a1 2026-02-10T02:35:39.003 Verifying engine and signature files (source: 0) ... 2026-02-10T02:35:39.003 Skipped verification of [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7FAC9EC8-9BE6-4961-A11A-B44B6FA6E23B}\mpengine.dll] due to PPL. 2026-02-10T02:35:39.003 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7FAC9EC8-9BE6-4961-A11A-B44B6FA6E23B}\mpasbase.vdm] (file in cache) 2026-02-10T02:35:39.004 MpCacheManagerIsTrustedFile [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7FAC9EC8-9BE6-4961-A11A-B44B6FA6E23B}\mpasdlta.vdm]. File not in cache (0x1) 2026-02-10T02:35:39.144 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7FAC9EC8-9BE6-4961-A11A-B44B6FA6E23B}\mpasdlta.vdm] 2026-02-10T02:35:39.144 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7FAC9EC8-9BE6-4961-A11A-B44B6FA6E23B}\mpavbase.vdm] (file in cache) 2026-02-10T02:35:39.144 MpCacheManagerIsTrustedFile [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7FAC9EC8-9BE6-4961-A11A-B44B6FA6E23B}\mpavdlta.vdm]. File not in cache (0x1) 2026-02-10T02:35:39.177 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7FAC9EC8-9BE6-4961-A11A-B44B6FA6E23B}\mpavdlta.vdm] 2026-02-10T02:35:39.471 [Engine] IsHybridMode: 0 2026-02-10T02:35:39.471 [KSL]KSL(1.1.25080.5) Is available via CAMP. KslDevice : KslD, TDTDevice : TDT 2026-02-10T02:35:39.477 Database:Can't find offline cache cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-12E3F083C736BCFBEA01675B1ABA933BFF428A17.bin): 0x00000002 2026-02-10T02:35:39.480 Database:Creating offline cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-12E3F083C736BCFBEA01675B1ABA933BFF428A17.bin) 2026-02-10T02:35:39.480 Database:Product:1, ProductVersion:5, Platform:6, PlatformVersion:19, IsBeta:0, IsAdvancedAtLoad:0, IsParanoid: 0, IsOffline: 0 2026-02-10T02:35:39.480 Database:IsEmbedded: 0, IsIEVEnabled: 0, IsServerSku: 1, IsRsdhSku: 1, IsEnterpriseProduct: 0, IsMsft: 0, IsSeville: 0, IsMsSense: 0, IsImmune: 0, IsMba: 0, IsPus: 0, IsManaged: 0, IsSmode: 0 2026-02-10T02:35:39.480 Database:IsAutoSubmit:0, IsPusRem:0, LoadedAS:1, LoadedAV:1, LoadedInternal: 0, PassiveMode: 0, SxsPassiveMode:0, IsDevMode:0, IsTestSigning:0, IsWCOS: 0, IsInsideContainer: 0, IsHybridMode: 0 2026-02-10T02:35:39.480 Database:kLCID:1033, kOsVersion:655360, kProcessorArch:9, dwIsTest:0, fTdtCapable:0, fTdtUVE:0, dwTDTSiloType:0, kOOsVersion:655360, kOsSP:0, kOsBld:17763, dwPvpRing=0xffffffff IDynamicConfig::ReportError value=BruteForceProtectionIPExclusion hr=0x8007007b IDynamicConfig::ReportError value=BruteForceProtectionStatus hr=0x8007007b IDynamicConfig::ReportError value=DisableGradualRelease hr=0x8007007b IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007b IDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000d IDynamicConfig::ReportError value=MpCampRingThrottled hr=0x8007007b IDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d IDynamicConfig::ReportError value=MpEngineRingThrottled hr=0x8007007b 2026-02-10T02:36:02.110 Geo ID not found using standard default set: :SOAP:https://wdcp.microsoft.com/WdCpSrvc.asmx 2026-02-10T02:36:02.266 [AutoExclusion] Applied roles from cache. 2026-02-10T02:36:02.266 [AutoExclusion] Started roles monitoring. 2026-02-10T02:36:02.298 [Engine] RSIG_ENGINE_PRE_SHUTDOWN, 0x00007FFB91036240, lRefCount: 5, hr=0 2026-02-10T02:36:02.298 [Engine] New active engine 00007FFB8EBD6240 replacing engine 00007FFB91036240. Number of active engines: 2 2026-02-10T02:36:02.301 EngineInit:Global ASOC is enabled 2026-02-10T02:36:02.301 EngineInit:ASOO is enabled for developer volumes 2026-02-10T02:36:02.338 Engine-HIPS:Loaded ASR vdm rule "Block use of copied or impersonated system tools", State=5, Action=0, Type=9, Duplicates(Interval=288000000000, scope=0x100) 2026-02-10T02:36:02.339 Engine-HIPS:Loaded ASR vdm rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:36:02.339 Engine-HIPS:Loaded ASR vdm rule "Block credential stealing from the Windows local security authority subsystem (lsass.exe)", State=5, Action=7, Type=1, Duplicates(Interval=288000000000, scope=0x380) 2026-02-10T02:36:02.339 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from injecting code into other processes", State=5, Action=2, Type=24, Duplicates(Interval=144000000000, scope=0x380) 2026-02-10T02:36:02.339 Engine-HIPS:Loaded ASR vdm rule "Controlled folder access", State=0, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-10T02:36:02.339 Engine-HIPS:Loaded ASR vdm rule "Block untrusted and unsigned processes that run from USB", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:36:02.339 Engine-HIPS:Loaded ASR vdm rule "Block Adobe Reader from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:36:02.339 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from creating executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:36:02.339 Engine-HIPS:Loaded ASR vdm rule "Block Webshell creation for Servers", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-10T02:36:02.339 Engine-HIPS:Loaded ASR vdm rule "Block Office communication application from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:36:02.339 Engine-HIPS:Loaded ASR vdm rule "Block abuse of in-the-wild exploited vulnerable signed drivers", State=5, Action=0, Type=1, Duplicates(Interval=36000000000, scope=0x100) 2026-02-10T02:36:02.339 Engine-HIPS:Loaded ASR vdm rule "Block all Office applications from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:36:02.339 Engine-HIPS:Loaded ASR vdm rule "Use advanced protection against ransomware", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:36:02.339 Engine-HIPS:Loaded ASR vdm rule "Block Process Creations originating from PSExec & WMI commands", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:36:02.339 Engine-HIPS:Loaded ASR vdm rule "Block Launching of executable content from email attachment", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:36:02.339 Engine-HIPS:Loaded ASR vdm rule "Block JavaScript or VBScript from launching downloaded executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:36:02.339 Engine-HIPS:Loaded ASR vdm rule "Block persistence through WMI event subscription", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:36:02.339 Engine-HIPS:Loaded ASR vdm rule "Block rebooting machine in Safe Mode", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:36:02.339 Engine-HIPS:Loaded ASR vdm rule "Block execution of potentially obfuscated scripts", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:36:02.340 MpWriteUupSignatureVersion 1.443.1096.0, hr = 0 2026-02-10T02:36:02.341 ForceSyncMoacInsertion config from engine is 0, hr = 0x0 2026-02-10T02:36:02.350 [HybridMode] HybridMode change notification isHybridModePolicyEnabled: 0, isVerifiedAndReputableTrustModeEnabled: 0 2026-02-10T02:36:02.350 Hybrid mode change notification called, no change detected in verified and reputable trust mode (0 -> 0)! 2026-02-10T02:36:02.350 Hybrid mode change notification called, no change detected in Hybrid mode (0 -> 0)!ApplyDefenderProcessTokenTrustLableAce succeeded to set. 2026-02-10T02:36:02.360 [RTP] [Mini-filter] MpFC: MpFC_Kernel_HardenUxProcesses=0;MpFC_Kernel_SystemIoRequestWorkOnBehalfOf=0x1;MpFC_Kernel_PreventBindfltAbuse=0x1;MpFC_Kernel_ParentProcessObHardeningAllow=0;MpFC_Kernel_ReduceOfficeInjectRuleFP=0x1;MPC_Kernel_CheckValidityOfProcessFilterFlagsInASR=0x1;MpFc_Kernel_UseLowPrioThreadsForAsyncScans=0x1;MpFc_Kernel_DisableFileDirtyLogic=0;MpFC_Kernel_DisableDLPPort=0x1;MpFC_Kernel_DlpFeatures=0;MpFC_Kernel_EnableFolderGuardOnPostCreate=0x1;MpFC_Kernel_StrictTiChildrenMatch=0;MpFC_Kernel_PPLReduxMitigationFlags=0x3;MpFc_Kernel_UseLowPriAsyncScansDevDrvOnly=0x1;MpFc_Kernel_DisableOfficeInjectUevSuppression=0x1;MpFc_Kernel_CopyChunkFileHintMask=0;MpFc_Kernel_DisableScanOnCloseForNetworkFiles=0x1;MpFc_Kernel_MaxAsyncWorkQueue=0x400;MpFc_Kernel_DlpIgnoreSystemFolder=0x1;MpFc_Kernel_DlpPassThroughMode=0;MpFc_Kernel_L2StateCache_DefaultStreamsOnly=0x1;MpFc_Kernel_L2StateCache_SupportGenericFileState=0x1;MpFc_Kernel_CryptSvcPreScanFilter=0x1;MpFc_Kernel_SystemPreScanFilter=0x1;MpFC_Kernel_CheckValidit 2026-02-10T02:36:02.360 MpUpdateUpdateResiliencyConfiguration updated to 0 2026-02-10T02:36:02.360 [Plugin] Initializing RTP plugin state... 2026-02-10T02:36:02.360 [Plugin] Normal mode, or passive mode with shadow protection enabled. Will not force RTP off. 2026-02-10T02:36:02.360 [Engine] Loaded C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7FAC9EC8-9BE6-4961-A11A-B44B6FA6E23B} 2026-02-10T02:36:02.360 [Engine] Skip removing C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D5F77898-0FB2-4261-8EAC-B886D96D8FD6}, C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D5F77898-0FB2-4261-8EAC-B886D96D8FD6}\mpasbase.vdm in use, hr=0x80070020 2026-02-10T02:36:02.360 [SCC][CID=992984_128] [1DS] SCCState hr=0x0 msg={"error":"","hr":"0x0","init":false,"source":"None","state":"None"} 2026-02-10T02:36:02.361 Failed to retrieve config value from engine or configurations for config key (MdCpuSensorCollectionLag) hr = 0x8050800f 2026-02-10T02:36:02.361 Failed to retrieve config value from engine or configurations for config key (MdCrashSensorCollectionLag) hr = 0x8050800f 2026-02-10T02:36:02.361 Failed to retrieve config value from engine or configurations for config key (MdDiskSensorCollectionLag) hr = 0x8050800f 2026-02-10T02:36:02.361 Failed to retrieve config value from engine or configurations for config key (MdMemorySensorCollectionLag) hr = 0x8050800f 2026-02-10T02:36:02.361 MdCoreSvc is supported in this platform and OS Beginning quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Target: Flags:131074 Start time:02-10-2026 02:36:02 Finished quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Result:0 End time:02-10-2026 02:36:02 2026-02-10T02:36:02.362 [RTP] ****************************RTP Perf Log*************************** RTP Start:‎02‎-‎10‎-‎2026 05:24:53 Last Perf:‎02‎-‎10‎-‎2026 05:24:52 First RTP Scan:N/A Plugin States: AV:1 AS:1 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\OInstall_x64.exe C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\files C:\Users\Administrator\Downloads\InternetDownloadManager6.42Build3.c.taiwebs.com\Internet Download Manager 6.42 Build 3 Multilingual\Patch C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\OInstall.exe Ext Exclusions: Temp Exclusions: Worker Threads: AM:18 Async:4 Cache Flushes: RTP:1 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:2,3,0 SetEngine:1,1,0 SetState:1,1,0 SetUser:0,0,0 Config:0,1,0 ProcExcl:0,0,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:281166 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:5502 AsyncQCurrent:0 BMFlags:1160 ServiceMaj:0 ServiceMin:0 NumInstance:6 TotalStreamCon:7095 NTFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:548990 TotalHits:0 InstanceCacheInserts:175 InstanceCacheUpdates:0 InstanceCacheDeletes:107 InstanceCacheHits:4 InstanceCacheMisses:9770 InstanceCacheOverflows:0 CSVFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 SyncProcessCreateDuration:-1ms (0/0) Success: 0, failures: 0 (last code: 0x0), timeouts: 0, baddata: 0 **************************END RTP Perf Log************************* 2026-02-10T02:36:02.363 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-10T02:36:02.364 MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0 2026-02-10T02:36:02.364 MpPlatformKillbitsFromEngineEx (0x0) (0x0) written, hr = 0 2026-02-10T02:36:02.365 [NRI] Stopping NIS service ... 2026-02-10T02:36:02.366 Failed to retrieve config value from engine or configurations for config key (MdCpuSensorCollectionLag) hr = 0x8050800f 2026-02-10T02:36:02.366 Failed to retrieve config value from engine or configurations for config key (MdCrashSensorCollectionLag) hr = 0x8050800f 2026-02-10T02:36:02.366 Failed to retrieve config value from engine or configurations for config key (MdDiskSensorCollectionLag) hr = 0x8050800f 2026-02-10T02:36:02.366 Failed to retrieve config value from engine or configurations for config key (MdMemorySensorCollectionLag) hr = 0x8050800f 2026-02-10T02:36:02.366 MdCoreSvc is supported in this platform and OS Signature updated on 02-10-2026 02:36:02 Product Version: 4.18.25110.6 Service Version: 4.18.25110.6 Engine Version: 1.1.25110.1 AS Signature Version: 1.443.1096.0 AV Signature Version: 1.443.1096.0 ************************************************************ 2026-02-10T02:36:02.368 [Update] Performing ScanOnUpdate, GetConfigHr: 0x0, dwDisableScanOnUpdate: 0, passiveMode: 0, killbit: 0 2026-02-10T02:36:02.368 UpdateEngine finished with 0: Source: 1, szUpdateDirectory: C:\Windows\Temp\EA2B3C43-85F5-4FD1-B838-23570348E9E01f4c.1dc9a35ee2c79a1 2026-02-10T02:36:02.403 Process scan (postsignatureupdatescan) started. 2026-02-10T02:36:02.414 [TP] State change. FeatureAvialable: False, NewState: 0x2, OldState: 0x2, Scenario: Consumer, Source: Signatures, ConfigChange: Remove 2026-02-10T02:36:02.415 [TP] TP Enabled: 0, SecureConfigEnabled: 0, DisableTPExclusionBypass: 0, EnableTPExclusion via FC: 0, IsIntuneManagedDefender: 0, IsSCCMManagedDefender: 0, IsMDEAttachManagedDefender: 0, IsSCCMOnlyManagedDefender: 0, IsStrictPolicyModeEnabled: 0 (from snapshot: 0), Effective EnableTPExclusions: 0, Previous EnableTPExclusions: 0, Delayed call: 0 2026-02-10T02:36:02.546 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-10T02:36:02.546 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-10T02:36:02.546 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-10T02:36:02.546 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-10T02:36:02.546 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-10T02:36:02.546 [Engine] Engine 00007FFB91036240 no longer in use. Number of active engines: 1 2026-02-10T02:36:02.546 [RTP] [RTP] FilterCommunicator object 0x00000281D4D94BA0 StopCommunication (\MicrosoftMalwareProtectionPortWD, \MicrosoftMalwareProtectionVeryLowIoPortWD), threads: 8 normal, 2 very low, 0 alt, thread pool threads: 0 normal, 0 very low, 8 alt 2026-02-10T02:36:02.751 [Engine] RSIG_UNLOADENGINE, 00007FFB91036240, err=0x0 2026-02-10T02:36:02.765 [Engine] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D5F77898-0FB2-4261-8EAC-B886D96D8FD6} removed 2026-02-10T02:36:02.872 CheckProductDisabled(fWaitWSC: 0, fRemoveConfigs: 1) ... 2026-02-10T02:36:02.876 [KSL] Entering CKSLEngine::EnableKSL. State: [3] 2026-02-10T02:36:02.876 [KSL] CKSLEngine::EnableKSL feature is already enabled. 2026-02-10T02:36:02.876 [KSL] Leaving CKSLEngine::EnableKsl(0). 2026-02-10T02:36:02.877 [KSL] Entering CKSLEngine::EnableKSL. State: [3] 2026-02-10T02:36:02.877 [KSL] CKSLEngine::EnableKSL feature is already enabled. 2026-02-10T02:36:02.877 [KSL] Leaving CKSLEngine::EnableKsl(0). 2026-02-10T02:36:02.878 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-10T02:36:02.878 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-10T02:36:02.878 [RTP] [RtpConfig] Config change detected, type: 4 2026-02-10T02:36:02.878 [RTP] [RtpConfig] Config change detected, type: 8 2026-02-10T02:36:02.878 [RTP] [RtpConfig] Config change detected, type: 1024 2026-02-10T02:36:02.878 [RTP] [RtpConfig] Config change detected, type: 2048 2026-02-10T02:36:02.878 [RTP] Setting DisableAsyncScanOnClose to 0 (hr=0). 2026-02-10T02:36:02.878 [RTP] Setting DisableAsyncScanOnOpen to 0 in wdfilter (hr=0). 2026-02-10T02:36:02.878 [RTP] Setting FilterExperimentMode to 0 (hr=0). 2026-02-10T02:36:02.878 [RTP] Setting DisableDriverUnload to 1 (hr=0). 2026-02-10T02:36:02.878 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-10T02:36:02.878 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-10T02:36:02.878 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-10T02:36:02.878 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-10T02:36:02.878 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-10T02:36:02.878 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-10T02:36:02.878 [RTP] [RTP] LastAccessTimeSuppression for network files is enabled by configuration. 2026-02-10T02:36:02.878 [RTP] [RtpConfig] Config change detected, type: 64 IDynamicConfig::ReportError value=BruteForceProtectionIPExclusion hr=0x8007007b IDynamicConfig::ReportError value=BruteForceProtectionStatus hr=0x8007007b IDynamicConfig::ReportError value=DisableGradualRelease hr=0x8007007b IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007b IDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000d IDynamicConfig::ReportError value=MpCampRingThrottled hr=0x8007007b IDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d IDynamicConfig::ReportError value=MpEngineRingThrottled hr=0x8007007b 2026-02-10T02:36:02.881 [NRI] Stopping NIS service ... 2026-02-10T02:36:02.882 [NRI] Stopping NIS service ... 2026-02-10T02:36:02.883 [NRI] Stopping NIS service ... 2026-02-10T02:36:02.883 [NRI] Stopping NIS service ... 2026-02-10T02:36:02.884 [NRI] Stopping NIS service ... 2026-02-10T02:36:05.405 [RTP] Duplicating the current plugin configuration object... 2026-02-10T02:36:05.405 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-10T02:36:05.405 [RTP] Updating plugin configuration due to recent config changes (0x42e) ... 2026-02-10T02:36:05.405 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-10T02:36:05.405 [RTP] Calling GenerateEngineConfigStruct (0x18) ... 2026-02-10T02:36:05.405 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x42e, Changed: 0x218 2026-02-10T02:36:31.912 [PlatUpd] Purging orphaned platform update directories under C:\ProgramData\Microsoft\Windows Defender\Platform ... 2026-02-10T02:36:31.912 [PlatUpd] Not purging current location C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0 ... 2026-02-10T02:36:31.912 [PlatUpd] Not purging backup location C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.5-0 ... 2026-02-10T02:36:31.912 [PlatUpd] Deleting orphaned platform update directory C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25100.9008-0 ... 2026-02-10T02:36:31.945 [PlatUpd] Purging orphaned platform update directories under C:\Program Files\Windows Defender\Platform ... 2026-02-10T02:36:31.993 [PlatUpd] Verified C:\Windows\TEMP\28C85327-1551-4AA9-A06B-8BF15E5143F9\MpUpdate.dll. Calling MpUpdateStub(0) ... 2026-02-10T02:36:33.538 [Plugin] Normal mode, or passive mode with shadow protection enabled. Will not force RTP off. 2026-02-10T02:36:33.540 [RTP] [RTP] FilterCommunicator object 0x00000281D4D94BA0 StopCommunication (\MicrosoftMalwareProtectionPortWD, \MicrosoftMalwareProtectionVeryLowIoPortWD), threads: 8 normal, 2 very low, 0 alt, thread pool threads: 0 normal, 0 very low, 8 alt 2026-02-10T02:36:33.540 [NRI] Stopping NIS service ... 2026-02-10T02:36:33.735 [PlatUpd] MpUpdateStub() succeeded. Stub DLL: C:\Windows\TEMP\28C85327-1551-4AA9-A06B-8BF15E5143F9\MpUpdate.dll. 2026-02-10T02:36:33.764 [KSL] Entering CKSLEngine::DisableKSL. 2026-02-10T02:36:33.764 [KSL] Entering CKSLEngine::shutdownImpl. 2026-02-10T02:36:33.800 [KSL] Leaving CKSLEngine::shutdownImpl(0). 2026-02-10T02:36:33.800 [KSL] Leaving CKSLEngine::DisableKSL(0). 2026-02-10T02:36:33.802 [KSL] OnPlatformUpdate: hr=[0x8000000a] Type=[1] KslServiceExists=[1] KslActive=[1] KslState=[2] 2026-02-10T02:36:33.802 [PlatUpd] DlpActive 0, CopyAccActive 0 2026-02-10T02:36:33.802 [PlatUpd] PlatformUpdate is now allowed. Resuming platform update from C:\Windows\TEMP\28C85327-1551-4AA9-A06B-8BF15E5143F9. 2026-02-10T02:36:33.802 [PlatUpd] NewLocation set to [C:\Windows\TEMP\28C85327-1551-4AA9-A06B-8BF15E5143F9] to indicate we are in the middle of an update. 2026-02-10T02:36:33.804 Job Notification: New process added to job (6788) 2026-02-10T02:36:33.804 Task(-RestartService) launched as PPL process 2026-02-10T02:36:33.806 Job Notification: New process added to job (2920) -------------------------------------------------------------------------------- Windows Defender Antivirus (77BDAF73-B396-481F-9042-AD358843EC24) Service Log Started On 02-10-2026 02:36:37 ************************************************************ OS install time: 04/14/2022 09:07:59.0 UTC Current time: 02/10/2026 02:36:37.530158100 UTC (1028140 ms since boot) 2026-02-10T02:36:37.531 MpEnsureProcessMitigationPolicy(0x7) returns 0x1 2026-02-10T02:36:37.533 ProductId: 2, ProductFeature: 0, LaunchedProtected: 3, IsWcos: 0, IsContainerOs: 0, DirtyShutdownDetected: 0, PassiveRemediation: 0, IsHybridModePolicyEnabled: 0, IsVerifiedAndReputableTrustModeEnabled: 0 2026-02-10T02:36:37.538 [WPP] Starting WPP trace with buffersize 4MB, maxfilesize: 16MB, filename: MpWppTracing-20260210-023637-00000003-fffffffeffffffff.bin ... 2026-02-10T02:36:37.576 [WPP] Trace session started - MpWppTracing-20260210-023637-00000003-fffffffeffffffff.bin 2026-02-10T02:36:37.577 MpReinforceExclusionsAcls from LoadCapability: (hr = 0) 2026-02-10T02:36:37.577 [RbM] Rollback manager succesfully initialized. 2026-02-10T02:36:37.577 [RbM] Rollback manager EnableRollbackManager called. 2026-02-10T02:36:37.579 [RbM] Rollback manager EnableRollbackManager completed. 2026-02-10T02:36:37.579 [PlatUpd] Stage 1 - Starting platform update from %ProgramData%\Microsoft\Windows Defender\Platform\4.18.26010.5-0 ... 2026-02-10T02:36:39.657 [PlatUpd] Updated service binary of WdNisSvc from "%ProgramData%\Microsoft\Windows Defender\Platform\4.18.25110.6-0\NisSrv.exe" to "%ProgramData%\Microsoft\Windows Defender\Platform\4.18.26010.5-0\NisSrv.exe" 2026-02-10T02:36:39.770 [PlatUpd] Updated driver binary link C:\Windows\system32\drivers\wd\WdBoot.sys to C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\Drivers\WdBoot.sys 2026-02-10T02:36:39.771 [PlatUpd] Updated driver binary link C:\Windows\system32\drivers\wd\WdFilter.sys to C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\Drivers\WdFilter.sys 2026-02-10T02:36:39.772 [PlatUpd] Updated driver binary link C:\Windows\system32\drivers\wd\WdNisDrv.sys to C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\Drivers\WdNisDrv.sys 2026-02-10T02:36:41.089 [PlatUpd] Updated driver binary link C:\Windows\system32\drivers\wd\WdDevFlt.sys to C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\Drivers\WdDevFlt.sys 2026-02-10T02:36:41.090 [PlatUpd] Updated driver binary link C:\Windows\system32\drivers\wd\KslD.sys to C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\Drivers\KslD.sys 2026-02-10T02:36:43.133 [PlatUpd] Updated SOFTWARE\Classes\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}\InprocServer32[(default)] from "%ProgramData%\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpOav.dll" to "%ProgramData%\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpOav.dll" 2026-02-10T02:36:43.133 [PlatUpd] Updated SOFTWARE\WOW6432Node\Classes\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}\InprocServer32[(default)] from "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\X86\MpOav.dll" to "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\X86\MpOav.dll" 2026-02-10T02:36:43.146 [PlatUpd] MpAddMpUxRegistration succeeded 2026-02-10T02:36:43.146 [PlatUpd] MpManagementUpdateHandler: starting update for install path %ProgramData%\Microsoft\Windows Defender\Platform\4.18.26010.5-0. 2026-02-10T02:36:43.146 [PlatUpd] MpManagementUpdateHandler: calling MpUpdateManagement() 2026-02-10T02:36:43.146 [PlatUpd] MpUpdateManagement: Management platform update started for components (3) 2026-02-10T02:36:43.146 [PlatUpd] Defender MDM CSP platform update not supported on Server SKUs 2026-02-10T02:36:43.146 [PlatUpd] WMI/PS provider platform update started 2026-02-10T02:36:43.146 [PlatUpd] Powershell module update started: ConfigDefender 2026-02-10T02:36:43.181 [PlatUpd] Powershell module update completed: ConfigDefender 2026-02-10T02:36:43.181 [PlatUpd] Powershell module update started: ConfigDefenderPerformance 2026-02-10T02:36:43.183 [PlatUpd] Powershell module update completed: ConfigDefenderPerformance 2026-02-10T02:36:44.403 [PlatUpd] WMI repository update completed 2026-02-10T02:36:44.403 [PlatUpd] Updated SOFTWARE\Classes\CLSID\{A7C452EF-8E9F-42EB-9F2B-245613CA0DC9}\InprocServer32[(default)] from "%ProgramData%\Microsoft\Windows Defender\Platform\4.18.25110.6-0\ProtectionManagement.dll" to "%ProgramData%\Microsoft\Windows Defender\Platform\4.18.26010.5-0\ProtectionManagement.dll" 2026-02-10T02:36:44.403 [PlatUpd] Unload current WMI provider so that new instance can be loaded 2026-02-10T02:36:44.535 [PlatUpd] WMI/PS provider platform update completed 2026-02-10T02:36:44.536 [PlatUpd] MpUpdateManagement: Management platform update completed 2026-02-10T02:36:44.538 [PlatUpd] Failed to read Misc config regarding new coreservice lifecycle management, using legacy core service lifecycle management anyway. hr = 0x80070002 2026-02-10T02:36:44.541 MdCoreSvc is supported in this platform and OS 2026-02-10T02:36:44.541 [PlatUpd] MDCoreSvc is supported by the version of the platform we are switching to. Making sure the service is registered with SCM 2026-02-10T02:36:44.541 [PlatUpd] Updated service binary of MDCoreSvc from "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpDefenderCoreService.exe" to "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpDefenderCoreService.exe" 2026-02-10T02:36:44.541 [PlatUpd] Because we updated service binary, and MdCoreSvc service was already running, we need to restart the service 2026-02-10T02:36:45.741 [PlatUpd] Firewall rules updated for %ProgramData%\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MsMpEng.exe 2026-02-10T02:36:45.741 [PlatUpd] MpCheckAndUpdateBinaryLocationTo(%ProgramData%\Microsoft\Windows Defender\Platform\4.18.26010.5-0): 10 items checked, 7 required update. hrMui: 0x1 hrEtw: 0 2026-02-10T02:36:45.741 [PlatUpd] Stage 1 - NewLocation updated from C:\Windows\TEMP\28C85327-1551-4AA9-A06B-8BF15E5143F9 to C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0 to indicate we are in the middle of an update 2026-02-10T02:36:45.745 [PlatUpd] Stage 1 - Service binary path updated to "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MsMpEng.exe". 2026-02-10T02:36:45.745 [PlatUpd] Stage 1 - Removed BlockedLocation [C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0] to indicate we are loaded successfully. 2026-02-10T02:36:45.746 Task(-RestartService) launched as PPL process 2026-02-10T02:36:45.746 MpPostPlatformUpdate is requesting a service restart. We will abort the current service start -------------------------------------------------------------------------------- Windows Defender Antivirus (77BDAF73-B396-481F-9042-AD358843EC24) Service Log Started On 02-10-2026 02:36:46 ************************************************************ OS install time: 04/14/2022 09:07:59.0 UTC Current time: 02/10/2026 02:36:46.286766900 UTC (1036906 ms since boot) 2026-02-10T02:36:46.287 MpEnsureProcessMitigationPolicy(0x7) returns 0x1 2026-02-10T02:36:46.288 ProductId: 2, ProductFeature: 0, LaunchedProtected: 3, IsWcos: 0, IsContainerOs: 0, DirtyShutdownDetected: 0, PassiveRemediation: 0, IsHybridModePolicyEnabled: 0, IsVerifiedAndReputableTrustModeEnabled: 0 2026-02-10T02:36:46.294 [WPP] Starting WPP trace with buffersize 4MB, maxfilesize: 16MB, filename: MpWppTracing-20260210-023646-00000003-fffffffeffffffff.bin ... 2026-02-10T02:36:46.348 [WPP] Trace session started - MpWppTracing-20260210-023646-00000003-fffffffeffffffff.bin 2026-02-10T02:36:46.350 MpReinforceExclusionsAcls from LoadCapability: (hr = 0) 2026-02-10T02:36:46.350 [RbM] Rollback manager succesfully initialized. 2026-02-10T02:36:46.350 [RbM] Rollback manager EnableRollbackManager called. 2026-02-10T02:36:46.351 [RbM] Rollback manager EnableRollbackManager completed. 2026-02-10T02:36:46.351 [PlatUpd] Stage 2 - Service started from new location. Removed NewLocation value: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0 2026-02-10T02:36:46.351 [PlatUpd] [Catalog] Catalog installer only supported on client OS. No further processing required. 2026-02-10T02:36:46.351 [PlatUpd] Stage 2 - Updated BackupLocation to C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0. 2026-02-10T02:36:46.358 [PlatUpd] MpRemoveMpUxRegistration failed (Ignored). hr = 0x800401f0 2026-02-10T02:36:46.358 [RbM] Platform LKG candidate becoming LKG: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0. 2026-02-10T02:36:47.316 EnsureProtectedFolderAcls(), hr = 0x0 2026-02-10T02:36:47.318 [PlatUpd] Stage 2 - ReinforceServiceAcl (hr = 0) 2026-02-10T02:36:47.318 [PlatUpd] Stage 2 - Readded platform files to MOAC after ACL and Trust Label enforcement. hr=0 2026-02-10T02:36:47.318 [PlatUpd] Failed to read Misc config regarding new coreservice lifecycle management, using legacy core service lifecycle management anyway. hr = 0x80070002 2026-02-10T02:36:49.621 [PlatUpd] MpAddMpUxRegistration succeeded 2026-02-10T02:36:49.621 [PlatUpd] MpManagementUpdateHandler: starting update for install path %ProgramData%\Microsoft\Windows Defender\Platform\4.18.26010.5-0. 2026-02-10T02:36:49.621 [PlatUpd] MpManagementUpdateHandler: calling MpUpdateManagement() 2026-02-10T02:36:49.621 [PlatUpd] MpUpdateManagement: Management platform update started for components (3) 2026-02-10T02:36:49.621 [PlatUpd] Defender MDM CSP platform update not supported on Server SKUs 2026-02-10T02:36:49.621 [PlatUpd] WMI/PS provider platform update started 2026-02-10T02:36:49.621 [PlatUpd] WMI/PS provider platform update not required 2026-02-10T02:36:49.621 [PlatUpd] MpUpdateManagement: Management platform update completed 2026-02-10T02:36:49.621 MdCoreSvc is supported in this platform and OS 2026-02-10T02:36:49.621 [PlatUpd] MDCoreSvc is supported by the version of the platform we are switching to. Making sure the service is registered with SCM 2026-02-10T02:36:49.621 [PlatUpd] Starting MdCoreSvc service 2026-02-10T02:36:49.621 [PlatUpd] MpCheckAndUpdateBinaryLocationTo(%ProgramData%\Microsoft\Windows Defender\Platform\4.18.26010.5-0): 10 items checked, 0 required update. hrMui: 0x1 hrEtw: 0 2026-02-10T02:36:49.622 [TS] Troublshooting mode is not available! 2026-02-10T02:36:49.622 [TP] State change. FeatureAvialable: False, NewState: 0x2, OldState: 0, Scenario: Consumer, Source: Unknown, ConfigChange: Remove 2026-02-10T02:36:49.622 CheckProductDisabled(fWaitWSC: 1, fRemoveConfigs: 0) ... 2026-02-10T02:36:49.623 Service is asked to be reenabled. 2026-02-10T02:36:49.625 Task(-EnableService) launched as PPL process 2026-02-10T02:36:49.625 [Service] Enabling IOAV/IEV/ShellExt/EtwLogger registrations ... 2026-02-10T02:36:49.626 [Service] Enabling AutoLoggers ... 2026-02-10T02:36:49.626 [Service] Enabling AMSI registration ... 2026-02-10T02:36:49.626 [Service] Leaving EnableIOAVWorker(1, 0) with hr = 0 2026-02-10T02:36:49.628 Cache C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\3ADE5ADB-88D2-4AC6-A4B1-AD77CAEA8D6C-1.bin loaded.**********Cache stats************ No. Of buckets -> 39062 Each Bucket has max capacity of -> 1 entries number of Entries is 25051 Number of invalid entries is 0 Number of inserts issued is 509247 Number of replaces issued is 0 Number of insert failures is 94 Number of inserts with duplicate entries is 29549 Number of lookups is 151078468 Number of lookup misses is 7218586 Number of fast lookup misses is 103290566 Number of false fast lookups is 7218581 Number of invalidations is 298208 Number of maintenance invalidations is 72395 Current File Size is 958464 Journal ID = 1d84ffedf6511fc Trusted image state = 2 USN = 506af Setup boot count = 2 2026-02-10T02:36:49.629 Verifying license file... 2026-02-10T02:36:49.629 MpCacheManagerIsTrustedFile [C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\msmplics.dll]. File not in cache (0x1) 2026-02-10T02:36:49.640 Verified [C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\msmplics.dll] 2026-02-10T02:36:49.664 SharedSignatureRoot not configured. Disabling remote image load for msmpeng.exe. Once disabled, it can no longer be enabled without a service restart. hr=0x1 2026-02-10T02:36:49.664 Loaded module#0 MpComServer. 2026-02-10T02:36:49.664 Loaded module#1 StartupPolicies. 2026-02-10T02:36:49.666 COM server initialized successfully. 2026-02-10T02:36:49.668 MpRefreshDefenderCoreConfigs: failed because engine is not ready, we cannot let the process continue because we might start core service while its configuration is not ready. 2026-02-10T02:36:49.671 [Plugin] Verifying C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\mprtp.dll ... 2026-02-10T02:36:49.671 Skipped verification of [C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\mprtp.dll] due to PPL. 2026-02-10T02:36:49.785 [RTP] [RTP] FilterCommunicator object 0x000002800EA85D10 initialized (\MicrosoftMalwareProtectionAsyncPortWD, , ), threads: 0 normal, 0 very low, 0 alt, thread pool threads: 4 normal, 0 very low, 0 alt 2026-02-10T02:36:49.787 [RTP] Setting DisableAsyncScanOnClose to 0 (hr=0). 2026-02-10T02:36:49.787 [RTP] Setting DisableAsyncScanOnOpen to 0 in wdfilter (hr=0). 2026-02-10T02:36:49.787 [RTP] Setting FilterExperimentMode to 0 (hr=0). 2026-02-10T02:36:49.787 [RTP] Setting DisableDriverUnload to 1 (hr=0). 2026-02-10T02:36:49.787 [RTP] Setting RegLinkHardeningMode to 0 (hr=0). 2026-02-10T02:36:49.787 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-10T02:36:49.787 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-10T02:36:49.787 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-10T02:36:49.787 [RTP] Setting PreventPagingFileAbuse to 1 (hr=0). 2026-02-10T02:36:49.787 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-10T02:36:49.787 [RTP] [RTP] LastAccessTimeSuppression for network files is enabled by configuration. 2026-02-10T02:36:49.787 [RTP] [RTP] FilterCommunicator object 0x000002800EA85F20 initialized (\MicrosoftMalwareProtectionPortWD, \MicrosoftMalwareProtectionVeryLowIoPortWD, \MicrosoftMalwareProtectionRemoteIoPortWD), threads: 8 normal, 2 very low, 0 alt, thread pool threads: 0 normal, 0 very low, 8 alt 2026-02-10T02:36:49.787 [RTP] SyncDssAvailableThreads cap limit initialized by MiscConfig to: 18 2026-02-10T02:36:49.788 [RTP] [RtpCopyAccelerator] Windows19H1 0, WindowsCobalt 0, IsServerSKU 1, IsPassiveOrSideBySidePassiveMode 0, IsDevMode 0, fIsWindowsInhouseBuild 0, BuildLabEx 17763.1.amd64fre.rs5_release.180914-1434 2026-02-10T02:36:49.788 [RTP] [RTP] StartCommunication 0x000002800EA85D10 (\MicrosoftMalwareProtectionAsyncPortWD, ), threads: 0 normal, 0 very low, 0 alt, thread pool threads: 4 normal, 0 very low, 0 alt 2026-02-10T02:36:49.788 [init][RTP] RTPPlugin initialization completed 2026-02-10T02:36:49.788 OS boot count = 2 2026-02-10T02:36:49.788 OS Install = 0 2026-02-10T02:36:49.791 [init] MpAddMpUxRegistrationForToast failed (Ignored). hr = 0x8000401a 2026-02-10T02:36:49.793 [KSL] Entering CKSLEngine::Initialize. 2026-02-10T02:36:49.793 [KSL] Leaving CKSLEngine::Initialize(0). 2026-02-10T02:36:49.793 [KSL] Entering CKSLEngine::EnableKSL. State: [1] 2026-02-10T02:36:49.794 [KSL] MpInstallKslD: hr=0 2026-02-10T02:36:49.794 [KSL] MpRegisterKslD: hr=0 2026-02-10T02:36:49.811 [KSL] MpStartKslD: hr=0 2026-02-10T02:36:49.811 [KSL] Leaving CKSLEngine::EnableKsl(0). 2026-02-10T02:36:49.811 Loading engine... 2026-02-10T02:36:49.820 Verifying engine and signature files (source: 1) ... 2026-02-10T02:36:49.820 Skipped verification of [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7FAC9EC8-9BE6-4961-A11A-B44B6FA6E23B}\mpengine.dll] due to PPL. 2026-02-10T02:36:49.820 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7FAC9EC8-9BE6-4961-A11A-B44B6FA6E23B}\mpasbase.vdm] (file in cache) 2026-02-10T02:36:49.820 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7FAC9EC8-9BE6-4961-A11A-B44B6FA6E23B}\mpasdlta.vdm] (file in cache) 2026-02-10T02:36:49.820 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7FAC9EC8-9BE6-4961-A11A-B44B6FA6E23B}\mpavbase.vdm] (file in cache) 2026-02-10T02:36:49.820 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7FAC9EC8-9BE6-4961-A11A-B44B6FA6E23B}\mpavdlta.vdm] (file in cache) 2026-02-10T02:36:49.823 [Engine] IsHybridMode: 0 2026-02-10T02:36:49.824 [KSL]KSL(1.1.25111.3024) Is available via CAMP. KslDevice : KslD 2026-02-10T02:36:49.831 Database:Can't find offline cache cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-3CD20F9D9C9175FC41618744608FC309ECA22220.bin): 0x00000002 2026-02-10T02:36:49.867 Database:Creating offline cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-3CD20F9D9C9175FC41618744608FC309ECA22220.bin) 2026-02-10T02:36:49.867 Database:Product:1, ProductVersion:5, Platform:6, PlatformVersion:19, IsBeta:0, IsAdvancedAtLoad:0, IsParanoid: 0, IsOffline: 0 2026-02-10T02:36:49.867 Database:IsEmbedded: 0, IsIEVEnabled: 0, IsServerSku: 1, IsRsdhSku: 1, IsEnterpriseProduct: 0, IsMsft: 0, IsSeville: 0, IsMsSense: 0, IsImmune: 0, IsMba: 0, IsPus: 0, IsManaged: 0, IsSmode: 0 2026-02-10T02:36:49.867 Database:IsAutoSubmit:0, IsPusRem:0, LoadedAS:1, LoadedAV:1, LoadedInternal: 0, PassiveMode: 0, SxsPassiveMode:0, IsDevMode:0, IsTestSigning:0, IsWCOS: 0, IsInsideContainer: 0, IsHybridMode: 0 2026-02-10T02:36:49.867 Database:kLCID:1033, kOsVersion:655360, kProcessorArch:9, dwIsTest:0, fTdtCapable:0, fTdtUVE:0, dwTDTSiloType:0, kOOsVersion:655360, kOsSP:0, kOsBld:17763, dwPvpRing=0xffffffff IDynamicConfig::ReportError value=BruteForceProtectionIPExclusion hr=0x8007007b IDynamicConfig::ReportError value=BruteForceProtectionStatus hr=0x8007007b IDynamicConfig::ReportError value=DisableGradualRelease hr=0x8007007b IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007b IDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000d IDynamicConfig::ReportError value=MpCampRingThrottled hr=0x8007007b IDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d IDynamicConfig::ReportError value=MpEngineRingThrottled hr=0x8007007b 2026-02-10T02:37:06.563 Geo ID not found using standard default set: :SOAP:https://wdcp.microsoft.com/WdCpSrvc.asmx 2026-02-10T02:37:06.563 [AutoExclusion] Applied roles from cache. 2026-02-10T02:37:06.563 [AutoExclusion] Started roles monitoring. 2026-02-10T02:37:06.563 [Engine] New active engine 00007FFB91036240 (no old engine). Number of active engines: 1 2026-02-10T02:37:06.568 EngineInit:Global ASOC is enabled 2026-02-10T02:37:06.568 EngineInit:ASOO is enabled for developer volumes 2026-02-10T02:37:06.623 Engine-HIPS:Loaded ASR vdm rule "Block use of copied or impersonated system tools", State=5, Action=0, Type=9, Duplicates(Interval=288000000000, scope=0x100) 2026-02-10T02:37:06.623 Engine-HIPS:Loaded ASR vdm rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:37:06.624 Engine-HIPS:Loaded ASR vdm rule "Block credential stealing from the Windows local security authority subsystem (lsass.exe)", State=5, Action=7, Type=1, Duplicates(Interval=288000000000, scope=0x380) 2026-02-10T02:37:06.624 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from injecting code into other processes", State=5, Action=2, Type=24, Duplicates(Interval=144000000000, scope=0x380) 2026-02-10T02:37:06.624 Engine-HIPS:Loaded ASR vdm rule "Controlled folder access", State=0, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-10T02:37:06.624 Engine-HIPS:Loaded ASR vdm rule "Block untrusted and unsigned processes that run from USB", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:37:06.624 Engine-HIPS:Loaded ASR vdm rule "Block Adobe Reader from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:37:06.624 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from creating executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:37:06.624 Engine-HIPS:Loaded ASR vdm rule "Block Webshell creation for Servers", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-10T02:37:06.624 Engine-HIPS:Loaded ASR vdm rule "Block Office communication application from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:37:06.624 Engine-HIPS:Loaded ASR vdm rule "Block abuse of in-the-wild exploited vulnerable signed drivers", State=5, Action=0, Type=1, Duplicates(Interval=36000000000, scope=0x100) 2026-02-10T02:37:06.624 Engine-HIPS:Loaded ASR vdm rule "Block all Office applications from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:37:06.624 Engine-HIPS:Loaded ASR vdm rule "Use advanced protection against ransomware", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:37:06.624 Engine-HIPS:Loaded ASR vdm rule "Block Process Creations originating from PSExec & WMI commands", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:37:06.624 Engine-HIPS:Loaded ASR vdm rule "Block Launching of executable content from email attachment", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:37:06.624 Engine-HIPS:Loaded ASR vdm rule "Block JavaScript or VBScript from launching downloaded executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:37:06.624 Engine-HIPS:Loaded ASR vdm rule "Block persistence through WMI event subscription", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:37:06.624 Engine-HIPS:Loaded ASR vdm rule "Block rebooting machine in Safe Mode", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:37:06.624 Engine-HIPS:Loaded ASR vdm rule "Block execution of potentially obfuscated scripts", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-10T02:37:06.625 MpWriteUupSignatureVersion 1.443.1096.0, hr = 0 2026-02-10T02:37:06.625 [SigStatUpd] CSignatureStatus: back to good 2026-02-10T02:37:06.625 ForceSyncMoacInsertion config from engine is 0, hr = 0x0 2026-02-10T02:37:06.637 [HybridMode] HybridMode change notification isHybridModePolicyEnabled: 0, isVerifiedAndReputableTrustModeEnabled: 0 2026-02-10T02:37:06.637 Hybrid mode change notification called, no change detected in verified and reputable trust mode (0 -> 0)! 2026-02-10T02:37:06.637 Hybrid mode change notification called, no change detected in Hybrid mode (0 -> 0)!ApplyDefenderProcessTokenTrustLableAce succeeded to set. 2026-02-10T02:37:06.661 MpUpdateUpdateResiliencyConfiguration updated to 0 2026-02-10T02:37:06.662 [Plugin] Initializing RTP plugin state... 2026-02-10T02:37:06.662 [Plugin] Normal mode, or passive mode with shadow protection enabled. Will not force RTP off. 2026-02-10T02:37:06.662 [Engine] Loaded C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7FAC9EC8-9BE6-4961-A11A-B44B6FA6E23B} 2026-02-10T02:37:06.662 Failed to retrieve config value from engine or configurations for config key (MdCpuSensorCollectionLag) hr = 0x8050800f 2026-02-10T02:37:06.662 Failed to retrieve config value from engine or configurations for config key (MdCrashSensorCollectionLag) hr = 0x8050800f 2026-02-10T02:37:06.662 Failed to retrieve config value from engine or configurations for config key (MdDiskSensorCollectionLag) hr = 0x8050800f 2026-02-10T02:37:06.662 Failed to retrieve config value from engine or configurations for config key (MdMemorySensorCollectionLag) hr = 0x8050800f 2026-02-10T02:37:06.662 MdCoreSvc is supported in this platform and OS 2026-02-10T02:37:06.662 MdCoreSvc is supported in this platform and OS 2026-02-10T02:37:06.662 [PlatUpd] MDCoreSvc is supported by the version of the platform we are switching to. Making sure the service is registered with SCM 2026-02-10T02:37:06.663 [PlatUpd] Starting MdCoreSvc service 2026-02-10T02:37:06.663 Engine loaded! 2026-02-10T02:37:06.663 [DLP] Create FeatureControlState instance 2026-02-10T02:37:06.670 RegisterSModeChangeListener: hr = 0x1 2026-02-10T02:37:06.670 RegisterHybridModeChangeListener: hr = 0x1 2026-02-10T02:37:06.672 [PlatUpd] Updated install location from C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\ to C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\ 2026-02-10T02:37:06.677 [RTP] ****************************RTP Perf Log*************************** RTP Start:N/A Last Perf:(null) First RTP Scan:N/A Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\OInstall_x64.exe C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\files C:\Users\Administrator\Downloads\InternetDownloadManager6.42Build3.c.taiwebs.com\Internet Download Manager 6.42 Build 3 Multilingual\Patch C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\OInstall.exe Ext Exclusions: Temp Exclusions: Worker Threads: AM:18 Async:4 Cache Flushes: RTP:0 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:2,2,0 SetEngine:1,1,0 SetState:1,1,0 SetUser:0,0,0 Config:0,0,0 ProcExcl:0,0,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:2882 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:0 AsyncQCurrent:0 BMFlags:8 ServiceMaj:0 ServiceMin:0 NumInstance:6 TotalStreamCon:418 NTFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:10319 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:425 InstanceCacheOverflows:0 CSVFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 SyncProcessCreateDuration:-1ms (0/0) Success: 0, failures: 0 (last code: 0x0), timeouts: 0, baddata: 0 **************************END RTP Perf Log************************* 2026-02-10T02:37:06.680 Engine:Failure in process enumeration: Image:, Error:GetImageNameConfigurationEx, 0x80078020, PID: 0 2026-02-10T02:37:06.680 Engine:Failure in process enumeration: Image:, Error:GetImageNameConfigurationEx, 0x80078020, PID: 4 2026-02-10T02:37:06.693 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-10T02:37:06.696 [AutoPurge] Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms) 2026-02-10T02:37:06.696 [SigReleaseHb] Initialized with Stage 0 2026-02-10T02:37:06.696 [EmergencySigManager] Emergency sig checks are currently disabled. Timer interval: 15 minutes. 2026-02-10T02:37:06.697 [SCC][CID=1057312_2580] Initializing ... 2026-02-10T02:37:06.697 [SCC][CID=1057312_2580] SCC Initialize! The feature is OFF on this machine (E5 = 0), hr: 0x80004001 2026-02-10T02:37:06.698 MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0 2026-02-10T02:37:06.698 MpPlatformKillbitsFromEngineEx (0x0) (0x0) written, hr = 0 2026-02-10T02:37:06.698 [NRI] Stopping NIS service ... 2026-02-10T02:37:06.699 [RTP] [RTP] Killbits updated: 0x200000000000000 -> 0x4000000 2026-02-10T02:37:06.699 [RTP] [RTP] LastAccessTimeSuppression is enabled (default behavior). Product Version: 4.18.26010.5 Service Version: 4.18.26010.5 Engine Version: 1.1.25110.1 AS Signature Version: 1.443.1096.0 AV Signature Version: 1.443.1096.0 ************************************************************ 2026-02-10T02:37:06.699 Resource usage Monitoring is enabled 2026-02-10T02:37:06.700 Ci Endpoint Security Policy Installation: Unsupported, hr = 0x00000001 2026-02-10T02:37:06.710 [RTP] [Mini-filter] MpFC: MpFC_Kernel_HardenUxProcesses=0;MpFC_Kernel_SystemIoRequestWorkOnBehalfOf=0x1;MpFC_Kernel_PreventBindfltAbuse=0x1;MpFC_Kernel_ParentProcessObHardeningAllow=0;MpFC_Kernel_ReduceOfficeInjectRuleFP=0x1;MPC_Kernel_CheckValidityOfProcessFilterFlagsInASR=0x1;MpFc_Kernel_UseLowPrioThreadsForAsyncScans=0x1;MpFc_Kernel_DisableFileDirtyLogic=0;MpFC_Kernel_DisableDLPPort=0x1;MpFC_Kernel_DlpFeatures=0;MpFC_Kernel_EnableFolderGuardOnPostCreate=0x1;MpFC_Kernel_StrictTiChildrenMatch=0;MpFC_Kernel_PPLReduxMitigationFlags=0x3;MpFc_Kernel_UseLowPriAsyncScansDevDrvOnly=0x1;MpFc_Kernel_DisableOfficeInjectUevSuppression=0x1;MpFc_Kernel_CopyChunkFileHintMask=0;MpFc_Kernel_DisableScanOnCloseForNetworkFiles=0x1;MpFc_Kernel_MaxAsyncWorkQueue=0x400;MpFc_Kernel_DlpIgnoreSystemFolder=0x1;MpFc_Kernel_DlpPassThroughMode=0;MpFc_Kernel_L2StateCache_DefaultStreamsOnly=0x1;MpFc_Kernel_L2StateCache_SupportGenericFileState=0x1;MpFc_Kernel_CryptSvcPreScanFilter=0x1;MpFc_Kernel_SystemPreScanFilter=0x1;MpFC_Kernel_CheckValidit 2026-02-10T02:37:06.719 Job Notification: New process added to job (7580) 2026-02-10T02:37:06.740 [TP] State change. FeatureAvialable: False, NewState: 0x2, OldState: 0x2, Scenario: Consumer, Source: Signatures, ConfigChange: Remove 2026-02-10T02:37:06.741 [TP] TP Enabled: 0, SecureConfigEnabled: 0, DisableTPExclusionBypass: 0, EnableTPExclusion via FC: 0, IsIntuneManagedDefender: 0, IsSCCMManagedDefender: 0, IsMDEAttachManagedDefender: 0, IsSCCMOnlyManagedDefender: 0, IsStrictPolicyModeEnabled: 0 (from snapshot: 0), Effective EnableTPExclusions: 0, Previous EnableTPExclusions: 0, Delayed call: 0 2026-02-10T02:37:06.745 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-10T02:37:06.745 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-10T02:37:06.746 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-10T02:37:06.746 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-10T02:37:06.746 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-10T02:37:06.746 [RTP] Generating the base plugin configuration ... 2026-02-10T02:37:06.746 [RTP] Path exclusion changed, new size in bytes: 850 2026-02-10T02:37:06.746 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-10T02:37:06.746 [RTP] Calling GenerateEngineConfigStruct (0x3e) ... 2026-02-10T02:37:06.746 [RTP] [RTP] RTPPlugin state has changed as follow: ASStatus:0->1, AVStatus:0->1, RTPStatus:0->2 2026-02-10T02:37:06.746 [RTP] [RTP] FilterCommunicator object 0x000002800EA85F20 StopCommunication (\MicrosoftMalwareProtectionPortWD, \MicrosoftMalwareProtectionVeryLowIoPortWD), threads: 8 normal, 2 very low, 0 alt, thread pool threads: 0 normal, 0 very low, 8 alt 2026-02-10T02:37:07.164 CheckProductDisabled(fWaitWSC: 0, fRemoveConfigs: 1) ... 2026-02-10T02:37:07.167 [KSL] Entering CKSLEngine::EnableKSL. State: [3] 2026-02-10T02:37:07.167 [KSL] CKSLEngine::EnableKSL feature is already enabled. 2026-02-10T02:37:07.167 [KSL] Leaving CKSLEngine::EnableKsl(0). 2026-02-10T02:37:09.255 [RTP] Duplicating the current plugin configuration object... 2026-02-10T02:37:09.255 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-10T02:37:09.255 [RTP] Updating plugin configuration due to recent config changes (0x600) ... 2026-02-10T02:37:09.255 [RTP] Calling GenerateEngineConfigStruct (0x18) ... 2026-02-10T02:37:09.256 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x600, Changed: 0x218 2026-02-10T02:42:06.600 [RbM] Setting Last known good engine candidate. hr = 0 2026-02-10T02:42:06.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T02:47:06.697 Timer callback: Initializating/verifying scheduled tasks ... 2026-02-10T02:47:06.699 [AutoPurge] AutoPurgeWorker triggered with dwWork=0x3 2026-02-10T02:47:06.701 Job Notification: New process added to job (6440) 2026-02-10T02:47:06.704 Job Notification: New process added to job (1560) 2026-02-10T02:47:06.717 [RTP] [Mini-filter] Denied OB operation OpenProcess[\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpCmdRun.exe][Pid:6440] from process [\Device\HarddiskVolume4\Windows\System32\conhost.exe][Pid:1560]. OriginalDesiredAccess: [0x1fffff] ResultingAccess: [0x1ff7d4] 2026-02-10T02:47:06.739 Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) launched 2026-02-10T02:47:06.756 Task(SignaturesUpdateService -ScheduleJob -UnmanagedUpdate) launched 2026-02-10T02:47:06.757 Job Notification: New process added to job (3104) 2026-02-10T02:47:06.759 Job Notification: New process added to job (6164) 2026-02-10T02:47:06.772 [RTP] [Mini-filter] Denied OB operation OpenProcess[\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpCmdRun.exe][Pid:3104] from process [\Device\HarddiskVolume4\Windows\System32\conhost.exe][Pid:6164]. OriginalDesiredAccess: [0x1fffff] ResultingAccess: [0x1ff7d4] 2026-02-10T02:47:07.228 Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2 -ScanTrigger 52) is scheduled to run in 77769678(ms) from now at 03:23 (00:23 UTC) with period 86400000(ms). Daily task start time is randomized to reduce spikes. 2026-02-10T02:47:13.995 Job Notification: Process exited from job (6440) 2026-02-10T02:47:14.003 Job Notification: Process exited from job (1560) 2026-02-10T02:47:14.003 Job Notification: Process exited from job (3104) 2026-02-10T02:47:14.006 Job Notification: Process exited from job (6164) 2026-02-10T02:57:11.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T03:12:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T03:27:21.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T03:42:26.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T03:57:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T04:12:36.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T04:27:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T04:42:46.704 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T04:57:51.699 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T05:12:56.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T05:28:01.698 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T05:43:06.703 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T05:58:11.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T06:13:16.701 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T06:28:21.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T06:43:26.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T06:58:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T07:13:36.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T07:28:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T07:43:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T07:58:51.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T08:13:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T08:29:01.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T08:44:06.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T08:59:11.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T09:14:16.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T09:29:21.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T09:44:26.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T09:59:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T10:14:36.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T10:29:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T10:44:46.698 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T10:59:51.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T11:14:56.713 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T11:30:01.700 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T11:45:06.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T12:00:11.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T12:15:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T12:30:21.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T12:45:26.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T13:00:31.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T13:15:36.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T13:30:41.698 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T13:45:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T14:00:51.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T14:15:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T14:31:01.701 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T14:46:06.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T15:01:11.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T15:16:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T15:31:21.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T15:46:26.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T16:01:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T16:16:36.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T16:31:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T16:46:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T17:01:51.698 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T17:16:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T17:32:01.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T17:47:06.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T18:02:11.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T18:17:16.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T18:32:21.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T18:47:26.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T19:02:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T19:17:36.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T19:32:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T19:47:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T20:02:51.701 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T20:17:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T20:33:01.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T20:48:06.700 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T21:03:11.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T21:18:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T21:33:21.698 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T21:48:26.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T22:03:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T22:18:36.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T22:33:41.704 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T22:48:46.703 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T23:03:51.703 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T23:18:56.710 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T23:34:01.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-10T23:49:06.704 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T00:04:11.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T00:19:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T00:34:21.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T00:49:26.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T01:04:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T01:19:36.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T01:34:41.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T01:49:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T02:04:51.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T02:19:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T02:35:01.708 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T02:47:06.701 [AutoPurge] AutoPurgeWorker triggered with dwWork=0x3 2026-02-11T02:47:06.804 Job Notification: New process added to job (64496) 2026-02-11T02:47:06.942 Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) launched 2026-02-11T02:47:06.943 Job Notification: New process added to job (61736) 2026-02-11T02:47:06.989 [RTP] [Mini-filter] Denied OB operation OpenProcess[\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpCmdRun.exe][Pid:64496] from process [\Device\HarddiskVolume4\Windows\System32\conhost.exe][Pid:61736]. OriginalDesiredAccess: [0x1fffff] ResultingAccess: [0x1ff7d4] 2026-02-11T02:47:07.414 Task(SignaturesUpdateService -ScheduleJob -UnmanagedUpdate) launched 2026-02-11T02:47:07.415 Job Notification: New process added to job (61824) 2026-02-11T02:47:07.417 Job Notification: New process added to job (64476) 2026-02-11T02:47:07.448 [RTP] [Mini-filter] Denied OB operation OpenProcess[\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpCmdRun.exe][Pid:61824] from process [\Device\HarddiskVolume4\Windows\System32\conhost.exe][Pid:64476]. OriginalDesiredAccess: [0x1fffff] ResultingAccess: [0x1ff7d4] 2026-02-11T02:47:07.497 [TaskUpdate] Run lost signature update scheduled job: SignatureUpdate -ScheduleJob -RestrictPrivileges 2026-02-11T02:47:07.497 [TaskUpdate] Run lost signature update scheduled job: SignatureUpdate -ScheduleJob -RestrictPrivileges 2026-02-11T02:47:07.498 Job Notification: New process added to job (64428) 2026-02-11T02:47:07.507 Job Notification: New process added to job (64460) 2026-02-11T02:47:07.538 [RTP] [Mini-filter] Denied OB operation OpenProcess[\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpCmdRun.exe][Pid:64428] from process [\Device\HarddiskVolume4\Windows\System32\conhost.exe][Pid:64460]. OriginalDesiredAccess: [0x1fffff] ResultingAccess: [0x1ff7d4] 2026-02-11T02:47:07.572 Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) launched 2026-02-11T02:47:07.812 Job Notification: Process exited from job (64428) 2026-02-11T02:47:07.815 Job Notification: Process exited from job (64460) 2026-02-11T02:47:07.815 [TaskUpdate] MpCmdRun process completed before completion signal is received 2026-02-11T02:47:07.822 Aggressive catchup quick scan threshold: 993955029502 / 25920000000000 2026-02-11T02:47:07.918 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-11T02:47:07.919 [RTP] Duplicating the current plugin configuration object... 2026-02-11T02:47:07.919 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-11T02:47:07.919 [RTP] Updating plugin configuration due to recent config changes (0x20) ... 2026-02-11T02:47:07.919 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-11T02:47:07.919 [RTP] No config change detected. Not updating plugin configuration. 2026-02-11T02:47:07.919 [RTP] No config changes found. No configuration switch. 2026-02-11T02:47:07.919 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x20, Changed: 0 2026-02-11T02:48:12.316 UpdateEngine start: Source: 1, szUpdateDirectory: C:\Windows\Temp\20FAE329-F8EE-4721-BF18-14E98A58E450fc30.1dc9b00d961a80a 2026-02-11T02:48:12.751 Verifying engine and signature files (source: 0) ... 2026-02-11T02:48:12.751 Skipped verification of [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4B5CFBC2-C961-4A8B-8617-279F0F6FD4E8}\mpengine.dll] due to PPL. 2026-02-11T02:48:12.751 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4B5CFBC2-C961-4A8B-8617-279F0F6FD4E8}\mpasbase.vdm] (file in cache) 2026-02-11T02:48:12.751 MpCacheManagerIsTrustedFile [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4B5CFBC2-C961-4A8B-8617-279F0F6FD4E8}\mpasdlta.vdm]. File not in cache (0x1) 2026-02-11T02:48:13.126 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4B5CFBC2-C961-4A8B-8617-279F0F6FD4E8}\mpasdlta.vdm] 2026-02-11T02:48:13.126 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4B5CFBC2-C961-4A8B-8617-279F0F6FD4E8}\mpavbase.vdm] (file in cache) 2026-02-11T02:48:13.126 MpCacheManagerIsTrustedFile [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4B5CFBC2-C961-4A8B-8617-279F0F6FD4E8}\mpavdlta.vdm]. File not in cache (0x1) 2026-02-11T02:48:13.347 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4B5CFBC2-C961-4A8B-8617-279F0F6FD4E8}\mpavdlta.vdm] 2026-02-11T02:48:13.626 [Engine] IsHybridMode: 0 2026-02-11T02:48:13.637 [KSL]KSL(1.1.25111.3024) Is available via CAMP. KslDevice : KslD 2026-02-11T02:48:13.763 Database:Can't find offline cache cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-A2DFEE803D3D87D79D2CD243EE678EE232E4F932.bin): 0x00000002 2026-02-11T02:48:13.838 Database:Creating offline cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-A2DFEE803D3D87D79D2CD243EE678EE232E4F932.bin) 2026-02-11T02:48:13.838 Database:Product:1, ProductVersion:5, Platform:6, PlatformVersion:19, IsBeta:0, IsAdvancedAtLoad:0, IsParanoid: 0, IsOffline: 0 2026-02-11T02:48:13.838 Database:IsEmbedded: 0, IsIEVEnabled: 0, IsServerSku: 1, IsRsdhSku: 1, IsEnterpriseProduct: 0, IsMsft: 0, IsSeville: 0, IsMsSense: 0, IsImmune: 0, IsMba: 0, IsPus: 0, IsManaged: 0, IsSmode: 0 2026-02-11T02:48:13.838 Database:IsAutoSubmit:0, IsPusRem:0, LoadedAS:1, LoadedAV:1, LoadedInternal: 0, PassiveMode: 0, SxsPassiveMode:0, IsDevMode:0, IsTestSigning:0, IsWCOS: 0, IsInsideContainer: 0, IsHybridMode: 0 2026-02-11T02:48:13.838 Database:kLCID:1033, kOsVersion:655360, kProcessorArch:9, dwIsTest:0, fTdtCapable:0, fTdtUVE:0, dwTDTSiloType:0, kOOsVersion:655360, kOsSP:0, kOsBld:17763, dwPvpRing=0xffffffff IDynamicConfig::ReportError value=BruteForceProtectionIPExclusion hr=0x8007007b IDynamicConfig::ReportError value=BruteForceProtectionStatus hr=0x8007007b IDynamicConfig::ReportError value=DisableGradualRelease hr=0x8007007b IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007b IDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000d IDynamicConfig::ReportError value=MpCampRingThrottled hr=0x8007007b IDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d IDynamicConfig::ReportError value=MpEngineRingThrottled hr=0x8007007b 2026-02-11T02:49:07.796 Geo ID not found using standard default set: :SOAP:https://wdcp.microsoft.com/WdCpSrvc.asmx 2026-02-11T02:49:07.822 [AutoExclusion] Applied roles from cache. 2026-02-11T02:49:07.822 [AutoExclusion] Started roles monitoring. 2026-02-11T02:49:07.899 [Engine] RSIG_ENGINE_PRE_SHUTDOWN, 0x00007FFB91036240, lRefCount: 5, hr=0 2026-02-11T02:49:07.899 [Engine] New active engine 00007FFB757C6240 replacing engine 00007FFB91036240. Number of active engines: 2 2026-02-11T02:49:07.976 EngineInit:Global ASOC is enabled 2026-02-11T02:49:07.976 EngineInit:ASOO is enabled for developer volumes 2026-02-11T02:49:08.341 Engine-HIPS:Loaded ASR vdm rule "Block use of copied or impersonated system tools", State=5, Action=0, Type=9, Duplicates(Interval=288000000000, scope=0x100) 2026-02-11T02:49:08.341 Engine-HIPS:Loaded ASR vdm rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-11T02:49:08.341 Engine-HIPS:Loaded ASR vdm rule "Block credential stealing from the Windows local security authority subsystem (lsass.exe)", State=5, Action=7, Type=1, Duplicates(Interval=288000000000, scope=0x380) 2026-02-11T02:49:08.341 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from injecting code into other processes", State=5, Action=2, Type=24, Duplicates(Interval=144000000000, scope=0x380) 2026-02-11T02:49:08.341 Engine-HIPS:Loaded ASR vdm rule "Controlled folder access", State=0, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-11T02:49:08.341 Engine-HIPS:Loaded ASR vdm rule "Block untrusted and unsigned processes that run from USB", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-11T02:49:08.341 Engine-HIPS:Loaded ASR vdm rule "Block Adobe Reader from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-11T02:49:08.341 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from creating executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-11T02:49:08.342 Engine-HIPS:Loaded ASR vdm rule "Block Webshell creation for Servers", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-11T02:49:08.342 Engine-HIPS:Loaded ASR vdm rule "Block Office communication application from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-11T02:49:08.342 Engine-HIPS:Loaded ASR vdm rule "Block abuse of in-the-wild exploited vulnerable signed drivers", State=5, Action=0, Type=1, Duplicates(Interval=36000000000, scope=0x100) 2026-02-11T02:49:08.342 Engine-HIPS:Loaded ASR vdm rule "Block all Office applications from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-11T02:49:08.342 Engine-HIPS:Loaded ASR vdm rule "Use advanced protection against ransomware", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-11T02:49:08.342 Engine-HIPS:Loaded ASR vdm rule "Block Process Creations originating from PSExec & WMI commands", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-11T02:49:08.342 Engine-HIPS:Loaded ASR vdm rule "Block Launching of executable content from email attachment", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-11T02:49:08.342 Engine-HIPS:Loaded ASR vdm rule "Block JavaScript or VBScript from launching downloaded executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-11T02:49:08.342 Engine-HIPS:Loaded ASR vdm rule "Block persistence through WMI event subscription", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-11T02:49:08.342 Engine-HIPS:Loaded ASR vdm rule "Block rebooting machine in Safe Mode", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-11T02:49:08.342 Engine-HIPS:Loaded ASR vdm rule "Block execution of potentially obfuscated scripts", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-11T02:49:08.373 MpWriteUupSignatureVersion 1.443.1114.0, hr = 0 2026-02-11T02:49:08.374 ForceSyncMoacInsertion config from engine is 0, hr = 0x0 2026-02-11T02:49:08.393 [RTP] [Mini-filter] MpFC: MpFC_Kernel_HardenUxProcesses=0;MpFC_Kernel_SystemIoRequestWorkOnBehalfOf=0x1;MpFC_Kernel_PreventBindfltAbuse=0x1;MpFC_Kernel_ParentProcessObHardeningAllow=0;MpFC_Kernel_ReduceOfficeInjectRuleFP=0x1;MPC_Kernel_CheckValidityOfProcessFilterFlagsInASR=0x1;MpFc_Kernel_UseLowPrioThreadsForAsyncScans=0x1;MpFc_Kernel_DisableFileDirtyLogic=0;MpFC_Kernel_DisableDLPPort=0x1;MpFC_Kernel_DlpFeatures=0;MpFC_Kernel_EnableFolderGuardOnPostCreate=0x1;MpFC_Kernel_StrictTiChildrenMatch=0;MpFC_Kernel_PPLReduxMitigationFlags=0x3;MpFc_Kernel_UseLowPriAsyncScansDevDrvOnly=0x1;MpFc_Kernel_DisableOfficeInjectUevSuppression=0x1;MpFc_Kernel_CopyChunkFileHintMask=0;MpFc_Kernel_DisableScanOnCloseForNetworkFiles=0x1;MpFc_Kernel_MaxAsyncWorkQueue=0x400;MpFc_Kernel_DlpIgnoreSystemFolder=0x1;MpFc_Kernel_DlpPassThroughMode=0;MpFc_Kernel_L2StateCache_DefaultStreamsOnly=0x1;MpFc_Kernel_L2StateCache_SupportGenericFileState=0x1;MpFc_Kernel_CryptSvcPreScanFilter=0x1;MpFc_Kernel_SystemPreScanFilter=0x1;MpFC_Kernel_CheckValidit 2026-02-11T02:49:08.394 [HybridMode] HybridMode change notification isHybridModePolicyEnabled: 0, isVerifiedAndReputableTrustModeEnabled: 0 2026-02-11T02:49:08.394 Hybrid mode change notification called, no change detected in verified and reputable trust mode (0 -> 0)! 2026-02-11T02:49:08.394 Hybrid mode change notification called, no change detected in Hybrid mode (0 -> 0)!ApplyDefenderProcessTokenTrustLableAce succeeded to set. 2026-02-11T02:49:08.405 MpUpdateUpdateResiliencyConfiguration updated to 0 2026-02-11T02:49:08.429 [Plugin] Initializing RTP plugin state... 2026-02-11T02:49:08.429 [Plugin] Normal mode, or passive mode with shadow protection enabled. Will not force RTP off. 2026-02-11T02:49:08.429 [RTP] ****************************RTP Perf Log*************************** RTP Start:‎02‎-‎10‎-‎2026 05:37:06 Last Perf:‎02‎-‎10‎-‎2026 05:37:06 First RTP Scan:N/A Plugin States: AV:1 AS:1 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\OInstall_x64.exe C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\files C:\Users\Administrator\Downloads\InternetDownloadManager6.42Build3.c.taiwebs.com\Internet Download Manager 6.42 Build 3 Multilingual\Patch C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\OInstall.exe Ext Exclusions: Temp Exclusions: Worker Threads: AM:18 Async:4 Cache Flushes: RTP:1 System File Cache: Hits:0 Misses:0 BM Queue:0,1,0 Proc:0,1,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:1,3,0 SetEngine:1,1,0 SetState:0,0,0 SetUser:0,1,0 Config:0,1,0 ProcExcl:0,0,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:281166 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:9576 AsyncQCurrent:0 BMFlags:1160 ServiceMaj:0 ServiceMin:0 NumInstance:6 TotalStreamCon:8102 NTFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:57808045 TotalHits:0 InstanceCacheInserts:1759 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:217 InstanceCacheMisses:74191 InstanceCacheOverflows:0 CSVFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 SyncProcessCreateDuration:-1ms (0/0) Success: 0, failures: 0 (last code: 0x0), timeouts: 0, baddata: 0 **************************END RTP Perf Log************************* 2026-02-11T02:49:08.429 [Engine] Loaded C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4B5CFBC2-C961-4A8B-8617-279F0F6FD4E8} 2026-02-11T02:49:08.430 [Engine] Skip removing C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7FAC9EC8-9BE6-4961-A11A-B44B6FA6E23B}, C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7FAC9EC8-9BE6-4961-A11A-B44B6FA6E23B}\mpasbase.vdm in use, hr=0x80070020 2026-02-11T02:49:08.430 Failed to retrieve config value from engine or configurations for config key (MdCpuSensorCollectionLag) hr = 0x8050800f 2026-02-11T02:49:08.430 Failed to retrieve config value from engine or configurations for config key (MdCrashSensorCollectionLag) hr = 0x8050800f 2026-02-11T02:49:08.430 Failed to retrieve config value from engine or configurations for config key (MdDiskSensorCollectionLag) hr = 0x8050800f 2026-02-11T02:49:08.430 Failed to retrieve config value from engine or configurations for config key (MdMemorySensorCollectionLag) hr = 0x8050800f 2026-02-11T02:49:08.430 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-11T02:49:08.430 MdCoreSvc is supported in this platform and OS Beginning quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Target: Flags:131074 Start time:02-11-2026 02:49:08 Finished quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Result:0 End time:02-11-2026 02:49:08 2026-02-11T02:49:08.432 MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0 2026-02-11T02:49:08.432 MpPlatformKillbitsFromEngineEx (0x0) (0x0) written, hr = 0 2026-02-11T02:49:08.433 [NRI] Stopping NIS service ... 2026-02-11T02:49:08.433 Failed to retrieve config value from engine or configurations for config key (MdCpuSensorCollectionLag) hr = 0x8050800f 2026-02-11T02:49:08.433 Failed to retrieve config value from engine or configurations for config key (MdCrashSensorCollectionLag) hr = 0x8050800f 2026-02-11T02:49:08.433 Failed to retrieve config value from engine or configurations for config key (MdDiskSensorCollectionLag) hr = 0x8050800f 2026-02-11T02:49:08.433 Failed to retrieve config value from engine or configurations for config key (MdMemorySensorCollectionLag) hr = 0x8050800f 2026-02-11T02:49:08.434 MdCoreSvc is supported in this platform and OS Signature updated on 02-11-2026 02:49:08 Product Version: 4.18.26010.5 Service Version: 4.18.26010.5 Engine Version: 1.1.25110.1 AS Signature Version: 1.443.1114.0 AV Signature Version: 1.443.1114.0 ************************************************************ 2026-02-11T02:49:08.464 [Update] Performing ScanOnUpdate, GetConfigHr: 0x0, dwDisableScanOnUpdate: 0, passiveMode: 0, killbit: 0 2026-02-11T02:49:08.464 UpdateEngine finished with 0: Source: 1, szUpdateDirectory: C:\Windows\Temp\20FAE329-F8EE-4721-BF18-14E98A58E450fc30.1dc9b00d961a80a 2026-02-11T02:49:08.479 [TP] State change. FeatureAvialable: False, NewState: 0x2, OldState: 0x2, Scenario: Consumer, Source: Signatures, ConfigChange: Remove 2026-02-11T02:49:08.481 [TP] TP Enabled: 0, SecureConfigEnabled: 0, DisableTPExclusionBypass: 0, EnableTPExclusion via FC: 0, IsIntuneManagedDefender: 0, IsSCCMManagedDefender: 0, IsMDEAttachManagedDefender: 0, IsSCCMOnlyManagedDefender: 0, IsStrictPolicyModeEnabled: 0 (from snapshot: 0), Effective EnableTPExclusions: 0, Previous EnableTPExclusions: 0, Delayed call: 0 2026-02-11T02:49:08.513 Process scan (postsignatureupdatescan) started. 2026-02-11T02:49:08.657 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-11T02:49:08.657 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-11T02:49:08.657 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-11T02:49:08.657 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-11T02:49:08.657 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-11T02:49:08.766 [Engine] Engine 00007FFB91036240 no longer in use. Number of active engines: 1 2026-02-11T02:49:08.766 [RTP] [RTP] FilterCommunicator object 0x000002800EA85F20 StopCommunication (\MicrosoftMalwareProtectionPortWD, \MicrosoftMalwareProtectionVeryLowIoPortWD), threads: 8 normal, 2 very low, 0 alt, thread pool threads: 0 normal, 0 very low, 8 alt 2026-02-11T02:49:08.876 [KSL] Entering CKSLEngine::EnableKSL. State: [3] 2026-02-11T02:49:08.876 [KSL] CKSLEngine::EnableKSL feature is already enabled. 2026-02-11T02:49:08.876 [KSL] Leaving CKSLEngine::EnableKsl(0). Signature updated via MicrosoftUpdateServer on 02-11-2026 02:49:09 ************************************************************ 2026-02-11T02:49:09.466 Job Notification: Process exited from job (64496) 2026-02-11T02:49:09.576 Job Notification: Process exited from job (61824) 2026-02-11T02:49:09.658 Job Notification: Process exited from job (61736) 2026-02-11T02:49:09.661 Job Notification: Process exited from job (64476) 2026-02-11T02:49:13.468 [Engine] RSIG_UNLOADENGINE, 00007FFB91036240, err=0x0 2026-02-11T02:49:13.537 [Engine] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7FAC9EC8-9BE6-4961-A11A-B44B6FA6E23B} removed Internal signature match:subtype=Lowfi, sigseq=0x0000157E55A4A794, sigsha=0d6df75c878ae2057e5184c1c65cd97a922b0f0b, cached=false, source=0, resourceid=0xa865ed51 2026-02-11T02:50:06.704 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T02:50:20.723 Process scan (postsignatureupdatescan) completed. 2026-02-11T02:54:08.088 [RbM] Setting Last known good engine candidate. hr = 0 2026-02-11T03:05:11.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T03:20:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T03:35:21.702 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T03:50:26.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T04:05:31.701 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T04:20:36.711 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T04:30:56.254 [AutoPurge] Verification Routine tasks have started.ApplyDefenderProcessTokenTrustLableAce succeeded to set. 2026-02-11T04:30:58.230 EnsureProtectedFolderAcls(), hr = 0x0 2026-02-11T04:30:58.258 [AutoPurge] MpReinforceServiceAcls: 0 2026-02-11T04:30:58.268 [AutoPurge] Readded platform files to MOAC after ACL enforcement. hr=0 2026-02-11T04:30:58.447 [AutoPurge] SendHeartbeatTelemetryIfDue failed. hr = 0x80508015 2026-02-11T04:30:58.482 [AutoPurge] Removing expired default signature package ... 2026-02-11T04:31:00.028 Job Notification: New process added to job (63372) 2026-02-11T04:31:03.642 Job Notification: Process exited from job (63372) 2026-02-11T04:31:03.893 [AutoPurge] Verification Routine tasks have ended. 2026-02-11T04:35:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T04:37:07.210 CheckProductDisabled(fWaitWSC: 0, fRemoveConfigs: 1) ... 2026-02-11T04:37:07.278 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-11T04:37:07.278 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-11T04:37:07.278 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-11T04:37:07.278 [RTP] [RtpConfig] Config change detected, type: 4 2026-02-11T04:37:07.278 [RTP] [RtpConfig] Config change detected, type: 8 2026-02-11T04:37:07.278 [RTP] [RtpConfig] Config change detected, type: 16 2026-02-11T04:37:07.278 [RTP] [RtpConfig] Config change detected, type: 1024 2026-02-11T04:37:07.278 [RTP] [RtpConfig] Config change detected, type: 2048 2026-02-11T04:37:07.278 [RTP] Setting DisableAsyncScanOnClose to 0 (hr=0). 2026-02-11T04:37:07.279 [RTP] Setting DisableAsyncScanOnOpen to 0 in wdfilter (hr=0). 2026-02-11T04:37:07.279 [RTP] Setting FilterExperimentMode to 0 (hr=0). 2026-02-11T04:37:07.407 [NRI] Stopping NIS service ... 2026-02-11T04:37:07.407 [NRI] Stopping NIS service ... 2026-02-11T04:37:07.408 [NRI] Stopping NIS service ... 2026-02-11T04:37:07.409 [NRI] Stopping NIS service ... 2026-02-11T04:37:07.409 [NRI] Stopping NIS service ... 2026-02-11T04:37:07.437 [RTP] Setting DisableDriverUnload to 1 (hr=0). 2026-02-11T04:37:07.437 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-11T04:37:07.437 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-11T04:37:07.444 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-11T04:37:07.444 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-11T04:37:07.444 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-11T04:37:07.513 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-11T04:37:07.513 [RTP] [RTP] LastAccessTimeSuppression for network files is enabled by configuration. 2026-02-11T04:37:07.513 [RTP] [RtpConfig] Config change detected, type: 64 2026-02-11T04:37:09.798 [RTP] Duplicating the current plugin configuration object... 2026-02-11T04:37:09.798 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-11T04:37:09.798 [RTP] Updating plugin configuration due to recent config changes (0x43e) ... 2026-02-11T04:37:09.798 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-11T04:37:09.798 [RTP] Calling GenerateEngineConfigStruct (0x18) ... 2026-02-11T04:37:09.838 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x43e, Changed: 0x218 2026-02-11T04:50:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T05:05:51.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T05:20:56.698 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T05:36:01.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T05:51:06.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T06:06:11.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T06:21:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T06:36:21.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T06:51:26.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T07:06:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T07:21:36.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T07:36:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T07:51:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T08:06:51.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T08:21:56.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T08:37:01.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T08:52:06.705 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T09:07:11.757 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T09:22:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T09:37:21.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T09:52:26.699 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T10:07:31.723 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T10:22:36.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T10:37:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T10:52:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T11:07:51.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T11:22:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T11:38:01.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T11:53:06.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T12:08:11.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T12:23:16.709 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T12:38:21.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T12:53:26.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T13:08:31.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T13:23:36.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T13:38:41.698 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T13:53:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T14:08:51.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T14:23:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T14:39:01.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T14:54:06.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T15:09:11.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T15:24:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T15:39:21.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T15:54:26.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T16:09:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T16:24:36.700 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T16:39:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T16:54:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T17:09:51.701 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T17:24:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T17:40:01.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T17:55:06.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T18:10:11.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T18:25:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T18:40:21.701 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T18:55:26.704 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T19:10:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T19:25:36.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T19:40:41.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T19:55:46.716 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T20:10:51.707 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T20:25:56.703 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T20:41:01.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T20:56:06.699 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T21:11:11.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T21:26:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T21:41:21.699 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T21:56:26.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T22:11:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T22:26:36.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T22:41:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T22:56:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T23:11:51.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T23:26:56.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T23:42:01.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-11T23:57:06.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T00:12:11.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T00:27:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T00:42:21.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T00:57:26.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T01:12:31.704 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T01:27:36.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T01:42:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T01:57:46.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T02:12:51.710 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T02:27:56.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T02:43:01.711 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T02:47:06.697 [AutoPurge] AutoPurgeWorker triggered with dwWork=0x3 2026-02-12T02:47:06.730 Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) launched 2026-02-12T02:47:06.730 Aggressive catchup quick scan threshold: 1857944108705 / 25920000000000 2026-02-12T02:47:06.741 Job Notification: New process added to job (109688) 2026-02-12T02:47:06.762 Job Notification: New process added to job (113688) 2026-02-12T02:47:06.771 [RTP] [Mini-filter] Denied OB operation OpenProcess[\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpCmdRun.exe][Pid:109688] from process [\Device\HarddiskVolume4\Windows\System32\conhost.exe][Pid:113688]. OriginalDesiredAccess: [0x1fffff] ResultingAccess: [0x1ff7d4] 2026-02-12T02:47:06.997 Task(SignaturesUpdateService -ScheduleJob -UnmanagedUpdate) launched 2026-02-12T02:47:06.998 Job Notification: New process added to job (117292) 2026-02-12T02:47:07.001 Job Notification: New process added to job (384) 2026-02-12T02:47:07.020 [RTP] [Mini-filter] Denied OB operation OpenProcess[\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpCmdRun.exe][Pid:117292] from process [\Device\HarddiskVolume4\Windows\System32\conhost.exe][Pid:384]. OriginalDesiredAccess: [0x1fffff] ResultingAccess: [0x1ff7d4] 2026-02-12T02:47:07.245 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-12T02:47:07.245 [RTP] Duplicating the current plugin configuration object... 2026-02-12T02:47:07.245 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-12T02:47:07.245 [RTP] Updating plugin configuration due to recent config changes (0x20) ... 2026-02-12T02:47:07.245 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-12T02:47:07.245 [RTP] No config change detected. Not updating plugin configuration. 2026-02-12T02:47:07.245 [RTP] No config changes found. No configuration switch. 2026-02-12T02:47:07.245 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x20, Changed: 0 2026-02-12T02:49:45.383 UpdateEngine start: Source: 1, szUpdateDirectory: C:\Windows\Temp\C48CA8ED-6C31-4C40-A520-60B3F623F1721cf50.1dc9bc9f8020a99 2026-02-12T02:49:47.339 Verifying engine and signature files (source: 0) ... 2026-02-12T02:49:47.340 Skipped verification of [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C6EC172-B984-49BF-A60E-6D25E085BB97}\mpengine.dll] due to PPL. 2026-02-12T02:49:47.341 MpCacheManagerIsTrustedFile [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C6EC172-B984-49BF-A60E-6D25E085BB97}\mpasbase.vdm]. File not in cache (0x1) 2026-02-12T02:49:48.263 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C6EC172-B984-49BF-A60E-6D25E085BB97}\mpasbase.vdm] 2026-02-12T02:49:48.263 MpCacheManagerIsTrustedFile [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C6EC172-B984-49BF-A60E-6D25E085BB97}\mpasdlta.vdm]. File not in cache (0x1) 2026-02-12T02:49:48.266 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C6EC172-B984-49BF-A60E-6D25E085BB97}\mpasdlta.vdm] 2026-02-12T02:49:48.267 MpCacheManagerIsTrustedFile [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C6EC172-B984-49BF-A60E-6D25E085BB97}\mpavbase.vdm]. File not in cache (0x1) 2026-02-12T02:49:48.786 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C6EC172-B984-49BF-A60E-6D25E085BB97}\mpavbase.vdm] 2026-02-12T02:49:48.786 MpCacheManagerIsTrustedFile [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C6EC172-B984-49BF-A60E-6D25E085BB97}\mpavdlta.vdm]. File not in cache (0x1) 2026-02-12T02:49:48.789 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C6EC172-B984-49BF-A60E-6D25E085BB97}\mpavdlta.vdm] 2026-02-12T02:49:49.026 [Engine] IsHybridMode: 0 2026-02-12T02:49:49.070 [KSL]KSL(1.1.25111.3024) Is available via CAMP. KslDevice : KslD 2026-02-12T02:49:49.767 Current mpengine.dll version(1.1.26010.1) is newer than mpengine_etw.dll version(1.1.25110.1). Updating C:\ProgramData\Microsoft\Windows Defender\Definition Updates\StableEngineEtwLocation\mpengine_etw.dll ... 2026-02-12T02:49:50.815 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\StableEngineEtwLocation\mpengine_etw.dll updated. 2026-02-12T02:49:51.317 Job Notification: New process added to job (118760) 2026-02-12T02:49:51.350 Job Notification: New process added to job (117552) 2026-02-12T02:49:51.588 Job Notification: Process exited from job (118760) 2026-02-12T02:49:51.589 Job Notification: Process exited from job (117552) 2026-02-12T02:49:51.592 Job Notification: New process added to job (117924) 2026-02-12T02:49:51.595 Job Notification: New process added to job (116612) 2026-02-12T02:49:51.786 CheckProductDisabled(fWaitWSC: 0, fRemoveConfigs: 1) ... 2026-02-12T02:49:51.812 [RTP] [RtpConfig] Config change detected, type: 1024 2026-02-12T02:49:52.429 Job Notification: Process exited from job (117924) 2026-02-12T02:49:52.430 Job Notification: Process exited from job (116612) 2026-02-12T02:49:52.515 Database:Can't find offline cache cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-E77111F9BB3111BEDB28B56A98106993F95BDA28.bin): 0x00000002 2026-02-12T02:49:52.721 Database:Creating offline cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-E77111F9BB3111BEDB28B56A98106993F95BDA28.bin) 2026-02-12T02:49:52.721 Database:Product:1, ProductVersion:5, Platform:6, PlatformVersion:19, IsBeta:0, IsAdvancedAtLoad:0, IsParanoid: 0, IsOffline: 0 2026-02-12T02:49:52.721 Database:IsEmbedded: 0, IsIEVEnabled: 0, IsServerSku: 1, IsRsdhSku: 1, IsEnterpriseProduct: 0, IsMsft: 0, IsSeville: 0, IsMsSense: 0, IsImmune: 0, IsMba: 0, IsPus: 0, IsManaged: 0, IsSmode: 0 2026-02-12T02:49:52.721 Database:IsAutoSubmit:0, IsPusRem:0, LoadedAS:1, LoadedAV:1, LoadedInternal: 0, PassiveMode: 0, SxsPassiveMode:0, IsDevMode:0, IsTestSigning:0, IsWCOS: 0, IsInsideContainer: 0, IsHybridMode: 0 2026-02-12T02:49:52.721 Database:kLCID:1033, kOsVersion:655360, kProcessorArch:9, dwIsTest:0, kOOsVersion:655360, kOsSP:0, kOsBld:17763, dwPvpRing=0xffffffff 2026-02-12T02:49:52.932 CheckProductDisabled(fWaitWSC: 0, fRemoveConfigs: 1) ... 2026-02-12T02:49:52.936 [RTP] [RtpConfig] Config change detected, type: 1024 2026-02-12T02:49:54.317 [RTP] Duplicating the current plugin configuration object... 2026-02-12T02:49:54.317 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-12T02:49:54.317 [RTP] Updating plugin configuration due to recent config changes (0x400) ... 2026-02-12T02:49:54.317 [RTP] Calling GenerateEngineConfigStruct (0x18) ... 2026-02-12T02:49:54.344 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x400, Changed: 0x218 IDynamicConfig::ReportError value=BruteForceProtectionIPExclusion hr=0x8007007b IDynamicConfig::ReportError value=BruteForceProtectionStatus hr=0x8007007b IDynamicConfig::ReportError value=DisableGradualRelease hr=0x8007007b IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007b IDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000d IDynamicConfig::ReportError value=MpCampRingThrottled hr=0x8007007b IDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d IDynamicConfig::ReportError value=MpEngineRingThrottled hr=0x8007007b 2026-02-12T02:50:49.722 Geo ID not found using standard default set: :SOAP:https://wdcp.microsoft.com/WdCpSrvc.asmx 2026-02-12T02:50:49.733 [AutoExclusion] Applied roles from cache. 2026-02-12T02:50:49.733 [AutoExclusion] Started roles monitoring. 2026-02-12T02:50:49.733 Engine upgrade detected 0x1000162160001. Saving old engine files to last known good engine files ... 2026-02-12T02:50:49.896 [Engine] RSIG_ENGINE_PRE_SHUTDOWN, 0x00007FFB757C6240, lRefCount: 5, hr=0 2026-02-12T02:50:49.896 [Engine] New active engine 00007FFB78C6E190 replacing engine 00007FFB757C6240. Number of active engines: 2 2026-02-12T02:50:49.954 EngineInit:Global ASOC is enabled 2026-02-12T02:50:49.954 EngineInit:ASOO is enabled for developer volumes 2026-02-12T02:50:50.198 Engine-HIPS:Loaded ASR vdm rule "Block use of copied or impersonated system tools", State=5, Action=0, Type=9, Duplicates(Interval=288000000000, scope=0x100) 2026-02-12T02:50:50.198 Engine-HIPS:Loaded ASR vdm rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-12T02:50:50.198 Engine-HIPS:Loaded ASR vdm rule "Block credential stealing from the Windows local security authority subsystem (lsass.exe)", State=5, Action=7, Type=1, Duplicates(Interval=288000000000, scope=0x380) 2026-02-12T02:50:50.198 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from injecting code into other processes", State=5, Action=2, Type=24, Duplicates(Interval=144000000000, scope=0x380) 2026-02-12T02:50:50.198 Engine-HIPS:Loaded ASR vdm rule "Controlled folder access", State=0, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-12T02:50:50.198 Engine-HIPS:Loaded ASR vdm rule "Block untrusted and unsigned processes that run from USB", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-12T02:50:50.198 Engine-HIPS:Loaded ASR vdm rule "Block Adobe Reader from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-12T02:50:50.199 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from creating executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-12T02:50:50.199 Engine-HIPS:Loaded ASR vdm rule "Block Webshell creation for Servers", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-12T02:50:50.199 Engine-HIPS:Loaded ASR vdm rule "Block Office communication application from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-12T02:50:50.199 Engine-HIPS:Loaded ASR vdm rule "Block abuse of in-the-wild exploited vulnerable signed drivers", State=5, Action=0, Type=1, Duplicates(Interval=36000000000, scope=0x100) 2026-02-12T02:50:50.199 Engine-HIPS:Loaded ASR vdm rule "Block all Office applications from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-12T02:50:50.199 Engine-HIPS:Loaded ASR vdm rule "Use advanced protection against ransomware", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-12T02:50:50.199 Engine-HIPS:Loaded ASR vdm rule "Block Process Creations originating from PSExec & WMI commands", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-12T02:50:50.199 Engine-HIPS:Loaded ASR vdm rule "Block Launching of executable content from email attachment", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-12T02:50:50.199 Engine-HIPS:Loaded ASR vdm rule "Block JavaScript or VBScript from launching downloaded executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-12T02:50:50.199 Engine-HIPS:Loaded ASR vdm rule "Block persistence through WMI event subscription", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-12T02:50:50.199 Engine-HIPS:Loaded ASR vdm rule "Block rebooting machine in Safe Mode", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-12T02:50:50.199 Engine-HIPS:Loaded ASR vdm rule "Block execution of potentially obfuscated scripts", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-12T02:50:50.212 MpWriteUupSignatureVersion 1.445.6.0, hr = 0 2026-02-12T02:50:50.213 ForceSyncMoacInsertion config from engine is 0, hr = 0x0 2026-02-12T02:50:50.222 [RTP] [Mini-filter] MpFC: MpFC_Kernel_HardenUxProcesses=0;MpFC_Kernel_SystemIoRequestWorkOnBehalfOf=0x1;MpFC_Kernel_PreventBindfltAbuse=0x1;MpFC_Kernel_ParentProcessObHardeningAllow=0;MpFC_Kernel_ReduceOfficeInjectRuleFP=0x1;MPC_Kernel_CheckValidityOfProcessFilterFlagsInASR=0x1;MpFc_Kernel_UseLowPrioThreadsForAsyncScans=0x1;MpFc_Kernel_DisableFileDirtyLogic=0;MpFC_Kernel_DisableDLPPort=0x1;MpFC_Kernel_DlpFeatures=0;MpFC_Kernel_EnableFolderGuardOnPostCreate=0x1;MpFC_Kernel_StrictTiChildrenMatch=0;MpFC_Kernel_PPLReduxMitigationFlags=0x3;MpFc_Kernel_UseLowPriAsyncScansDevDrvOnly=0x1;MpFc_Kernel_DisableOfficeInjectUevSuppression=0x1;MpFc_Kernel_CopyChunkFileHintMask=0;MpFc_Kernel_DisableScanOnCloseForNetworkFiles=0x1;MpFc_Kernel_MaxAsyncWorkQueue=0x400;MpFc_Kernel_DlpIgnoreSystemFolder=0x1;MpFc_Kernel_DlpPassThroughMode=0;MpFc_Kernel_L2StateCache_DefaultStreamsOnly=0x1;MpFc_Kernel_L2StateCache_SupportGenericFileState=0x1;MpFc_Kernel_CryptSvcPreScanFilter=0x1;MpFc_Kernel_SystemPreScanFilter=0x1;MpFC_Kernel_CheckValidit 2026-02-12T02:50:50.250 [HybridMode] HybridMode change notification isHybridModePolicyEnabled: 0, isVerifiedAndReputableTrustModeEnabled: 0 2026-02-12T02:50:50.250 Hybrid mode change notification called, no change detected in verified and reputable trust mode (0 -> 0)! 2026-02-12T02:50:50.250 Hybrid mode change notification called, no change detected in Hybrid mode (0 -> 0)!ApplyDefenderProcessTokenTrustLableAce succeeded to set. 2026-02-12T02:50:50.266 MpUpdateUpdateResiliencyConfiguration updated to 0 2026-02-12T02:50:50.266 [Plugin] Initializing RTP plugin state... 2026-02-12T02:50:50.266 [Plugin] Normal mode, or passive mode with shadow protection enabled. Will not force RTP off. 2026-02-12T02:50:50.266 [Engine] Loaded C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C6EC172-B984-49BF-A60E-6D25E085BB97} 2026-02-12T02:50:50.266 [Engine] Skip removing C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4B5CFBC2-C961-4A8B-8617-279F0F6FD4E8}, C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4B5CFBC2-C961-4A8B-8617-279F0F6FD4E8}\mpasbase.vdm in use, hr=0x80070020 2026-02-12T02:50:50.267 Failed to retrieve config value from engine or configurations for config key (MdCpuSensorCollectionLag) hr = 0x8050800f 2026-02-12T02:50:50.267 Failed to retrieve config value from engine or configurations for config key (MdCrashSensorCollectionLag) hr = 0x8050800f 2026-02-12T02:50:50.267 Failed to retrieve config value from engine or configurations for config key (MdDiskSensorCollectionLag) hr = 0x8050800f 2026-02-12T02:50:50.267 Failed to retrieve config value from engine or configurations for config key (MdMemorySensorCollectionLag) hr = 0x8050800f 2026-02-12T02:50:50.267 MdCoreSvc is supported in this platform and OS 2026-02-12T02:50:50.268 [RTP] ****************************RTP Perf Log*************************** RTP Start:‎02‎-‎11‎-‎2026 05:49:08 Last Perf:‎02‎-‎11‎-‎2026 05:49:08 First RTP Scan:N/A Plugin States: AV:1 AS:1 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\OInstall_x64.exe C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\files C:\Users\Administrator\Downloads\InternetDownloadManager6.42Build3.c.taiwebs.com\Internet Download Manager 6.42 Build 3 Multilingual\Patch C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\OInstall.exe Ext Exclusions: Temp Exclusions: Worker Threads: AM:18 Async:4 Cache Flushes: RTP:1 System File Cache: Hits:0 Misses:0 BM Queue:0,1,0 Proc:0,1,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:2,3,0 SetEngine:1,1,0 SetState:1,1,0 SetUser:0,1,0 Config:0,1,0 ProcExcl:0,1,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:281166 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:13826 AsyncQCurrent:0 BMFlags:1160 ServiceMaj:0 ServiceMin:0 NumInstance:6 TotalStreamCon:7798 NTFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:114975831 TotalHits:0 InstanceCacheInserts:2563 InstanceCacheUpdates:0 InstanceCacheDeletes:2142 InstanceCacheHits:421 InstanceCacheMisses:140153 InstanceCacheOverflows:0 CSVFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 SyncProcessCreateDuration:-1ms (0/0) Success: 0, failures: 0 (last code: 0x0), timeouts: 0, baddata: 0 **************************END RTP Perf Log************************* Beginning quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Target: Flags:131074 Start time:02-12-2026 02:50:50 Finished quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Result:0 End time:02-12-2026 02:50:50 2026-02-12T02:50:50.281 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-12T02:50:50.281 MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0 2026-02-12T02:50:50.281 MpPlatformKillbitsFromEngineEx (0x0) (0x0) written, hr = 0 2026-02-12T02:50:50.282 [NRI] Stopping NIS service ... 2026-02-12T02:50:50.282 Failed to retrieve config value from engine or configurations for config key (MdCpuSensorCollectionLag) hr = 0x8050800f 2026-02-12T02:50:50.282 Failed to retrieve config value from engine or configurations for config key (MdCrashSensorCollectionLag) hr = 0x8050800f 2026-02-12T02:50:50.282 Failed to retrieve config value from engine or configurations for config key (MdDiskSensorCollectionLag) hr = 0x8050800f 2026-02-12T02:50:50.282 Failed to retrieve config value from engine or configurations for config key (MdMemorySensorCollectionLag) hr = 0x8050800f 2026-02-12T02:50:50.282 MdCoreSvc is supported in this platform and OS Signature updated on 02-12-2026 02:50:50 Product Version: 4.18.26010.5 Service Version: 4.18.26010.5 Engine Version: 1.1.26010.1 AS Signature Version: 1.445.6.0 AV Signature Version: 1.445.6.0 ************************************************************ 2026-02-12T02:50:50.301 [Update] Performing ScanOnUpdate, GetConfigHr: 0x0, dwDisableScanOnUpdate: 0, passiveMode: 0, killbit: 0 2026-02-12T02:50:50.301 UpdateEngine finished with 0: Source: 1, szUpdateDirectory: C:\Windows\Temp\C48CA8ED-6C31-4C40-A520-60B3F623F1721cf50.1dc9bc9f8020a99 2026-02-12T02:50:50.306 Process scan (postsignatureupdatescan) started. 2026-02-12T02:50:50.342 [TP] State change. FeatureAvialable: False, NewState: 0x2, OldState: 0x2, Scenario: Consumer, Source: Signatures, ConfigChange: Remove 2026-02-12T02:50:50.343 [TP] TP Enabled: 0, SecureConfigEnabled: 0, DisableTPExclusionBypass: 0, EnableTPExclusion via FC: 0, IsIntuneManagedDefender: 0, IsSCCMManagedDefender: 0, IsMDEAttachManagedDefender: 0, IsSCCMOnlyManagedDefender: 0, IsStrictPolicyModeEnabled: 0 (from snapshot: 0), Effective EnableTPExclusions: 0, Previous EnableTPExclusions: 0, Delayed call: 0 2026-02-12T02:50:50.463 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-12T02:50:50.463 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-12T02:50:50.464 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-12T02:50:50.464 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-12T02:50:50.464 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-12T02:50:50.684 [Engine] Engine 00007FFB757C6240 no longer in use. Number of active engines: 1 2026-02-12T02:50:50.684 [RTP] [RTP] FilterCommunicator object 0x000002800EA85F20 StopCommunication (\MicrosoftMalwareProtectionPortWD, \MicrosoftMalwareProtectionVeryLowIoPortWD), threads: 8 normal, 2 very low, 0 alt, thread pool threads: 0 normal, 0 very low, 8 alt 2026-02-12T02:50:50.716 [KSL] Entering CKSLEngine::EnableKSL. State: [3] 2026-02-12T02:50:50.716 [KSL] CKSLEngine::EnableKSL feature is already enabled. 2026-02-12T02:50:50.716 [KSL] Leaving CKSLEngine::EnableKsl(0). Signature updated via MicrosoftUpdateServer on 02-12-2026 02:50:51 ************************************************************ 2026-02-12T02:50:52.260 Job Notification: Process exited from job (117292) 2026-02-12T02:50:52.260 Job Notification: Process exited from job (109688) 2026-02-12T02:50:52.322 Job Notification: Process exited from job (113688) 2026-02-12T02:50:52.324 Job Notification: Process exited from job (384) 2026-02-12T02:51:02.907 [Engine] RSIG_UNLOADENGINE, 00007FFB757C6240, err=0x0 2026-02-12T02:51:02.922 [Engine] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4B5CFBC2-C961-4A8B-8617-279F0F6FD4E8} removed Internal signature match:subtype=Lowfi, sigseq=0x0000157E55A4A794, sigsha=0d6df75c878ae2057e5184c1c65cd97a922b0f0b, cached=false, source=0, resourceid=0xa865ed51 Internal signature match:subtype=Lowfi, sigseq=0x00004AE7F6712C36, sigsha=d96c66db50bb3adef460233484cf124f27fd61c2, cached=false, source=0, resourceid=0x49ced1a9 2026-02-12T02:52:01.498 Process scan (postsignatureupdatescan) completed. 2026-02-12T02:55:50.190 [RbM] Setting Last known good engine candidate. hr = 0 2026-02-12T02:58:06.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T03:13:11.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T03:28:16.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T03:43:21.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T03:58:26.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T04:13:31.705 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T04:28:36.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T04:43:41.700 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T04:58:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T05:13:51.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T05:28:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T05:44:01.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T05:59:06.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T06:14:11.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T06:24:55.237 [AutoPurge] Verification Routine tasks have started.ApplyDefenderProcessTokenTrustLableAce succeeded to set. 2026-02-12T06:24:57.248 EnsureProtectedFolderAcls(), hr = 0x0 2026-02-12T06:24:57.276 [AutoPurge] MpReinforceServiceAcls: 0 2026-02-12T06:24:57.289 [AutoPurge] Readded platform files to MOAC after ACL enforcement. hr=0 2026-02-12T06:24:57.386 [AutoPurge] SendHeartbeatTelemetryIfDue failed. hr = 0x80508015 2026-02-12T06:24:57.445 [AutoPurge] Removing expired default signature package ... 2026-02-12T06:24:59.754 Job Notification: New process added to job (118632) 2026-02-12T06:25:03.941 Job Notification: Process exited from job (118632) 2026-02-12T06:25:04.103 [AutoPurge] Verification Routine tasks have ended. 2026-02-12T06:26:24.638 CheckProductDisabled(fWaitWSC: 0, fRemoveConfigs: 1) ... 2026-02-12T06:26:24.841 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-12T06:26:24.841 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-12T06:26:24.841 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-12T06:26:24.841 [RTP] [RtpConfig] Config change detected, type: 4 2026-02-12T06:26:24.841 [RTP] [RtpConfig] Config change detected, type: 8 2026-02-12T06:26:24.841 [RTP] [RtpConfig] Config change detected, type: 16 2026-02-12T06:26:24.841 [RTP] [RtpConfig] Config change detected, type: 1024 2026-02-12T06:26:24.841 [RTP] [RtpConfig] Config change detected, type: 2048 2026-02-12T06:26:24.841 [RTP] Setting DisableAsyncScanOnClose to 0 (hr=0). 2026-02-12T06:26:24.841 [RTP] Setting DisableAsyncScanOnOpen to 0 in wdfilter (hr=0). 2026-02-12T06:26:24.841 [RTP] Setting FilterExperimentMode to 0 (hr=0). 2026-02-12T06:26:24.989 [RTP] Setting DisableDriverUnload to 1 (hr=0). 2026-02-12T06:26:24.989 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-12T06:26:25.051 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-12T06:26:25.080 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-12T06:26:25.080 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-12T06:26:25.080 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-12T06:26:25.082 [NRI] Stopping NIS service ... 2026-02-12T06:26:25.088 [NRI] Stopping NIS service ... 2026-02-12T06:26:25.088 [NRI] Stopping NIS service ... 2026-02-12T06:26:25.089 [NRI] Stopping NIS service ... 2026-02-12T06:26:25.090 [NRI] Stopping NIS service ... 2026-02-12T06:26:25.324 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-12T06:26:25.324 [RTP] [RTP] LastAccessTimeSuppression for network files is enabled by configuration. 2026-02-12T06:26:25.324 [RTP] [RtpConfig] Config change detected, type: 64 2026-02-12T06:26:27.357 [RTP] Duplicating the current plugin configuration object... 2026-02-12T06:26:27.357 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-12T06:26:27.357 [RTP] Updating plugin configuration due to recent config changes (0x43e) ... 2026-02-12T06:26:27.357 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-12T06:26:27.357 [RTP] Calling GenerateEngineConfigStruct (0x18) ... 2026-02-12T06:26:27.527 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x43e, Changed: 0x218 2026-02-12T06:29:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T06:44:21.699 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T06:59:26.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T07:14:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T07:29:36.711 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T07:44:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T07:59:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T08:14:51.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T08:29:56.714 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T08:45:01.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T09:00:06.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T09:15:11.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T09:30:16.703 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T09:45:21.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T10:00:26.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T10:15:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T10:30:36.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T10:45:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T11:00:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T11:15:51.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T11:30:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T11:46:01.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T12:01:06.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T12:16:11.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T12:31:16.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T12:46:21.701 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T13:01:26.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T13:16:31.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T13:31:36.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T13:46:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T14:01:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T14:16:51.699 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T14:31:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T14:47:01.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T15:02:06.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T15:17:11.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T15:32:16.699 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T15:47:21.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T16:02:26.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T16:17:31.701 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T16:32:36.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T16:47:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T17:02:46.720 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T17:17:51.717 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T17:32:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T17:48:01.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T18:03:06.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T18:18:11.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T18:33:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T18:48:21.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T19:03:26.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T19:18:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T19:31:17.572 [NRI] Stopping NIS service ... IDynamicConfig::ReportError ECS value=EnableAdsSymlinkMitigation_MpRamp hr=0x8007007b IDynamicConfig::ReportError ECS value=EnableBmProcessInfoMetastoreMaintenance_MpRamp hr=0x800700d4 IDynamicConfig::ReportError ECS value=EnableCIWorkaroundOnCFAEnabled_MpRamp hr=0x8007007b IDynamicConfig::ReportError ECS value=MdDisableResController hr=0x800700d4 IDynamicConfig::ReportError ECS value=MdTimerInitalDelay hr=0x800700d4 IDynamicConfig::ReportError ECS value=MdTimerMonitorInterval hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpCopyAcceleratorCancellableCopyState hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpDisablePropBagNotification hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpEnableNoMetaStoreProcessInfoContainer hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpEnablePurgeHipsCache hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpForceDllHostScanExeOnOpen hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpDisableResourceMonitoring hr=0x8007007b IDynamicConfig::ReportError ECS value=EnableThreatIdKeyForSigExpiry_MpRamp hr=0x800700d4 IDynamicConfig::ReportError ECS value=NIS_DisableTransportCallouts hr=0x8007007b IDynamicConfig::ReportError ECS value=MpDlpClipboardSettings hr=0x8007007b IDynamicConfig::ReportChange ECS value=MpFC_EnableCommonMetricsEvents new=1 old0 IDynamicConfig::ReportChange ECS value=MpFC_SupportThreatActionDetectionOnly new=1 old0 IDynamicConfig::ReportChange ECS value=MpDisableBmHealthOneDsEvent new=True oldFalse 2026-02-12T19:31:17.813 [RTP] [Mini-filter] MpFC: MpFC_Kernel_HardenUxProcesses=0;MpFC_Kernel_SystemIoRequestWorkOnBehalfOf=0x1;MpFC_Kernel_PreventBindfltAbuse=0x1;MpFC_Kernel_ParentProcessObHardeningAllow=0;MpFC_Kernel_ReduceOfficeInjectRuleFP=0x1;MPC_Kernel_CheckValidityOfProcessFilterFlagsInASR=0x1;MpFc_Kernel_UseLowPrioThreadsForAsyncScans=0x1;MpFc_Kernel_DisableFileDirtyLogic=0;MpFC_Kernel_DisableDLPPort=0x1;MpFC_Kernel_DlpFeatures=0;MpFC_Kernel_EnableFolderGuardOnPostCreate=0x1;MpFC_Kernel_StrictTiChildrenMatch=0;MpFC_Kernel_PPLReduxMitigationFlags=0x3;MpFc_Kernel_UseLowPriAsyncScansDevDrvOnly=0x1;MpFc_Kernel_DisableOfficeInjectUevSuppression=0x1;MpFc_Kernel_CopyChunkFileHintMask=0;MpFc_Kernel_DisableScanOnCloseForNetworkFiles=0x1;MpFc_Kernel_MaxAsyncWorkQueue=0x400;MpFc_Kernel_DlpIgnoreSystemFolder=0x1;MpFc_Kernel_DlpPassThroughMode=0;MpFc_Kernel_L2StateCache_DefaultStreamsOnly=0x1;MpFc_Kernel_L2StateCache_SupportGenericFileState=0x1;MpFc_Kernel_CryptSvcPreScanFilter=0x1;MpFc_Kernel_SystemPreScanFilter=0x1;MpFC_Kernel_CheckValidit 2026-02-12T19:31:17.943 MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0 2026-02-12T19:31:17.943 MpPlatformKillbitsFromEngineEx (0x0) (0x0) written, hr = 0 2026-02-12T19:31:17.944 [NRI] Stopping NIS service ... 2026-02-12T19:31:17.945 Failed to retrieve config value from engine or configurations for config key (MdCpuSensorCollectionLag) hr = 0x8050800f 2026-02-12T19:31:17.945 Failed to retrieve config value from engine or configurations for config key (MdCrashSensorCollectionLag) hr = 0x8050800f 2026-02-12T19:31:17.945 Failed to retrieve config value from engine or configurations for config key (MdDiskSensorCollectionLag) hr = 0x8050800f 2026-02-12T19:31:17.945 Failed to retrieve config value from engine or configurations for config key (MdMemorySensorCollectionLag) hr = 0x8050800f 2026-02-12T19:31:17.945 MdCoreSvc is supported in this platform and OS 2026-02-12T19:31:18.307 [KSL] Entering CKSLEngine::EnableKSL. State: [3] 2026-02-12T19:31:18.307 [KSL] CKSLEngine::EnableKSL feature is already enabled. 2026-02-12T19:31:18.307 [KSL] Leaving CKSLEngine::EnableKsl(0). 2026-02-12T19:33:36.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T19:48:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T20:03:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T20:18:51.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T20:33:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T20:49:01.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T21:04:06.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T21:19:11.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T21:34:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T21:49:21.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T22:04:26.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T22:19:31.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T22:34:36.717 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T22:49:41.703 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T23:04:46.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T23:19:51.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T23:34:56.699 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-12T23:50:01.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T00:05:06.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T00:20:11.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T00:35:16.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T00:50:21.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T01:05:26.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T01:20:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T01:35:36.706 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T01:50:41.704 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T02:05:46.699 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T02:20:51.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T02:35:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T02:47:06.697 [AutoPurge] AutoPurgeWorker triggered with dwWork=0x3 2026-02-13T02:47:06.737 Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) launched 2026-02-13T02:47:06.737 Aggressive catchup quick scan threshold: 2721944185690 / 25920000000000 2026-02-13T02:47:06.747 Job Notification: New process added to job (170416) 2026-02-13T02:47:06.776 Job Notification: New process added to job (170444) 2026-02-13T02:47:06.796 [RTP] [Mini-filter] Denied OB operation OpenProcess[\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpCmdRun.exe][Pid:170416] from process [\Device\HarddiskVolume4\Windows\System32\conhost.exe][Pid:170444]. OriginalDesiredAccess: [0x1fffff] ResultingAccess: [0x1ff7d4] 2026-02-13T02:47:06.951 Task(SignaturesUpdateService -ScheduleJob -UnmanagedUpdate) launched 2026-02-13T02:47:06.952 Job Notification: New process added to job (170512) 2026-02-13T02:47:06.954 Job Notification: New process added to job (170524) 2026-02-13T02:47:06.963 [RTP] [Mini-filter] Denied OB operation OpenProcess[\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpCmdRun.exe][Pid:170512] from process [\Device\HarddiskVolume4\Windows\System32\conhost.exe][Pid:170524]. OriginalDesiredAccess: [0x1fffff] ResultingAccess: [0x1ff7d4] 2026-02-13T02:47:07.254 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-13T02:47:07.254 [RTP] Duplicating the current plugin configuration object... 2026-02-13T02:47:07.254 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-13T02:47:07.254 [RTP] Updating plugin configuration due to recent config changes (0x20) ... 2026-02-13T02:47:07.254 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-13T02:47:07.254 [RTP] No config change detected. Not updating plugin configuration. 2026-02-13T02:47:07.254 [RTP] No config changes found. No configuration switch. 2026-02-13T02:47:07.254 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x20, Changed: 0 2026-02-13T02:47:57.853 UpdateEngine start: Source: 1, szUpdateDirectory: C:\Windows\Temp\73E215F5-15D5-4A10-BB11-17C88B5B8D81298c4.1dc9c9326e9b2d7 2026-02-13T02:47:58.110 Verifying engine and signature files (source: 0) ... 2026-02-13T02:47:58.110 Skipped verification of [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{80CFA718-A6F0-42F9-AE7D-68836ED4693C}\mpengine.dll] due to PPL. 2026-02-13T02:47:58.111 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{80CFA718-A6F0-42F9-AE7D-68836ED4693C}\mpasbase.vdm] (file in cache) 2026-02-13T02:47:58.111 MpCacheManagerIsTrustedFile [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{80CFA718-A6F0-42F9-AE7D-68836ED4693C}\mpasdlta.vdm]. File not in cache (0x1) 2026-02-13T02:47:58.176 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{80CFA718-A6F0-42F9-AE7D-68836ED4693C}\mpasdlta.vdm] 2026-02-13T02:47:58.177 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{80CFA718-A6F0-42F9-AE7D-68836ED4693C}\mpavbase.vdm] (file in cache) 2026-02-13T02:47:58.177 MpCacheManagerIsTrustedFile [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{80CFA718-A6F0-42F9-AE7D-68836ED4693C}\mpavdlta.vdm]. File not in cache (0x1) 2026-02-13T02:47:58.182 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{80CFA718-A6F0-42F9-AE7D-68836ED4693C}\mpavdlta.vdm] 2026-02-13T02:47:58.387 [Engine] IsHybridMode: 0 2026-02-13T02:47:58.402 [KSL]KSL(1.1.25111.3024) Is available via CAMP. KslDevice : KslD 2026-02-13T02:47:58.553 Database:Can't find offline cache cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-B4C1F3F046CBE458EB50BC0865C788B3C4037AA2.bin): 0x00000002 2026-02-13T02:47:58.555 Database:Creating offline cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-B4C1F3F046CBE458EB50BC0865C788B3C4037AA2.bin) 2026-02-13T02:47:58.555 Database:Product:1, ProductVersion:5, Platform:6, PlatformVersion:19, IsBeta:0, IsAdvancedAtLoad:0, IsParanoid: 0, IsOffline: 0 2026-02-13T02:47:58.555 Database:IsEmbedded: 0, IsIEVEnabled: 0, IsServerSku: 1, IsRsdhSku: 1, IsEnterpriseProduct: 0, IsMsft: 0, IsSeville: 0, IsMsSense: 0, IsImmune: 0, IsMba: 0, IsPus: 0, IsManaged: 0, IsSmode: 0 2026-02-13T02:47:58.555 Database:IsAutoSubmit:0, IsPusRem:0, LoadedAS:1, LoadedAV:1, LoadedInternal: 0, PassiveMode: 0, SxsPassiveMode:0, IsDevMode:0, IsTestSigning:0, IsWCOS: 0, IsInsideContainer: 0, IsHybridMode: 0 2026-02-13T02:47:58.555 Database:kLCID:1033, kOsVersion:655360, kProcessorArch:9, dwIsTest:0, kOOsVersion:655360, kOsSP:0, kOsBld:17763, dwPvpRing=0xffffffff IDynamicConfig::ReportError value=BruteForceProtectionIPExclusion hr=0x8007007b IDynamicConfig::ReportError value=BruteForceProtectionStatus hr=0x8007007b IDynamicConfig::ReportError value=DisableGradualRelease hr=0x8007007b IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007b IDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000d IDynamicConfig::ReportError value=MpCampRingThrottled hr=0x8007007b IDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d IDynamicConfig::ReportError value=MpEngineRingThrottled hr=0x8007007b 2026-02-13T02:49:13.525 Geo ID not found using standard default set: :SOAP:https://wdcp.microsoft.com/WdCpSrvc.asmx 2026-02-13T02:49:13.564 [AutoExclusion] Applied roles from cache. 2026-02-13T02:49:13.564 [AutoExclusion] Started roles monitoring. IDynamicConfig::ReportError ECS value=EnableAdsSymlinkMitigation_MpRamp hr=0x8007007b IDynamicConfig::ReportError ECS value=EnableBmProcessInfoMetastoreMaintenance_MpRamp hr=0x800700d4 IDynamicConfig::ReportError ECS value=EnableCIWorkaroundOnCFAEnabled_MpRamp hr=0x8007007b IDynamicConfig::ReportError ECS value=MdDisableResController hr=0x800700d4 IDynamicConfig::ReportError ECS value=MdTimerInitalDelay hr=0x800700d4 IDynamicConfig::ReportError ECS value=MdTimerMonitorInterval hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpCopyAcceleratorCancellableCopyState hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpDisablePropBagNotification hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpEnableNoMetaStoreProcessInfoContainer hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpEnablePurgeHipsCache hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpForceDllHostScanExeOnOpen hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpDisableResourceMonitoring hr=0x8007007b IDynamicConfig::ReportError ECS value=EnableThreatIdKeyForSigExpiry_MpRamp hr=0x800700d4 IDynamicConfig::ReportError ECS value=NIS_DisableTransportCallouts hr=0x8007007b IDynamicConfig::ReportError ECS value=MpDlpClipboardSettings hr=0x8007007b IDynamicConfig::ReportChange ECS value=MpFC_EnableCommonMetricsEvents new=1 old0 IDynamicConfig::ReportChange ECS value=MpFC_SupportThreatActionDetectionOnly new=1 old0 IDynamicConfig::ReportChange ECS value=MpDisableBmHealthOneDsEvent new=True oldFalse 2026-02-13T02:49:14.050 [Engine] RSIG_ENGINE_PRE_SHUTDOWN, 0x00007FFB78C6E190, lRefCount: 5, hr=0 2026-02-13T02:49:14.061 [Engine] New active engine 00007FFB77BDE190 replacing engine 00007FFB78C6E190. Number of active engines: 2 2026-02-13T02:49:14.298 EngineInit:Global ASOC is enabled 2026-02-13T02:49:14.298 EngineInit:ASOO is enabled for developer volumes 2026-02-13T02:49:16.062 Engine-HIPS:Loaded ASR vdm rule "Block use of copied or impersonated system tools", State=5, Action=0, Type=9, Duplicates(Interval=288000000000, scope=0x100) 2026-02-13T02:49:16.063 Engine-HIPS:Loaded ASR vdm rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-13T02:49:16.063 Engine-HIPS:Loaded ASR vdm rule "Block credential stealing from the Windows local security authority subsystem (lsass.exe)", State=5, Action=7, Type=1, Duplicates(Interval=288000000000, scope=0x380) 2026-02-13T02:49:16.063 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from injecting code into other processes", State=5, Action=2, Type=24, Duplicates(Interval=144000000000, scope=0x380) 2026-02-13T02:49:16.063 Engine-HIPS:Loaded ASR vdm rule "Controlled folder access", State=0, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-13T02:49:16.063 Engine-HIPS:Loaded ASR vdm rule "Block untrusted and unsigned processes that run from USB", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-13T02:49:16.063 Engine-HIPS:Loaded ASR vdm rule "Block Adobe Reader from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-13T02:49:16.063 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from creating executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-13T02:49:16.063 Engine-HIPS:Loaded ASR vdm rule "Block Webshell creation for Servers", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-13T02:49:16.063 Engine-HIPS:Loaded ASR vdm rule "Block Office communication application from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-13T02:49:16.063 Engine-HIPS:Loaded ASR vdm rule "Block abuse of in-the-wild exploited vulnerable signed drivers", State=5, Action=0, Type=1, Duplicates(Interval=36000000000, scope=0x100) 2026-02-13T02:49:16.063 Engine-HIPS:Loaded ASR vdm rule "Block all Office applications from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-13T02:49:16.063 Engine-HIPS:Loaded ASR vdm rule "Use advanced protection against ransomware", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-13T02:49:16.063 Engine-HIPS:Loaded ASR vdm rule "Block Process Creations originating from PSExec & WMI commands", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-13T02:49:16.063 Engine-HIPS:Loaded ASR vdm rule "Block Launching of executable content from email attachment", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-13T02:49:16.063 Engine-HIPS:Loaded ASR vdm rule "Block JavaScript or VBScript from launching downloaded executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-13T02:49:16.063 Engine-HIPS:Loaded ASR vdm rule "Block persistence through WMI event subscription", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-13T02:49:16.063 Engine-HIPS:Loaded ASR vdm rule "Block rebooting machine in Safe Mode", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-13T02:49:16.063 Engine-HIPS:Loaded ASR vdm rule "Block execution of potentially obfuscated scripts", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-13T02:49:16.403 MpWriteUupSignatureVersion 1.445.20.0, hr = 0 2026-02-13T02:49:16.404 ForceSyncMoacInsertion config from engine is 0, hr = 0x0 2026-02-13T02:49:16.515 [RTP] [Mini-filter] MpFC: MpFC_Kernel_HardenUxProcesses=0;MpFC_Kernel_SystemIoRequestWorkOnBehalfOf=0x1;MpFC_Kernel_PreventBindfltAbuse=0x1;MpFC_Kernel_ParentProcessObHardeningAllow=0;MpFC_Kernel_ReduceOfficeInjectRuleFP=0x1;MPC_Kernel_CheckValidityOfProcessFilterFlagsInASR=0x1;MpFc_Kernel_UseLowPrioThreadsForAsyncScans=0x1;MpFc_Kernel_DisableFileDirtyLogic=0;MpFC_Kernel_DisableDLPPort=0x1;MpFC_Kernel_DlpFeatures=0;MpFC_Kernel_EnableFolderGuardOnPostCreate=0x1;MpFC_Kernel_StrictTiChildrenMatch=0;MpFC_Kernel_PPLReduxMitigationFlags=0x3;MpFc_Kernel_UseLowPriAsyncScansDevDrvOnly=0x1;MpFc_Kernel_DisableOfficeInjectUevSuppression=0x1;MpFc_Kernel_CopyChunkFileHintMask=0;MpFc_Kernel_DisableScanOnCloseForNetworkFiles=0x1;MpFc_Kernel_MaxAsyncWorkQueue=0x400;MpFc_Kernel_DlpIgnoreSystemFolder=0x1;MpFc_Kernel_DlpPassThroughMode=0;MpFc_Kernel_L2StateCache_DefaultStreamsOnly=0x1;MpFc_Kernel_L2StateCache_SupportGenericFileState=0x1;MpFc_Kernel_CryptSvcPreScanFilter=0x1;MpFc_Kernel_SystemPreScanFilter=0x1;MpFC_Kernel_CheckValidit 2026-02-13T02:49:16.516 [HybridMode] HybridMode change notification isHybridModePolicyEnabled: 0, isVerifiedAndReputableTrustModeEnabled: 0 2026-02-13T02:49:16.516 Hybrid mode change notification called, no change detected in verified and reputable trust mode (0 -> 0)! 2026-02-13T02:49:16.516 Hybrid mode change notification called, no change detected in Hybrid mode (0 -> 0)!ApplyDefenderProcessTokenTrustLableAce succeeded to set. 2026-02-13T02:49:16.537 MpUpdateUpdateResiliencyConfiguration updated to 0 2026-02-13T02:49:16.537 [Plugin] Initializing RTP plugin state... 2026-02-13T02:49:16.537 [Plugin] Normal mode, or passive mode with shadow protection enabled. Will not force RTP off. 2026-02-13T02:49:16.537 [Engine] Loaded C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{80CFA718-A6F0-42F9-AE7D-68836ED4693C} 2026-02-13T02:49:16.538 [Engine] Skip removing C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C6EC172-B984-49BF-A60E-6D25E085BB97}, C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C6EC172-B984-49BF-A60E-6D25E085BB97}\mpasbase.vdm in use, hr=0x80070020 2026-02-13T02:49:16.539 Failed to retrieve config value from engine or configurations for config key (MdCpuSensorCollectionLag) hr = 0x8050800f 2026-02-13T02:49:16.539 Failed to retrieve config value from engine or configurations for config key (MdCrashSensorCollectionLag) hr = 0x8050800f 2026-02-13T02:49:16.539 Failed to retrieve config value from engine or configurations for config key (MdDiskSensorCollectionLag) hr = 0x8050800f 2026-02-13T02:49:16.539 Failed to retrieve config value from engine or configurations for config key (MdMemorySensorCollectionLag) hr = 0x8050800f 2026-02-13T02:49:16.539 MdCoreSvc is supported in this platform and OS 2026-02-13T02:49:16.550 [RTP] ****************************RTP Perf Log*************************** RTP Start:‎02‎-‎12‎-‎2026 05:50:50 Last Perf:‎02‎-‎12‎-‎2026 05:50:50 First RTP Scan:N/A Plugin States: AV:1 AS:1 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\OInstall_x64.exe C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\files C:\Users\Administrator\Downloads\InternetDownloadManager6.42Build3.c.taiwebs.com\Internet Download Manager 6.42 Build 3 Multilingual\Patch C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\OInstall.exe Ext Exclusions: Temp Exclusions: Worker Threads: AM:18 Async:4 Cache Flushes: RTP:1 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:2,3,0 SetEngine:1,1,0 SetState:1,1,0 SetUser:0,0,0 Config:0,1,0 ProcExcl:0,1,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:281166 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:21464 AsyncQCurrent:0 BMFlags:1160 ServiceMaj:0 ServiceMin:0 NumInstance:6 TotalStreamCon:2436 NTFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:172229819 TotalHits:0 InstanceCacheInserts:3265 InstanceCacheUpdates:0 InstanceCacheDeletes:2189 InstanceCacheHits:597 InstanceCacheMisses:214907 InstanceCacheOverflows:0 CSVFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 SyncProcessCreateDuration:-1ms (0/0) Success: 0, failures: 0 (last code: 0x0), timeouts: 0, baddata: 0 **************************END RTP Perf Log************************* 2026-02-13T02:49:16.553 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). Beginning quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Target: Flags:131074 Start time:02-13-2026 02:49:16 Finished quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Result:0 End time:02-13-2026 02:49:16 2026-02-13T02:49:16.693 [TP] State change. FeatureAvialable: False, NewState: 0x2, OldState: 0x2, Scenario: Consumer, Source: Signatures, ConfigChange: Remove 2026-02-13T02:49:16.695 [TP] TP Enabled: 0, SecureConfigEnabled: 0, DisableTPExclusionBypass: 0, EnableTPExclusion via FC: 0, IsIntuneManagedDefender: 0, IsSCCMManagedDefender: 0, IsMDEAttachManagedDefender: 0, IsSCCMOnlyManagedDefender: 0, IsStrictPolicyModeEnabled: 0 (from snapshot: 0), Effective EnableTPExclusions: 0, Previous EnableTPExclusions: 0, Delayed call: 0 2026-02-13T02:49:16.695 MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0 2026-02-13T02:49:16.695 MpPlatformKillbitsFromEngineEx (0x0) (0x0) written, hr = 0 2026-02-13T02:49:16.696 [NRI] Stopping NIS service ... 2026-02-13T02:49:16.697 Failed to retrieve config value from engine or configurations for config key (MdCpuSensorCollectionLag) hr = 0x8050800f 2026-02-13T02:49:16.697 Failed to retrieve config value from engine or configurations for config key (MdCrashSensorCollectionLag) hr = 0x8050800f 2026-02-13T02:49:16.697 Failed to retrieve config value from engine or configurations for config key (MdDiskSensorCollectionLag) hr = 0x8050800f 2026-02-13T02:49:16.697 Failed to retrieve config value from engine or configurations for config key (MdMemorySensorCollectionLag) hr = 0x8050800f 2026-02-13T02:49:16.697 MdCoreSvc is supported in this platform and OS 2026-02-13T02:49:16.843 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-13T02:49:16.843 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-13T02:49:16.843 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-13T02:49:16.843 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-13T02:49:16.843 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-13T02:49:16.907 [KSL] Entering CKSLEngine::EnableKSL. State: [3] 2026-02-13T02:49:16.907 [KSL] CKSLEngine::EnableKSL feature is already enabled. 2026-02-13T02:49:16.907 [KSL] Leaving CKSLEngine::EnableKsl(0). Signature updated on 02-13-2026 02:49:17 Product Version: 4.18.26010.5 Service Version: 4.18.26010.5 Engine Version: 1.1.26010.1 AS Signature Version: 1.445.20.0 AV Signature Version: 1.445.20.0 ************************************************************ 2026-02-13T02:49:17.028 [Update] Performing ScanOnUpdate, GetConfigHr: 0x0, dwDisableScanOnUpdate: 0, passiveMode: 0, killbit: 0 2026-02-13T02:49:17.028 UpdateEngine finished with 0: Source: 1, szUpdateDirectory: C:\Windows\Temp\73E215F5-15D5-4A10-BB11-17C88B5B8D81298c4.1dc9c9326e9b2d7 2026-02-13T02:49:17.030 Process scan (postsignatureupdatescan) started. 2026-02-13T02:49:17.977 [Engine] Engine 00007FFB78C6E190 no longer in use. Number of active engines: 1 2026-02-13T02:49:17.977 [RTP] [RTP] FilterCommunicator object 0x000002800EA85F20 StopCommunication (\MicrosoftMalwareProtectionPortWD, \MicrosoftMalwareProtectionVeryLowIoPortWD), threads: 8 normal, 2 very low, 0 alt, thread pool threads: 0 normal, 0 very low, 8 alt Signature updated via MicrosoftUpdateServer on 02-13-2026 02:49:18 ************************************************************ 2026-02-13T02:49:18.927 Job Notification: Process exited from job (170416) 2026-02-13T02:49:18.928 Job Notification: Process exited from job (170444) 2026-02-13T02:49:18.949 Job Notification: Process exited from job (170512) 2026-02-13T02:49:18.950 Job Notification: Process exited from job (170524) 2026-02-13T02:49:34.435 [Engine] RSIG_UNLOADENGINE, 00007FFB78C6E190, err=0x0 2026-02-13T02:49:34.540 [Engine] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C6EC172-B984-49BF-A60E-6D25E085BB97} removed Internal signature match:subtype=Lowfi, sigseq=0x0000157E55A4A794, sigsha=0d6df75c878ae2057e5184c1c65cd97a922b0f0b, cached=false, source=0, resourceid=0xa865ed51 Internal signature match:subtype=Lowfi, sigseq=0x00004AE7F6712C36, sigsha=d96c66db50bb3adef460233484cf124f27fd61c2, cached=false, source=0, resourceid=0x49ced1a9 2026-02-13T02:50:32.124 Process scan (postsignatureupdatescan) completed. 2026-02-13T02:51:01.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T02:54:14.333 [RbM] Setting Last known good engine candidate. hr = 0 2026-02-13T03:06:06.734 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T03:21:11.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T03:36:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T03:51:21.720 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T04:06:26.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T04:21:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T04:36:36.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T04:51:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T05:06:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T05:21:51.701 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T05:36:56.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T05:52:01.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T06:07:06.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T06:22:11.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T06:37:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T06:52:21.700 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T07:07:26.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T07:22:31.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T07:37:36.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T07:52:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T08:07:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T08:22:51.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T08:31:39.500 [AutoPurge] Verification Routine tasks have started.ApplyDefenderProcessTokenTrustLableAce succeeded to set. 2026-02-13T08:31:41.095 EnsureProtectedFolderAcls(), hr = 0x0 2026-02-13T08:31:41.106 [AutoPurge] MpReinforceServiceAcls: 0 2026-02-13T08:31:41.118 [AutoPurge] Readded platform files to MOAC after ACL enforcement. hr=0 2026-02-13T08:31:41.184 [AutoPurge] SendHeartbeatTelemetryIfDue failed. hr = 0x80508015 2026-02-13T08:31:41.210 [AutoPurge] Removing expired default signature package ... 2026-02-13T08:31:43.133 Job Notification: New process added to job (182448) 2026-02-13T08:31:54.715 Job Notification: Process exited from job (182448) 2026-02-13T08:31:55.520 [AutoPurge] Verification Routine tasks have ended. 2026-02-13T08:37:07.261 CheckProductDisabled(fWaitWSC: 0, fRemoveConfigs: 1) ... 2026-02-13T08:37:07.425 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-13T08:37:07.425 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-13T08:37:07.425 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-13T08:37:07.425 [RTP] [RtpConfig] Config change detected, type: 4 2026-02-13T08:37:07.425 [RTP] [RtpConfig] Config change detected, type: 8 2026-02-13T08:37:07.425 [RTP] [RtpConfig] Config change detected, type: 16 2026-02-13T08:37:07.425 [RTP] [RtpConfig] Config change detected, type: 1024 2026-02-13T08:37:07.425 [RTP] [RtpConfig] Config change detected, type: 2048 2026-02-13T08:37:07.551 [RTP] Setting DisableAsyncScanOnClose to 0 (hr=0). 2026-02-13T08:37:07.551 [RTP] Setting DisableAsyncScanOnOpen to 0 in wdfilter (hr=0). 2026-02-13T08:37:07.551 [RTP] Setting FilterExperimentMode to 0 (hr=0). 2026-02-13T08:37:07.670 [RTP] Setting DisableDriverUnload to 1 (hr=0). 2026-02-13T08:37:07.670 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-13T08:37:07.703 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-13T08:37:07.740 [NRI] Stopping NIS service ... 2026-02-13T08:37:07.741 [NRI] Stopping NIS service ... 2026-02-13T08:37:07.741 [NRI] Stopping NIS service ... 2026-02-13T08:37:07.742 [NRI] Stopping NIS service ... 2026-02-13T08:37:07.743 [NRI] Stopping NIS service ... 2026-02-13T08:37:07.759 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-13T08:37:07.759 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-13T08:37:07.759 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-13T08:37:07.791 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-13T08:37:07.791 [RTP] [RTP] LastAccessTimeSuppression for network files is enabled by configuration. 2026-02-13T08:37:07.792 [RTP] [RtpConfig] Config change detected, type: 64 2026-02-13T08:37:09.930 [RTP] Duplicating the current plugin configuration object... 2026-02-13T08:37:09.930 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-13T08:37:09.930 [RTP] Updating plugin configuration due to recent config changes (0x43e) ... 2026-02-13T08:37:09.930 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-13T08:37:09.930 [RTP] Calling GenerateEngineConfigStruct (0x18) ... 2026-02-13T08:37:09.974 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x43e, Changed: 0x218 2026-02-13T08:37:56.712 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T08:53:01.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T09:08:06.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T09:08:57.551 [AutoPurge] Routine task for Cache Maintenance has started. 2026-02-13T09:08:57.680 [AutoPurge] Cleanup Routine tasks have started. 2026-02-13T09:08:57.692 [AutoPurge] Routine task for Cache Maintenance ... 2026-02-13T09:08:58.254 [AutoPurge] Routine task for MpSFCBuild ... 2026-02-13T09:08:58.254 [AutoPurge] MpCmIsBuildCompleted() - S_OK 2026-02-13T09:08:58.254 [AutoPurge] MpSignalMaintenanceMode ... 2026-02-13T09:09:04.407 Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0) 2026-02-13T09:09:05.165 [AutoPurge] Purged 0 expired detection item(s) from a total of 0. 2026-02-13T09:09:05.194 [AutoPurge] 0 expired file(s) deleted under C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store (total: 0, expiration in 86400 seconds) Beginning quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Target: Flags:65538 Start time:02-13-2026 09:09:05 Finished quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Result:0 End time:02-13-2026 09:09:06 2026-02-13T09:09:07.627 [PlatUpd] Purging orphaned platform update directories under C:\ProgramData\Microsoft\Windows Defender\Platform ... 2026-02-13T09:09:07.627 [PlatUpd] Not purging current location C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0 ... 2026-02-13T09:09:07.627 [PlatUpd] Not purging backup location C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0 ... 2026-02-13T09:09:07.628 [PlatUpd] Deleting orphaned platform update directory C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.5-0 ... 2026-02-13T09:09:09.184 Created on demand scan context for ScanType:1. ScanTrigger:55, ScanId:5CA43794-F017-4FC2-A45B-193D5839DA9B, Source: MPSOURCE_SYSTEM(2), EngineSource: MP_SCANSOURCE_SCHEDULED(1) 2026-02-13T09:09:09.185 Scheduled scan with Id 5CA43794-F017-4FC2-A45B-193D5839DA9B configured CPU priority: normal (LowCpuPriority: 0) 2026-02-13T09:09:09.289 [SFC] MpCmIsBuildPermissible(1) returns S_OK. Start SFC build. 2026-02-13T09:09:09.289 [SFC] System file cache build is not needed (already completed) 2026-02-13T09:09:10.163 [PlatUpd] Deleting orphaned platform update directory C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25100.9008-0 ... 2026-02-13T09:09:12.870 [PlatUpd] Purging orphaned platform update directories under C:\Program Files\Windows Defender\Platform ... 2026-02-13T09:09:12.946 [AutoPurge] Cleanup Routine tasks have ended. 2026-02-13T09:09:20.039 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-shlwapi-legacy-l1-1-0.dll", hr=0x0 2026-02-13T09:09:20.476 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\pcat\pt-br\memtest.exe.mui", hr=0x0 2026-02-13T09:09:21.715 Engine:Setting original file name "rasapi32.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.rasapi32.dll.01dc9a324c60ac5f.0058", hr=0x0 2026-02-13T09:09:24.079 Engine:Setting original file name "sdclient.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.sdclient.dll.01dc9a324f17aa1a.0063", hr=0x0 2026-02-13T09:09:36.090 Engine:Setting original file name "memdiag.exe" for "c:\windows\winsxs\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.17763.107_sv-se_1b4fcd368d229221\memtest.exe.mui", hr=0x0 2026-02-13T09:10:02.420 Engine:Setting original file name "MSIDENT.DLL.MUI" for "c:\windows\system32\en-us\msidntld.dll.mui", hr=0x0 2026-02-13T09:10:06.726 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-interlocked-l1-1-0.dll", hr=0x0 2026-02-13T09:10:10.456 Engine:Setting original file name "Windows SDK" for "c:\windows\system32\winmetadata\windows.services.winmd", hr=0x0 2026-02-13T09:10:38.051 Engine:Setting original file name "WIADSS DLL" for "c:\windows\syswow64\en-us\wiadss.dll.mui", hr=0x0 2026-02-13T09:10:42.393 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\pcat\fi-fi\memtest.exe.mui", hr=0x0 2026-02-13T09:11:01.624 Engine:Setting original file name ""MTF.DYNLINK"" for "c:\windows\system32\mtf.dll", hr=0x0 2026-02-13T09:11:16.642 Engine:Setting original file name "outllibr.dll" for "c:\program files\microsoft office\root\office16\outllibr.common.dll", hr=0x0 2026-02-13T09:11:36.089 Engine:Setting original file name "rasadhlp.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.rasadhlp.dll.01dc9a32254db86d.000b", hr=0x0 2026-02-13T09:11:56.792 Engine:Setting original file name "Audio_DiagPackage.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-a..iagnostic.resources_31bf3856ad364e35_10.0.17763.1_en-us_07405ada24951d3a\diagpackage.dll.mui", hr=0x0 2026-02-13T09:11:58.353 Engine:Setting original file name "ir41_32.ax.mui" for "c:\windows\winsxs\x86_microsoft-windows-i..o4-codecs.resources_31bf3856ad364e35_10.0.17763.1_en-us_92a66f78f66fddfc\ir41_32original.dll.mui", hr=0x0 2026-02-13T09:11:58.779 Engine:Setting original file name "Adobe PDF Toolbar for IE" for "c:\program files\common files\adobe\acrobat\wcieactivex\dc\acroiefavclient.dll", hr=0x0 2026-02-13T09:12:13.337 Engine:Setting original file name "DeviceCategories.dll" for "c:\windows\syswow64\ddores.dll", hr=0x0 2026-02-13T09:12:22.167 Engine:Setting original file name "SharedPC.CredentialProvider.dll.MUI" for "c:\windows\winsxs\amd64_microsoft-windows-s..lprovider.resources_31bf3856ad364e35_10.0.17763.1_en-us_dee4accf766e94d4\windows.sharedpc.credentialprovider.dll.mui", hr=0x0 2026-02-13T09:12:22.826 Engine:Setting original file name "AppSharingChromeHookController.exe" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\appsharinghookcontroller.exe", hr=0x0 2026-02-13T09:12:26.719 Engine:Setting original file name "msvcr100_clr0400.dll" for "c:\windows\syswow64\msvcr100.dll", hr=0x0 2026-02-13T09:12:28.825 Engine:Setting original file name "RasCredProv" for "c:\windows\winsxs\wow64_microsoft-windows-rasplap-mui.resources_31bf3856ad364e35_10.0.17763.1_en-us_8b7b75796fafa195\rasplap.dll.mui", hr=0x0 2026-02-13T09:12:32.199 Engine:Setting original file name "WMIC.exe" for "c:\windows\system32\wbem\wmic.exe", hr=0x0 2026-02-13T09:12:33.124 Engine:Setting original file name "tquery.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.tquery.dll.01dc9a3253073894.0070", hr=0x0 2026-02-13T09:12:40.363 Engine:Setting original file name "sqmapi.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.sqmapi.dll.01dc9a325152e385.006b", hr=0x0 2026-02-13T09:12:41.289 Engine:Setting original file name "ntdsai.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.ntdsai.dll.01dc9a324b5cc2f6.0052", hr=0x0 2026-02-13T09:12:42.980 Engine:Setting original file name "schannel.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.schannel.dll.01dc9a324ee3b84d.0062", hr=0x0 2026-02-13T09:12:58.747 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-security-base-l1-1-0.dll", hr=0x0 2026-02-13T09:13:20.475 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-realtime-l1-1-0.dll", hr=0x0 2026-02-13T09:13:21.217 Engine:Setting original file name "aero.msstyles" for "c:\windows\resources\themes\aero\aerolite.msstyles", hr=0x0 2026-02-13T09:13:21.631 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\pcat\de-de\memtest.exe.mui", hr=0x0 2026-02-13T09:13:22.677 Engine:Setting original file name "mssprxy.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.mssprxy.dll.01dc9a3249d4ee58.0047", hr=0x0 2026-02-13T09:13:26.900 Engine:Setting original file name "WLRMNDR.EXE" for "c:\windows\winsxs\amd64_microsoft-windows-winlogon-tools_31bf3856ad364e35_10.0.17763.1697_none_e1e870c05edca249\wlrmdr.exe", hr=0x0 2026-02-13T09:13:34.361 Engine:Setting original file name "hiberrsm.exe" for "c:\windows\system32\boot\en-us\winresume.efi.mui", hr=0x0 2026-02-13T09:13:40.481 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\de-de\memtest.efi.mui", hr=0x0 2026-02-13T09:13:43.028 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_6208593b31ff9592\api-ms-win-security-lsapolicy-l1-1-0.dll", hr=0x0 2026-02-13T09:13:44.459 Engine:Setting original file name "dcficons.exe" for "c:\program files\microsoft office\root\vfs\windows\installer\{90160000-000f-0000-1000-0000000ff1ce}\dbcicons.exe", hr=0x0 2026-02-13T09:13:45.750 Engine:Setting original file name "LicensingWinRuntime.dll" for "c:\windows\winsxs\amd64_microsoft-windows-security-spp-ux_31bf3856ad364e35_10.0.17763.7919_none_a90e016670d2a7af\licensingwinrt.dll", hr=0x0 2026-02-13T09:13:46.587 Engine:Setting original file name "msvcrt.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.msvcrt.dll.01dc9a326bfc2ab1.00b3", hr=0x0 2026-02-13T09:13:50.390 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-comm-l1-1-0.dll", hr=0x0 2026-02-13T09:13:56.214 Engine:Setting original file name "Microsoft.JScript.dll" for "c:\windows\winsxs\x86_netfx-scripting_engine_tlb_b03f5f7f11d50a3a_10.0.17763.1_none_71a956c570486d6b\microsoft.jscript.tlb", hr=0x0 2026-02-13T09:13:56.590 Engine:Setting original file name "setup" for "c:\program files\google\chrome\application\144.0.7559.133\installer\chrmstp.exe", hr=0x0 2026-02-13T09:14:06.223 Engine:Setting original file name "PresentationNative" for "c:\manager\licence\bin\presentationnative_cor3.dll", hr=0x0 2026-02-13T09:14:09.862 Engine:Setting original file name "dpmodemx.dll" for "c:\windows\syswow64\dplaysvr.exe", hr=0x0 2026-02-13T09:14:11.059 Engine:Setting original file name "lhdfrgui.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-d..g-adminui.resources_31bf3856ad364e35_10.0.17763.1_en-us_a91c08b0bd0d09ea\dfrgui.exe.mui", hr=0x0 2026-02-13T09:14:11.512 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.media.winmd", hr=0x0 2026-02-13T09:14:13.012 Engine:Setting original file name "msfltr32.acm" for "c:\windows\system32\msacm32.dll", hr=0x0 2026-02-13T09:14:19.211 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-crt-filesystem-l1-1-0.dll", hr=0x0 2026-02-13T09:14:19.362 Engine:Setting original file name "WINTRUST.DLL" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.wintrust.dll.01dc9a3258231f5e.0089", hr=0x0 2026-02-13T09:14:25.461 Engine:Setting original file name "gdi32" for "c:\windows\winsxs\wow64_microsoft-windows-gdi32full_31bf3856ad364e35_10.0.17763.7919_none_ad8c806d2da42f76\gdi32full.dll", hr=0x0 2026-02-13T09:14:36.472 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-kernel32-private-l1-1-0.dll", hr=0x0 2026-02-13T09:15:03.707 Engine:Setting original file name "setup" for "c:\users\administrator\downloads\programs\python-3.12.1-amd64.exe", hr=0x0 2026-02-13T09:15:13.946 Engine:Setting original file name "dpmodemx.dll" for "c:\windows\syswow64\dpnaddr.dll", hr=0x0 Internal signature match:subtype=Lowfi, sigseq=0x00001080BD474309, sigsha=12dcaa1fa061982b60965c79a12b1fa9857cd220, cached=false, source=0, resourceid=0x47515790 2026-02-13T09:15:15.657 Engine:Setting original file name "ws2_32.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.ws2_32.dll.01dc9a3273d5cb4e.00c5", hr=0x0 Internal signature match:subtype=Lowfi, sigseq=0x000010806C1FBEBC, sigsha=62d527f22a73e99676b1b698fda24d54631bc5e6, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x000010807F33016C, sigsha=3969d92ccecc920f2b38c26959c245b73df4cddd, cached=false, source=0, resourceid=0x47515790 Internal signature match:subtype=Lowfi, sigseq=0x00001080DCA721BD, sigsha=13bf421faa34d3dab1e680e23c46d4dcb5ca3d0a, cached=false, source=0, resourceid=0x47515790 2026-02-13T09:15:23.398 Engine:Setting original file name "System.Drawing.dll" for "c:\windows\microsoft.net\framework64\v2.0.50727\system.drawing.tlb", hr=0x0 2026-02-13T09:15:25.272 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.perception.winmd", hr=0x0 2026-02-13T09:15:29.909 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-datetime-l1-1-1.dll", hr=0x0 2026-02-13T09:15:31.013 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.security.winmd", hr=0x0 2026-02-13T09:15:32.186 Engine:Setting original file name "RRASUPG.DLL" for "c:\windows\winsxs\amd64_microsoft-windows-rasserver_31bf3856ad364e35_10.0.17763.8024_none_f9585f663982f226\rasmigplugin.dll", hr=0x0 2026-02-13T09:15:35.745 Engine:Setting original file name "osloader.exe" for "c:\windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.17763.8146_none_a8cce3593e637340\winload.exe", hr=0x0 2026-02-13T09:15:46.308 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-heap-obsolete-l1-1-0.dll", hr=0x0 2026-02-13T09:15:51.005 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-threadpool-private-l1-1-0.dll", hr=0x0 2026-02-13T09:15:51.122 Engine:Setting original file name "Video_DiagPackage.dll.mui" for "c:\windows\diagnostics\system\video\en-us\diagpackage.dll.mui", hr=0x0 2026-02-13T09:15:54.355 Engine:Setting original file name "ntdll.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.ntdll.dll.01dc9a3224e430fe.0009", hr=0x0 2026-02-13T09:16:09.249 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-io-l1-1-0.dll", hr=0x0 2026-02-13T09:16:20.367 Engine:Setting original file name "WEXTRACT.EXE .MUI" for "c:\windows\winsxs\amd64_microsoft-windows-ie-iexpress.resources_31bf3856ad364e35_11.0.17763.1_en-us_483cea70e7d68328\wextract.exe.mui", hr=0x0 2026-02-13T09:16:28.629 Engine:Setting original file name "msdxm.ocx" for "c:\windows\system32\dxmasf.dll", hr=0x0 2026-02-13T09:16:30.436 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\api-ms-win-crt-heap-l1-1-0.dll", hr=0x0 2026-02-13T09:16:33.602 Engine:Setting original file name "UccApp.dll" for "c:\program files\microsoft office\root\office16\uccapi.dll", hr=0x0 2026-02-13T09:16:43.777 Engine:Setting original file name "unpnhost.dll.mui" for "c:\windows\system32\en-us\upnphost.dll.mui", hr=0x0 2026-02-13T09:16:47.563 Engine:Setting original file name "mp4sdmod.dll" for "c:\windows\winsxs\amd64_microsoft-windows-mp4sdecd_31bf3856ad364e35_10.0.17763.7919_none_5c34cb3f3f29a7ed\mp4sdecd.dll", hr=0x0 2026-02-13T09:16:58.262 Engine:Setting original file name "UNKNOWN_FILE" for "c:\windows\winsxs\amd64_netfx4-scripting_engine_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_28bfff5fa28f873e\microsoft.jscript.tlb", hr=0x0 2026-02-13T09:17:14.384 Engine:Setting original file name "mscordaccore.dll" for "c:\users\administrator\downloads\compressed\managerserver\mscordaccore_amd64_amd64_8.0.624.26715.dll", hr=0x0 2026-02-13T09:17:17.389 Engine:Setting original file name "Tally Setup" for "c:\program files\tallyprimeeditlog (3)\setup.exe", hr=0x0 2026-02-13T09:17:18.500 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-libraryloader-l1-1-0.dll", hr=0x0 2026-02-13T09:17:27.667 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-eventing-legacy-l1-1-0.dll", hr=0x0 2026-02-13T09:18:02.461 Engine:Setting original file name "audioepb.dll.mui" for "c:\windows\system32\en-us\audioendpointbuilder.dll.mui", hr=0x0 2026-02-13T09:18:03.272 Engine:Setting original file name "ImagingDevices.cpl.mui" for "c:\windows\winsxs\x86_microsoft-windows-i..trolpanel.resources_31bf3856ad364e35_10.0.17763.1_en-us_6bdc508f71f0f023\imagingdevices.exe.mui", hr=0x0 2026-02-13T09:18:09.303 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-timezone-l1-1-0.dll", hr=0x0 2026-02-13T09:18:18.663 Engine:Setting original file name "penusa.dll" for "c:\program files (x86)\common files\microsoft shared\ink\penchs.dll", hr=0x0 2026-02-13T09:18:21.567 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-errorhandling-l1-1-0.dll", hr=0x0 2026-02-13T09:18:23.850 Engine:Setting original file name "MSVidCtl" for "c:\windows\system32\en-us\msvidctl.dll.mui", hr=0x0 2026-02-13T09:18:24.924 Engine:Setting original file name "sbscmp10.dll" for "c:\windows\winsxs\x86_netfx-sbs_sys_enterprisesvc_dll_31bf3856ad364e35_10.0.17763.1_none_f5d0a7ecc59d9f58\sbs_system.enterpriseservices.dll", hr=0x0 2026-02-13T09:18:25.754 Engine:Setting original file name "Windows SDK" for "c:\windows\system32\winmetadata\windows.media.winmd", hr=0x0 2026-02-13T09:18:28.685 Engine:Setting original file name "TARGET_NAME.dll" for "c:\program files\microsoft office\root\office16\cpprestsdk.dll", hr=0x0 2026-02-13T09:18:31.701 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-file-l1-2-1.dll", hr=0x0 2026-02-13T09:18:41.813 Engine:Setting original file name "powershell.exe" for "c:\windows\system32\windowspowershell\v1.0\powershell.exe", hr=0x0 2026-02-13T09:18:54.453 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-eventing-classicprovider-l1-1-0.dll", hr=0x0 2026-02-13T09:19:00.883 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-registry-l2-1-0.dll", hr=0x0 2026-02-13T09:19:02.488 Engine:Setting original file name "SensorsPerformanceEvents.dll.mui" for "c:\windows\system32\en-us\sensorperformanceevents.dll.mui", hr=0x0 2026-02-13T09:19:04.571 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-threadpool-l1-2-0.dll", hr=0x0 2026-02-13T09:19:05.157 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-memory-l1-1-1.dll", hr=0x0 2026-02-13T09:19:06.640 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\api-ms-win-core-file-l2-1-0.dll", hr=0x0 2026-02-13T09:19:14.034 Engine:Setting original file name "LODCTR.DLL.MUI" for "c:\windows\winsxs\amd64_microsoft-windows-p..xecutable.resources_31bf3856ad364e35_10.0.17763.1_en-us_5a008fb4bc58faa4\loadperf.dll.mui", hr=0x0 2026-02-13T09:19:24.919 Engine:Setting original file name "empty" for "c:\manager\licence\bin\clrcompression.dll", hr=0x0 Internal signature match:subtype=Lowfi, sigseq=0x00004AE7F6712C36, sigsha=d96c66db50bb3adef460233484cf124f27fd61c2, cached=false, source=0, resourceid=0xc8ebb48e 2026-02-13T09:19:35.176 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-memory-l1-1-2.dll", hr=0x0 2026-02-13T09:19:38.199 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-fibers-l1-1-0.dll", hr=0x0 2026-02-13T09:19:47.556 Engine:Setting original file name "Microsoft® Windows® Operating System" for "c:\windows\system32\aitstatic.exe", hr=0x0 2026-02-13T09:20:10.791 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-io-l1-1-0.dll", hr=0x0 2026-02-13T09:20:17.723 Engine:Setting original file name "MSCOREE.DLL" for "c:\windows\winsxs\amd64_netfx-mscoree_tlb_b03f5f7f11d50a3a_10.0.17763.1_none_57db62d5ffb05363\mscoree.tlb", hr=0x0 2026-02-13T09:20:19.135 Engine:Setting original file name "setup" for "c:\programdata\package cache\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}\vc_redist.x86.exe", hr=0x0 2026-02-13T09:20:19.567 Engine:Setting original file name "System.EnterpriseServices.dll" for "c:\windows\winsxs\amd64_netfx4-system_enterpriseservices_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_18a048c882317d25\system.enterpriseservices.tlb", hr=0x0 2026-02-13T09:20:24.255 Engine:Setting original file name "targetmgr" for "c:\windows\winsxs\amd64_microsoft-windows-f..targetmgr.resources_31bf3856ad364e35_10.0.17763.1_en-us_61e66740e8f216f5\targetmgr.exe.mui", hr=0x0 2026-02-13T09:20:28.512 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-c..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_c8bf93a1ea0d4b2f\api-ms-win-core-com-l1-1-0.dll", hr=0x0 2026-02-13T09:20:33.324 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\it-it\memtest.efi.mui", hr=0x0 2026-02-13T09:20:35.671 Engine:Setting original file name "KMDDSP.TSP.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-rasbase.resources_31bf3856ad364e35_10.0.17763.1_en-us_4edd7b2b0dcac8a6_kmddsp.tsp.mui_80ddeedb", hr=0x0 2026-02-13T09:20:41.120 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.devices.winmd", hr=0x0 2026-02-13T09:20:42.850 Engine:Setting original file name "BCP47Lang.dll" for "c:\windows\system32\bcp47langs.dll", hr=0x0 2026-02-13T09:20:46.141 Engine:Setting original file name "offreg.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.offreg.dll.01dc9a324ba27e60.0054", hr=0x0 2026-02-13T09:20:57.028 Engine:Setting original file name "HeidiSQL" for "c:\program files (x86)\common files\mariadbshared\heidisql\heidisql.exe", hr=0x0 2026-02-13T09:21:08.519 Engine:Setting original file name "git.exe" for "c:\program files\git\cmd\git-gui.exe", hr=0x0 2026-02-13T09:21:16.313 Engine:Setting original file name "Windows.Internal.ShellCommon.DevicePairingExperienceMEM.dll.MUI" for "c:\windows\system32\en-us\devicepairingexperiencemem.dll.mui", hr=0x0 2026-02-13T09:21:16.626 Engine:Setting original file name "winsqlite3" for "c:\windows\winsxs\amd64_microsoft-windows-winsqlite3_31bf3856ad364e35_10.0.17763.5696_none_63d22ab5fb511110\winsqlite3.dll", hr=0x0 2026-02-13T09:21:24.941 Engine:Setting original file name "System.Drawing.dll" for "c:\windows\microsoft.net\framework\v2.0.50727\system.drawing.tlb", hr=0x0 2026-02-13T09:21:39.305 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\zh-tw\msprivs.dll.mui", hr=0x0 2026-02-13T09:21:57.015 Engine:Setting original file name "bootres" for "c:\windows\winsxs\amd64_microsoft-windows-bootres.resources_31bf3856ad364e35_10.0.17763.1_en-us_d28b5274aecae1e5\bootres.dll.mui", hr=0x0 2026-02-13T09:22:08.824 Engine:Setting original file name "Windows SDK" for "c:\windows\system32\winmetadata\windows.storage.winmd", hr=0x0 2026-02-13T09:22:14.850 Engine:Setting original file name "winsqlite3" for "c:\windows\syswow64\winsqlite3.dll", hr=0x0 2026-02-13T09:22:18.841 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\zh-cn\memtest.efi.mui", hr=0x0 2026-02-13T09:22:18.963 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-timezone-l1-1-0.dll", hr=0x0 2026-02-13T09:22:20.551 Engine:Setting original file name "winsqlite3" for "c:\windows\system32\winsqlite3.dll", hr=0x0 2026-02-13T09:22:28.405 Engine:Setting original file name "DeviceCategories.dll" for "c:\windows\system32\ddores.dll", hr=0x0 2026-02-13T09:22:30.251 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-url-l1-1-0.dll", hr=0x0 2026-02-13T09:22:30.343 Engine:Setting original file name "PSAPI" for "c:\windows\syswow64\psapi.dll", hr=0x0 2026-02-13T09:22:31.590 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-processthreads-l1-1-2.dll", hr=0x0 2026-02-13T09:22:41.417 Engine:Setting original file name "shimconsole.exe" for "c:\program files\common files\oracle\java\javapath_target_1206494656\java.exe", hr=0x0 2026-02-13T09:22:44.373 Engine:Setting original file name "cdd.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.cdd.dll.01dc9a3223e4811d.0001", hr=0x0 2026-02-13T09:22:45.632 Engine:Setting original file name "rsaenh.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.rsaenh.dll.01dc9a324e73b796.0061", hr=0x0 2026-02-13T09:22:52.016 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-xstate-l2-1-0.dll", hr=0x0 2026-02-13T09:23:10.347 Engine:Setting original file name "sens.dll.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-sens-service.resources_31bf3856ad364e35_10.0.17763.1_en-us_0607cde57a2ea2cc_sens.dll.mui_64739194", hr=0x0 2026-02-13T09:23:11.749 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T09:23:13.721 Engine:Setting original file name "bootstr.exe.mui" for "c:\windows\system32\en-us\bootstr.dll.mui", hr=0x0 2026-02-13T09:23:21.744 Engine:Setting original file name "rpcrt4.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.rpcrt4.dll.01dc9a326e9928d7.00b7", hr=0x0 2026-02-13T09:23:22.267 Engine:Setting original file name "msvcrt.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.msvcrt.dll.01dc9a324a8e9944.004c", hr=0x0 2026-02-13T09:23:32.199 Engine:Setting original file name "Adobe PDF Toolbar for IE" for "c:\program files\common files\adobe\acrobat\wcieactivex\dc\x64\acroiefavstub.dll", hr=0x0 2026-02-13T09:23:32.864 Engine:Setting original file name "nbtinfo.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-nbtstat.resources_31bf3856ad364e35_10.0.17763.1_en-us_ac36a91c73bfce21\nbtstat.exe.mui", hr=0x0 2026-02-13T09:23:34.132 Engine:Setting original file name "NearByShareExperience.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-i..xperience.resources_31bf3856ad364e35_10.0.17763.1_en-us_eca21517d6d5f82e\microsoft-windows-internal-shell-nearshareexperience.dll.mui", hr=0x0 2026-02-13T09:23:48.183 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-processthreads-l1-1-2.dll", hr=0x0 2026-02-13T09:23:49.171 Engine:Setting original file name "WinTypes.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.wintypes.dll.01dc9a3258490c92.008a", hr=0x0 2026-02-13T09:23:53.590 Engine:Setting original file name ""mshwLatin.dll".mui" for "c:\program files (x86)\common files\microsoft shared\ink\en-us\mshwlatin.dll.mui", hr=0x0 2026-02-13T09:24:00.793 Engine:Setting original file name "lsass.exe" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.lsass.exe.01dc9a3224a47903.0006", hr=0x0 2026-02-13T09:24:06.765 Engine:Setting original file name "WindowsSpeakerReco.dll" for "c:\program files\microsoft office\root\office16\windowsspeakerrecosdk.dll", hr=0x0 2026-02-13T09:24:07.301 Engine:Setting original file name "WIADSS DLL" for "c:\windows\winsxs\amd64_microsoft-windows-w..aincompat.resources_31bf3856ad364e35_10.0.17763.1_en-us_42a2f01362154e35\wiadss.dll.mui", hr=0x0 2026-02-13T09:24:08.269 Engine:Setting original file name "WerMgr" for "c:\windows\system32\wermgr.exe", hr=0x0 2026-02-13T09:24:09.961 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-eventlog-legacy-l1-1-0.dll", hr=0x0 2026-02-13T09:24:12.599 Engine:Setting original file name "ScreenMagnifier.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-magnify.resources_31bf3856ad364e35_10.0.17763.1_en-us_e652eaab44cc724a\magnify.exe.mui", hr=0x0 2026-02-13T09:24:14.710 Engine:Setting original file name "Win32u.DLL" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.win32u.dll.01dc9a3255f5c8c8.007f", hr=0x0 2026-02-13T09:24:17.492 Engine:Setting original file name "MMFUtil.exe.mui" for "c:\windows\winsxs\wow64_microsoft-windows-w..t-snapins.resources_31bf3856ad364e35_10.0.17763.1_en-us_d3fb56d7d58de414\mmfutil.dll.mui", hr=0x0 2026-02-13T09:24:17.998 Engine:Setting original file name "ntdll.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.ntdll.dll.01dc9a322b3da1b6.0020", hr=0x0 2026-02-13T09:24:47.755 Engine:Triggered AR EMS scan 2026-02-13T09:24:48.050 Engine:EMS scan for process: lsass pid: 752, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:24:49.081 Engine:Setting original file name "LicensingWinRuntime.dll" for "c:\windows\winsxs\amd64_microsoft-windows-security-spp-ux_31bf3856ad364e35_10.0.17763.8276_none_a95ff8d470942c66\licensingwinrt.dll", hr=0x0 2026-02-13T09:24:50.308 Engine:EMS scan for process: svchost pid: 960, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:24:50.509 Engine:EMS scan for process: svchost pid: 984, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:24:51.330 Engine:Setting original file name "DefaultGPOFix" for "c:\windows\winsxs\x86_microsoft-windows-g..o-restore.resources_31bf3856ad364e35_10.0.17763.1_en-us_6321be2e49b57bc1\dcgpofix.exe.mui", hr=0x0 2026-02-13T09:24:52.104 Engine:EMS scan for process: svchost pid: 68, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:24:52.285 Engine:EMS scan for process: svchost pid: 8, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:24:52.609 Engine:EMS scan for process: svchost pid: 880, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:24:54.122 Engine:EMS scan for process: svchost pid: 1112, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:24:54.584 Engine:EMS scan for process: svchost pid: 1164, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:24:54.586 Engine:EMS scan for process: svchost pid: 1308, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:24:54.587 Engine:EMS scan for process: svchost pid: 1316, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:24:54.590 Engine:EMS scan for process: svchost pid: 1324, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:24:54.725 Engine:EMS scan for process: svchost pid: 1392, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:24:54.727 Engine:EMS scan for process: svchost pid: 1440, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:24:54.728 Engine:EMS scan for process: svchost pid: 1484, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:24:54.729 Engine:EMS scan for process: svchost pid: 1588, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:24:55.069 Engine:EMS scan for process: svchost pid: 1644, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:24:55.285 Engine:EMS scan for process: svchost pid: 1672, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:24:55.304 Engine:EMS scan for process: svchost pid: 1716, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:24:55.564 Engine:EMS scan for process: svchost pid: 1724, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:24:55.653 Engine:EMS scan for process: svchost pid: 1732, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:24:55.655 Engine:EMS scan for process: svchost pid: 1812, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:24:55.894 Engine:EMS scan for process: svchost pid: 1860, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:24:55.938 Engine:EMS scan for process: svchost pid: 1916, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:24:56.508 Engine:EMS scan for process: svchost pid: 1988, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:24:56.510 Engine:EMS scan for process: svchost pid: 1380, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:24:57.521 Engine:EMS scan for process: svchost pid: 1704, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:24:57.606 Engine:EMS scan for process: svchost pid: 2072, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:24:57.886 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\qps-ploc\memtest.efi.mui", hr=0x0 2026-02-13T09:24:57.916 Engine:EMS scan for process: svchost pid: 2080, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:24:57.950 Engine:EMS scan for process: svchost pid: 2312, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:24:58.594 Engine:EMS scan for process: svchost pid: 2356, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:24:58.854 Engine:EMS scan for process: svchost pid: 2484, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:24:59.347 Engine:EMS scan for process: svchost pid: 2692, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:24:59.790 Engine:EMS scan for process: svchost pid: 2764, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:00.120 Engine:EMS scan for process: svchost pid: 2820, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:00.337 Engine:EMS scan for process: svchost pid: 2872, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:00.743 Engine:EMS scan for process: svchost pid: 3412, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:00.986 Engine:EMS scan for process: svchost pid: 3452, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:01.135 Engine:EMS scan for process: svchost pid: 3664, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:01.300 Engine:EMS scan for process: svchost pid: 3704, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:01.309 Engine:EMS scan for process: svchost pid: 3712, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:01.648 Engine:EMS scan for process: services pid: 3856, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:04.575 Engine:EMS scan for process: svchost pid: 3864, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:07.119 Engine:EMS scan for process: svchost pid: 3880, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:07.184 Engine:EMS scan for process: svchost pid: 3888, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:07.218 Engine:EMS scan for process: svchost pid: 3896, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:07.219 Engine:EMS scan for process: svchost pid: 3904, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:07.274 Engine:EMS scan for process: svchost pid: 3912, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:07.275 Engine:EMS scan for process: svchost pid: 3920, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:07.379 Engine:EMS scan for process: svchost pid: 3932, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:07.384 Engine:EMS scan for process: svchost pid: 4092, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:07.428 Engine:EMS scan for process: svchost pid: 4184, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:07.699 Engine:EMS scan for process: svchost pid: 4376, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:07.777 Engine:EMS scan for process: svchost pid: 5036, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:08.556 Engine:EMS scan for process: svchost pid: 5180, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:08.639 Engine:EMS scan for process: dllhost pid: 6112, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:08.641 Engine:EMS scan for process: svchost pid: 4436, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:09.098 Engine:EMS scan for process: svchost pid: 4364, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:09.760 Engine:EMS scan for process: svchost pid: 1048, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:10.066 Engine:EMS scan for process: svchost pid: 4656, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:10.338 Engine:EMS scan for process: svchost pid: 4400, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:10.386 Engine:EMS scan for process: svchost pid: 4312, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:10.490 Engine:EMS scan for process: svchost pid: 5284, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:10.570 Engine:EMS scan for process: svchost pid: 7100, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:10.738 Engine:EMS scan for process: svchost pid: 11392, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:10.755 Engine:EMS scan for process: svchost pid: 10876, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:10.759 Engine:EMS scan for process: svchost pid: 12816, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:11.166 Engine:EMS scan for process: svchost pid: 13556, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:11.200 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\fi-fi\memtest.efi.mui", hr=0x0 2026-02-13T09:25:11.226 Engine:EMS scan for process: svchost pid: 13620, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:11.228 Engine:EMS scan for process: svchost pid: 14888, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:11.230 Engine:EMS scan for process: svchost pid: 72116, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:11.232 Engine:EMS scan for process: svchost pid: 14820, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:11.234 Engine:EMS scan for process: explorer pid: 83872, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:18.478 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\office16\api-ms-win-core-localization-l1-2-0.dll", hr=0x0 2026-02-13T09:25:20.492 Engine:Setting original file name "gdiplus.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.gdiplus.dll.01dc9a3244ca2198.0039", hr=0x0 2026-02-13T09:25:20.645 Engine:EMS scan for process: svchost pid: 111836, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:21.033 Engine:EMS scan for process: svchost pid: 178912, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:21.092 Engine:EMS scan for process: svchost pid: 4196, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:21.311 Engine:EMS scan for process: svchost pid: 183268, sigseq: 0x0, sendMemoryScanReport: 0, source: 1 2026-02-13T09:25:25.869 Engine:Setting original file name "user32" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.user32.dll.01dc9a3271563500.00bf", hr=0x0 2026-02-13T09:25:35.870 Engine:Setting original file name "Windows.StateRepositoryBroker.dll" for "c:\windows\system32\windows.staterepositoryclient.dll", hr=0x0 2026-02-13T09:26:08.786 Engine:Setting original file name "security.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.sspicli.dll.01dc9a322b940e94.0021", hr=0x0 2026-02-13T09:26:18.187 Engine:Setting original file name "hiberrsm.exe" for "c:\windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_10.0.17763.8146_none_a8cce3593e637340\winresume.exe", hr=0x0 2026-02-13T09:26:33.810 Engine:Setting original file name "Microsoft® Windows® Operating System" for "c:\windows\winsxs\amd64_microsoft-windows-a..on-logger.resources_31bf3856ad364e35_10.0.17763.1_en-us_8a5e32c180625499\aeevts.dll.mui", hr=0x0 2026-02-13T09:26:52.822 Engine:Setting original file name "WinCsFlags.dll" for "c:\windows\system32\wincsflags.exe", hr=0x0 2026-02-13T09:26:53.258 Engine:Setting original file name "clusapi" for "c:\windows\system32\en-us\clusapi.dll.mui", hr=0x0 2026-02-13T09:27:30.292 Engine:Setting original file name "filterLib.dll" for "c:\windows\syswow64\fltlib.dll", hr=0x0 2026-02-13T09:27:48.263 Engine:Setting original file name "user32" for "c:\windows\syswow64\user32.dll", hr=0x0 2026-02-13T09:28:02.888 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-crt-stdio-l1-1-0.dll", hr=0x0 2026-02-13T09:28:08.623 Engine:Setting original file name "gdiplus.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.gdiplus.dll.01dc9a326695aef0.00ab", hr=0x0 2026-02-13T09:28:18.733 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\office16\api-ms-win-crt-private-l1-1-0.dll", hr=0x0 2026-02-13T09:28:30.048 Engine:Setting original file name "mpengine.dll" for "c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.lkg", hr=0x0 2026-02-13T09:28:30.545 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-synch-l1-1-0.dll", hr=0x0 2026-02-13T09:28:31.439 Engine:Setting original file name "user32" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.user32.dll.01dc9a32541c9216.0076", hr=0x0 2026-02-13T09:28:31.465 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_6208593b31ff9592\api-ms-win-eventing-controller-l1-1-0.dll", hr=0x0 2026-02-13T09:28:47.817 Engine:Setting original file name "sspisrv.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.sspisrv.dll.01dc9a3225cbc04b.000d", hr=0x0 2026-02-13T09:28:51.167 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-shlwapi-obsolete-l1-1-0.dll", hr=0x0 2026-02-13T09:29:01.154 Engine:Setting original file name "netcfgx.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-tcpip.resources_31bf3856ad364e35_10.0.17763.1_en-us_bd08633e254d6a99\tcpipcfg.dll.mui", hr=0x0 2026-02-13T09:29:08.506 Engine:Setting original file name " " for "c:\program files\microsoft vs code\unins000.exe", hr=0x0 2026-02-13T09:29:09.656 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-processenvironment-l1-2-0.dll", hr=0x0 2026-02-13T09:29:12.727 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\api-ms-win-crt-multibyte-l1-1-0.dll", hr=0x0 2026-02-13T09:29:14.024 Engine:Setting original file name "Tally Setup" for "c:\program files\tallyprimeeditlog (2)\setup.exe", hr=0x0 2026-02-13T09:29:17.680 Engine:Setting original file name "MSCOREE.DLL" for "c:\windows\microsoft.net\framework\v4.0.30319\mscoree.tlb", hr=0x0 2026-02-13T09:29:19.354 Engine:Setting original file name "ieframe.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.ieframe.dll.01dc9a3245e7ece7.003a", hr=0x0 2026-02-13T09:29:44.083 Engine:Setting original file name "RRASUPG.DLL" for "c:\windows\system32\setup\rasmigplugin.dll", hr=0x0 2026-02-13T09:29:50.018 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\nl-nl\memtest.efi.mui", hr=0x0 2026-02-13T09:29:52.576 Engine:Setting original file name "CertPKICmdlet" for "c:\windows\winsxs\amd64_microsoft.certifica..ts.native.resources_31bf3856ad364e35_10.0.17763.1_en-us_c877ddc9c9d4decb\certpkicmdlet.dll.mui", hr=0x0 2026-02-13T09:29:56.782 Engine:Setting original file name "w32time.dll.mui" for "c:\windows\system32\en-us\w32tm.exe.mui", hr=0x0 2026-02-13T09:30:05.090 Engine:Setting original file name "sbscmp10.dll" for "c:\windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.17763.1_none_fb1eb83d06e1a353\sharedreg12.dll", hr=0x0 2026-02-13T09:30:06.005 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\x86_microsoft-windows-o..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_d5c4712a21f80a67\api-ms-win-shcore-stream-l1-1-0.dll", hr=0x0 2026-02-13T09:30:10.426 Engine:Setting original file name "DWrite" for "c:\windows\system32\en-us\dwrite.dll.mui", hr=0x0 2026-02-13T09:30:20.073 Engine:Setting original file name "XLCALL.DLL" for "c:\program files\microsoft office\root\office16\xlcall32.dll", hr=0x0 2026-02-13T09:30:21.382 Engine:Setting original file name ""EventTracingManagement.dll".mui" for "c:\windows\winsxs\amd64_microsoft-windows-e..2provider.resources_31bf3856ad364e35_10.0.17763.1_en-us_4338e3bad64c10c7\eventtracingmanagement.dll.mui", hr=0x0 2026-02-13T09:30:22.950 Engine:Setting original file name "Windows SDK" for "c:\windows\system32\winmetadata\windows.data.winmd", hr=0x0 2026-02-13T09:30:28.378 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-file-l2-1-1.dll", hr=0x0 2026-02-13T09:30:38.020 Engine:Setting original file name "libssl" for "c:\program files (x86)\internet download manager\libssl.dll", hr=0x0 2026-02-13T09:30:41.022 Engine:Setting original file name "sqlaccess" for "c:\windows\winsxs\amd64_microsoft-windows-wid_31bf3856ad364e35_10.0.17763.1_none_9870f12fb40ec83a\sqlaccess.dll", hr=0x0 2026-02-13T09:30:41.495 Engine:Setting original file name "MFC40.DLL.MUI" for "c:\windows\syswow64\en-us\mfc40u.dll.mui", hr=0x0 2026-02-13T09:30:41.912 Engine:Setting original file name "idmmzcc.dll" for "c:\program files (x86)\internet download manager\idmmzcc7_64.dll", hr=0x0 2026-02-13T09:30:42.070 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-debug-l1-1-1.dll", hr=0x0 2026-02-13T09:30:49.134 Engine:Setting original file name "URLRedirection.dll" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\urlredir.dll", hr=0x0 2026-02-13T09:30:50.477 Engine:Setting original file name "penusa.dll" for "c:\program files (x86)\common files\microsoft shared\ink\pipres.dll", hr=0x0 2026-02-13T09:30:55.628 Engine:Setting original file name "MSACC9.OLB" for "c:\program files\microsoft office\root\office16\msacc.olb", hr=0x0 2026-02-13T09:31:07.551 Engine:Setting original file name "Apphelp" for "c:\windows\winsxs\backup\wow64_microsoft-windows-a..structure.resources_31bf3856ad364e35_10.0.17763.1_en-us_f342dcde232b0063_apphelp.dll.mui_59096153", hr=0x0 2026-02-13T09:31:09.138 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_6208593b31ff9592\api-ms-win-security-cryptoapi-l1-1-0.dll", hr=0x0 2026-02-13T09:31:12.436 Engine:Setting original file name "imapi.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-i..egacyshim.resources_31bf3856ad364e35_10.0.17763.1_en-us_143a195f713bf014\imapi.dll.mui", hr=0x0 2026-02-13T09:31:16.067 Engine:Setting original file name "TSSignTool.exe.mui" for "c:\windows\system32\en-us\rdpsign.exe.mui", hr=0x0 2026-02-13T09:31:20.451 Engine:Setting original file name "msvcr100_clr0400.dll" for "c:\windows\system32\msvcr100.dll", hr=0x0 2026-02-13T09:31:34.460 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\office16\api-ms-win-core-processthreads-l1-1-1.dll", hr=0x0 2026-02-13T09:31:39.590 Engine:Setting original file name "Microsoft.Vsa.dll" for "c:\windows\microsoft.net\framework64\v2.0.50727\microsoft.vsa.tlb", hr=0x0 2026-02-13T09:31:40.811 Engine:Setting original file name "filterLib.dll.mui" for "c:\windows\system32\en-us\fltlib.dll.mui", hr=0x0 2026-02-13T09:31:43.368 Engine:Setting original file name "WindowsCodecs" for "c:\windows\syswow64\windowscodecs.dll", hr=0x0 2026-02-13T09:31:44.586 Engine:Setting original file name ""TextInputFramework.DYNLINK"" for "c:\windows\system32\textinputframework.dll", hr=0x0 2026-02-13T09:31:45.563 Engine:Setting original file name "rasapi32.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.rasapi32.dll.01dc9a326d298504.00b5", hr=0x0 2026-02-13T09:31:46.477 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-processthreads-l1-1-1.dll", hr=0x0 2026-02-13T09:31:56.979 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-eventing-controller-l1-1-0.dll", hr=0x0 2026-02-13T09:31:58.211 Engine:Setting original file name "PCW_DiagPackage.dll.mui" for "c:\windows\diagnostics\system\pcw\en-us\diagpackage.dll.mui", hr=0x0 2026-02-13T09:32:10.936 Engine:Setting original file name "WUDFHost.exe.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-d..-usermode.resources_31bf3856ad364e35_10.0.17763.1_en-us_b7aa707aafd4e071_wudfhost.exe.mui_1fc689ff", hr=0x0 2026-02-13T09:32:12.494 Engine:Setting original file name "git.exe" for "c:\program files\git\cmd\scalar.exe", hr=0x0 2026-02-13T09:32:14.440 Engine:Setting original file name "sbscmp10.dll" for "c:\windows\winsxs\x86_netfx-sbs_mscorrc_dll_31bf3856ad364e35_10.0.17763.1_none_36012ac10d1b059e\sbs_mscorrc.dll", hr=0x0 2026-02-13T09:32:15.628 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\office16\api-ms-win-crt-stdio-l1-1-0.dll", hr=0x0 Internal signature match:subtype=Lowfi, sigseq=0x0000157EF1BEF48F, sigsha=88199b23bf19d286f43e8f883776ee295b1669db, cached=false, source=0, resourceid=0xdb500b9d 2026-02-13T09:32:17.611 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-service-management-l1-1-0.dll", hr=0x0 2026-02-13T09:32:20.320 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-delayload-l1-1-0.dll", hr=0x0 2026-02-13T09:32:23.482 Engine:Setting original file name "evcreate.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-eventcreate.resources_31bf3856ad364e35_10.0.17763.1_en-us_093c3fa01f64dd5f\eventcreate.exe.mui", hr=0x0 2026-02-13T09:32:27.619 Engine:Setting original file name "kernel32" for "c:\windows\system32\kernel32.dll", hr=0x0 2026-02-13T09:32:37.271 Engine:Setting original file name "newdev.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.newdev.dll.01dc9a324b3677bf.0051", hr=0x0 2026-02-13T09:32:41.496 Engine:Setting original file name "MSPPT12.OLB" for "c:\program files\microsoft office\root\office16\msppt.olb", hr=0x0 2026-02-13T09:32:45.866 Engine:Setting original file name "MrmCore.dll" for "c:\windows\syswow64\mrmcorer.dll", hr=0x0 2026-02-13T09:32:45.890 Engine:Setting original file name "penusa.dll" for "c:\program files (x86)\common files\microsoft shared\ink\skchobj.dll", hr=0x0 Internal signature match:subtype=Lowfi, sigseq=0x0000AAE7671D16B6, sigsha=3c5f73131fd9b5bec7ddb911a1fa2acc81ec3877, cached=false, source=0, resourceid=0x0e3a6362 2026-02-13T09:32:50.255 Engine:Setting original file name "ikeext.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.ikeext.dll.01dc9a3224372cda.0003", hr=0x0 2026-02-13T09:32:52.431 Engine:Setting original file name "CLEANMGR.DLL.MUI" for "c:\windows\system32\en-us\cleanmgr.exe.mui", hr=0x0 2026-02-13T09:32:53.446 Engine:Setting original file name "Android Studio" for "c:\program files\android\android studio\uninstall.exe", hr=0x0 2026-02-13T09:32:56.895 Engine:Setting original file name "ServDeps.exe.mui" for "c:\windows\winsxs\wow64_microsoft-windows-w..t-snapins.resources_31bf3856ad364e35_10.0.17763.1_en-us_d3fb56d7d58de414\servdeps.dll.mui", hr=0x0 2026-02-13T09:33:08.927 Engine:Setting original file name "mstlsapi.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.mstlsapi.dll.01db14bd9ab308ac.0001", hr=0x0 2026-02-13T09:33:12.433 Engine:Setting original file name "AppVEntSubsystems.dll" for "c:\windows\winsxs\wow64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.17763.8146_none_0b349fc0f8841a16\appventsubsystems32.dll", hr=0x0 2026-02-13T09:33:14.447 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-profile-l1-1-0.dll", hr=0x0 2026-02-13T09:33:24.943 Engine:Setting original file name ".NET Host Policy - 5.0.0" for "c:\manager\licence\bin\hostpolicy.dll", hr=0x0 2026-02-13T09:33:28.845 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-handle-l1-1-0.dll", hr=0x0 2026-02-13T09:33:29.787 Engine:Setting original file name "oledsldp" for "c:\windows\system32\en-us\adsmsext.dll.mui", hr=0x0 2026-02-13T09:33:31.261 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-memory-l1-1-2.dll", hr=0x0 2026-02-13T09:33:32.762 Engine:Setting original file name "VpnSohDesktop.dll.mui" for "c:\windows\system32\en-us\windows.perception.stub.dll.mui", hr=0x0 2026-02-13T09:33:32.952 Engine:Setting original file name "CertCli" for "c:\windows\system32\en-us\certcli.dll.mui", hr=0x0 2026-02-13T09:33:50.750 Engine:Setting original file name "iccvid.drv.mui" for "c:\windows\syswow64\en-us\iccvid.dll.mui", hr=0x0 2026-02-13T09:33:53.583 Engine:Setting original file name "setup" for "c:\programdata\package cache\{e7a7b1c1-36dd-4cae-bfcb-8bc676ab68c3}\powershell-7.5.4-win-x64.exe", hr=0x0 2026-02-13T09:33:54.096 Engine:Setting original file name "mavinject64.exe" for "c:\windows\system32\mavinject.exe", hr=0x0 2026-02-13T09:33:54.870 Engine:Setting original file name "AppVEntSubsystems.dll" for "c:\windows\winsxs\amd64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.17763.8146_none_00dff56ec423581b\appventsubsystems64.dll", hr=0x0 2026-02-13T09:33:57.858 Engine:Setting original file name "winsqlite3" for "c:\windows\winsxs\wow64_microsoft-windows-winsqlite3_31bf3856ad364e35_10.0.17763.5696_none_6e26d5082fb1d30b\winsqlite3.dll", hr=0x0 2026-02-13T09:34:04.518 Engine:Setting original file name "audioadg.exe.mui" for "c:\windows\system32\en-us\audiodg.exe.mui", hr=0x0 2026-02-13T09:34:05.442 Engine:Setting original file name "Windows SDK" for "c:\windows\winsxs\wow64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.17763.1_none_2c0ccf85946413bd\windows.data.winmd", hr=0x0 2026-02-13T09:34:11.167 Engine:Setting original file name "FX_VER_INTERNALNAME_STR" for "c:\manager\licence\bin\mscorrc.dll", hr=0x0 2026-02-13T09:34:12.865 Engine:Setting original file name "twinui.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.twinui.dll.01dc9a325333b915.0072", hr=0x0 2026-02-13T09:34:15.427 Engine:Setting original file name "tssdjet.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.tssdjet.dll.01dc9a325325aa97.0071", hr=0x0 2026-02-13T09:34:19.285 Engine:Setting original file name "GitHub Desktop" for "c:\users\administrator\appdata\local\githubdesktop\githubdesktop.exe", hr=0x0 2026-02-13T09:34:19.843 Engine:Setting original file name "MSCORLIB.DLL" for "c:\windows\winsxs\x86_netfx4-mscorlib_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_53015c3aad4760ed\mscorlib.tlb", hr=0x0 2026-02-13T09:34:24.506 Engine:Setting original file name "dxmasf.dll" for "c:\windows\syswow64\msdxm.ocx", hr=0x0 2026-02-13T09:34:33.159 Engine:Setting original file name "gprslt.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-g..linetools.resources_31bf3856ad364e35_10.0.17763.1_en-us_84d8c08cfe8bdc4e\gpresult.exe.mui", hr=0x0 2026-02-13T09:34:38.990 Engine:Setting original file name "sechost.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.sechost.dll.01dc9a324fd80c40.0065", hr=0x0 2026-02-13T09:34:39.927 Engine:Setting original file name "SSystemPropertiesProtection.EXE.MUI" for "c:\windows\system32\en-us\systempropertiesprotection.exe.mui", hr=0x0 2026-02-13T09:34:40.257 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-datetime-l1-1-1.dll", hr=0x0 2026-02-13T09:34:46.075 Engine:Setting original file name "apisetstub" for "c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\api-ms-win-crt-filesystem-l1-1-0.dll", hr=0x0 2026-02-13T09:34:46.261 Engine:Setting original file name "UNKNOWN_FILE" for "c:\windows\winsxs\x86_netfx-sys_windows_forms_tlb_b03f5f7f11d50a3a_10.0.17763.1_none_54001bc1d6d8ab30\system.windows.forms.tlb", hr=0x0 2026-02-13T09:34:50.247 Engine:Setting original file name "rasman.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.rasman.dll.01dc9a326db44a83.00b6", hr=0x0 2026-02-13T09:34:51.677 Engine:Setting original file name "mpg4dmod.dll" for "c:\windows\system32\mp43decd.dll", hr=0x0 2026-02-13T09:34:57.041 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-sysinfo-l1-2-0.dll", hr=0x0 2026-02-13T09:34:58.411 Engine:Setting original file name "WMIC.exe" for "c:\windows\winsxs\wow64_microsoft-windows-w..ommand-line-utility_31bf3856ad364e35_10.0.17763.1_none_9cc4699659612012\wmic.exe", hr=0x0 2026-02-13T09:34:59.634 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-shutdown-l1-1-0.dll", hr=0x0 2026-02-13T09:35:06.006 Engine:Setting original file name "ndisimplatwmi.DLL.MUI" for "c:\windows\syswow64\wbem\en-us\ndisimplatcim.dll.mui", hr=0x0 2026-02-13T09:35:07.839 Engine:Setting original file name "mscordaccore.dll" for "c:\users\administrator\downloads\compressed\managerserver-win-x64_10\mscordaccore_amd64_amd64_8.0.724.31311.dll", hr=0x0 2026-02-13T09:35:08.444 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-stringansi-l1-1-0.dll", hr=0x0 2026-02-13T09:35:12.738 Engine:Setting original file name "KSLDriver.sys" for "c:\windows\system32\mpenginestore\mpksldrv.sys", hr=0x0 2026-02-13T09:35:16.859 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\pt-br\msprivs.dll.mui", hr=0x0 2026-02-13T09:35:25.096 Engine:Setting original file name "Tally Setup" for "c:\program files\tallyprimeeditlog (1)\setup.exe", hr=0x0 2026-02-13T09:35:27.861 Engine:Setting original file name "SaveAsWebVML.vsl" for "c:\program files\microsoft office\root\office16\savwbras.dll", hr=0x0 2026-02-13T09:35:29.886 Engine:Setting original file name "msedgeupdate.dll" for "c:\program files (x86)\microsoft\edgeupdate\1.3.217.3\psmachine_64.dll", hr=0x0 2026-02-13T09:35:30.067 Engine:Setting original file name "WindowsCodecs" for "c:\windows\system32\windowscodecs.dll", hr=0x0 2026-02-13T09:35:30.797 Engine:Setting original file name "OLE32.DLL" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.ole32.dll.01dc9a324bb9717c.0055", hr=0x0 2026-02-13T09:35:36.710 Engine:Setting original file name "devinfoset.DLL" for "c:\windows\winsxs\wow64_microsoft-onecore-pnp-devicemanagement_31bf3856ad364e35_10.0.17763.2145_none_9b5bd494641118e6\devobj.dll", hr=0x0 2026-02-13T09:35:36.924 Engine:Setting original file name "Ribbons" for "c:\windows\winsxs\amd64_microsoft-windows-ribbons.resources_31bf3856ad364e35_10.0.17763.1_en-us_ec3052a9df5f4b2c\ribbons.scr.mui", hr=0x0 2026-02-13T09:35:38.972 Engine:Setting original file name "ucrtbase.dll" for "c:\windows\winsxs\amd64_microsoft-onecore-i..atedusermode-common_31bf3856ad364e35_10.0.17763.8276_none_4c0d4ea6121e387d\ucrtbase_enclave.dll", hr=0x0 2026-02-13T09:35:55.497 Engine:Setting original file name "Mystify" for "c:\windows\winsxs\amd64_microsoft-windows-mystify.resources_31bf3856ad364e35_10.0.17763.1_en-us_3eaef1343edc066c\mystify.scr.mui", hr=0x0 2026-02-13T09:35:58.350 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-memory-l1-1-0.dll", hr=0x0 2026-02-13T09:36:04.816 Engine:Setting original file name "SETUP.EXE.MUI" for "c:\windows\syswow64\en-us\setup16.exe.mui", hr=0x0 2026-02-13T09:36:07.849 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-xstate-l1-1-0.dll", hr=0x0 2026-02-13T09:36:11.885 Engine:Setting original file name "FontCacheService" for "c:\windows\system32\en-us\fntcache.dll.mui", hr=0x0 2026-02-13T09:36:14.171 Engine:Setting original file name "setup" for "c:\program files\google\chrome\application\144.0.7559.133\installer\setup.exe", hr=0x0 2026-02-13T09:36:15.665 Engine:Setting original file name "BITS_DiagPackage.dll.mui" for "c:\windows\diagnostics\system\bits\en-us\diagpackage.dll.mui", hr=0x0 2026-02-13T09:36:32.251 Engine:Setting original file name "SOA1000.DLL" for "c:\program files\microsoft office\root\office16\soa.dll", hr=0x0 2026-02-13T09:36:33.760 Engine:Setting original file name "MPRDIM.DLL.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-rasserver.resources_31bf3856ad364e35_10.0.17763.1_en-us_6c06fe2b1464c7cc_mprdim.dll.mui_11b5ef08", hr=0x0 2026-02-13T09:36:35.512 Engine:Setting original file name "msvcr100_clr0400.dll" for "c:\program files\microsoft office\root\vfs\system\msvcr100.dll", hr=0x0 2026-02-13T09:36:38.010 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-localization-obsolete-l1-2-0.dll", hr=0x0 2026-02-13T09:36:39.596 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-crt-private-l1-1-0.dll", hr=0x0 2026-02-13T09:36:54.858 Engine:Setting original file name "memdiag.exe" for "c:\windows\winsxs\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.17763.107_ru-ru_7f54e2c195f987c6\memtest.exe.mui", hr=0x0 2026-02-13T09:36:55.648 Engine:Setting original file name "MSJINT40.DLL" for "c:\windows\syswow64\en-us\msjint40.dll.mui", hr=0x0 2026-02-13T09:37:01.958 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\el-gr\msprivs.dll.mui", hr=0x0 2026-02-13T09:37:04.781 Engine:Setting original file name "MediumIL" for "c:\program files (x86)\internet download manager\mediumilstart.exe", hr=0x0 2026-02-13T09:37:05.481 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-crt-conio-l1-1-0.dll", hr=0x0 2026-02-13T09:37:07.950 Engine:Setting original file name "pku2u.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.pku2u.dll.01dc9a324c25ba32.0056", hr=0x0 2026-02-13T09:37:11.293 Engine:Setting original file name "CMMIGR.DLL" for "c:\windows\syswow64\setup\pbkmigr.dll", hr=0x0 2026-02-13T09:37:13.674 Engine:Setting original file name "digsig32.dll" for "c:\program files\microsoft office\root\office16\exsec32.dll", hr=0x0 2026-02-13T09:37:17.809 Engine:Setting original file name "DeviceCategories.dll.mui" for "c:\windows\system32\en-us\ddores.dll.mui", hr=0x0 2026-02-13T09:37:19.107 Engine:Setting original file name "EtwEseProviderResources" for "c:\windows\winsxs\wow64_microsoft-etw-ese.resources_31bf3856ad364e35_10.0.17763.1_en-us_ef6d6d2b6c07370c\etweseproviderresources.dll.mui", hr=0x0 2026-02-13T09:37:38.217 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-processenvironment-l1-2-0.dll", hr=0x0 2026-02-13T09:37:41.411 Engine:Setting original file name "SHELL32.DLL" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.shell32.dll.01dc9a326fe03d7c.00bb", hr=0x0 2026-02-13T09:37:48.142 Engine:Setting original file name "WUDFPf.sys.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-d..-usermode.resources_31bf3856ad364e35_10.0.17763.1_en-us_b7aa707aafd4e071_wudfpf.sys.mui_f61e9e86", hr=0x0 2026-02-13T09:37:50.547 Engine:Setting original file name "TSThemeS.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-t..ces-theme.resources_31bf3856ad364e35_10.0.17763.1_en-us_c2c2ce7a9a17fba3\tstheme.exe.mui", hr=0x0 2026-02-13T09:38:02.142 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-memory-l1-1-1.dll", hr=0x0 2026-02-13T09:38:02.386 Engine:Setting original file name "Microsoft.RightsManagementServices.Admin.SnapinAbout.dll.MUI" for "c:\windows\winsxs\amd64_microsoft-windows-r..resources.resources_31bf3856ad364e35_10.0.17763.1_en-us_55b81315ae52fc40\microsoft.rightsmanagementservices.admin.snapinaboutresource.dll.mui", hr=0x0 2026-02-13T09:38:03.178 Engine:Setting original file name "DynaMon.dll.mui" for "c:\windows\system32\en-us\usbmon.dll.mui", hr=0x0 2026-02-13T09:38:05.230 Engine:Setting original file name "wuaueng.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.wuaueng.dll.01dc9a32592a0378.0090", hr=0x0 2026-02-13T09:38:08.278 Engine:Setting original file name "ISOLMIG.DLL" for "c:\windows\syswow64\migisol.dll", hr=0x0 2026-02-13T09:38:09.401 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\pcat\el-gr\memtest.exe.mui", hr=0x0 2026-02-13T09:38:09.823 Engine:Setting original file name "Device_DiagPackage.dll.mui" for "c:\windows\diagnostics\system\device\en-us\diagpackage.dll.mui", hr=0x0 2026-02-13T09:38:11.128 Engine:Setting original file name "ucrtbase.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.ucrtbase.dll.01dc9a32536a703c.0073", hr=0x0 2026-02-13T09:38:16.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T09:38:22.324 Engine:Setting original file name "ntkrnlmp.exe" for "c:\windows\system32\ntoskrnl.exe", hr=0x0 2026-02-13T09:38:29.723 Engine:Setting original file name "Microsoft.JScript.dll" for "c:\windows\winsxs\amd64_netfx-scripting_engine_tlb_b03f5f7f11d50a3a_10.0.17763.1_none_29fc1fee5bcc4465\microsoft.jscript.tlb", hr=0x0 2026-02-13T09:38:29.801 Engine:Setting original file name "ProMgr.dll" for "c:\program files\microsoft office\root\office16\propmgr.dll", hr=0x0 2026-02-13T09:38:30.888 Engine:Setting original file name "WLRMNDR.EXE.MUI" for "c:\windows\winsxs\amd64_microsoft-windows-w..gon-tools.resources_31bf3856ad364e35_10.0.17763.1_en-us_06727a76e9dd94de\wlrmdr.exe.mui", hr=0x0 2026-02-13T09:38:33.673 Engine:Setting original file name "rasmans.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.rasmans.dll.01dc9a324d10db5b.005b", hr=0x0 2026-02-13T09:38:36.025 Engine:Setting original file name "ncsi.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.ncsi.dll.01dc9a324ad48451.004e", hr=0x0 2026-02-13T09:38:41.431 Engine:Setting original file name "memdiag.exe" for "c:\windows\boot\efi\sv-se\memtest.efi.mui", hr=0x0 2026-02-13T09:38:43.920 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-base-util-l1-1-0.dll", hr=0x0 2026-02-13T09:38:51.022 Engine:Setting original file name "SaveAsWebHF.vsl" for "c:\program files\microsoft office\root\office16\savwbhf.dll", hr=0x0 2026-02-13T09:38:56.335 Engine:Setting original file name "libcrypto" for "c:\program files (x86)\internet download manager\libcrypto.dll", hr=0x0 2026-02-13T09:38:57.876 Engine:Setting original file name "Register-CimProvider2.exe.mui" for "c:\windows\winsxs\wow64_microsoft-windows-w..vider-exe.resources_31bf3856ad364e35_10.0.17763.1_en-us_25273528434aea61\register-cimprovider.exe.mui", hr=0x0 2026-02-13T09:39:01.784 Engine:Setting original file name "ProjectModel.dll" for "c:\program files\microsoft office\root\office16\projmodl.dll", hr=0x0 2026-02-13T09:39:04.195 Engine:Setting original file name "gdi32" for "c:\windows\system32\gdi32.dll", hr=0x0 2026-02-13T09:39:04.990 Engine:Setting original file name "schtasks.exe" for "c:\windows\system32\schtasks.exe", hr=0x0 2026-02-13T09:39:07.144 Engine:Setting original file name "utilman2.exe.mui" for "c:\windows\system32\en-us\utilman.exe.mui", hr=0x0 2026-02-13T09:39:18.164 Engine:Setting original file name "dwmcore" for "c:\windows\winsxs\amd64_microsoft-windows-d..ompositor.resources_31bf3856ad364e35_10.0.17763.1_en-us_54404e4dd1f94676\dwmcore.dll.mui", hr=0x0 2026-02-13T09:39:26.472 Engine:Setting original file name " " for "c:\users\administrator\downloads\composer-setup.exe", hr=0x0 2026-02-13T09:39:28.520 Engine:Setting original file name "mapistub.dll" for "c:\windows\system32\mapi32.dll", hr=0x0 2026-02-13T09:39:29.634 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-security-sddl-l1-1-0.dll", hr=0x0 2026-02-13T09:39:32.546 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-threadpool-private-l1-1-0.dll", hr=0x0 2026-02-13T09:39:33.528 Engine:Setting original file name "LyncHtmlConvPxy.cnv" for "c:\program files\microsoft office\root\office16\lynchtmlconvpxy.dll", hr=0x0 2026-02-13T09:39:40.020 Engine:Setting original file name "Adobe PDF Toolbar for IE" for "c:\program files\common files\adobe\acrobat\wcieactivex\dc\x64\acroiefavclient.dll", hr=0x0 2026-02-13T09:39:48.606 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-file-l1-2-1.dll", hr=0x0 2026-02-13T09:39:55.718 Engine:Setting original file name "CRYPT32.DLL" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.crypt32.dll.01dc9a326473f210.00a6", hr=0x0 2026-02-13T09:39:59.888 Engine:Setting original file name "gdi32" for "c:\windows\system32\gdi32full.dll", hr=0x0 2026-02-13T09:40:11.870 Engine:Setting original file name "ieframe.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.ieframe.dll.01dc9a326748d496.00ac", hr=0x0 2026-02-13T09:40:17.951 Engine:Setting original file name "WindowsUpdate_DiagPackage.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_10.0.17763.1_en-us_72c71197add3cdc6\diagpackage.dll.mui", hr=0x0 2026-02-13T09:40:20.017 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-stringloader-l1-1-1.dll", hr=0x0 2026-02-13T09:40:21.302 Engine:Setting original file name "WinTypes.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.wintypes.dll.01dc9a3273af9bd7.00c4", hr=0x0 2026-02-13T09:40:22.050 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-crt-multibyte-l1-1-0.dll", hr=0x0 2026-02-13T09:40:23.629 Engine:Setting original file name "sbscmp10.dll" for "c:\windows\winsxs\x86_netfx-sbs_wminet_utils_dll_31bf3856ad364e35_10.0.17763.1_none_9542401b25897567\sbs_wminet_utils.dll", hr=0x0 2026-02-13T09:40:25.911 Engine:Setting original file name "Windows.Security.Credentials.UI.CredentialPicker.exe" for "c:\windows\winsxs\wow64_microsoft-windows-s..y-credential-picker_31bf3856ad364e35_10.0.17763.1697_none_0851a88541e7c4ce\windows.security.credentials.ui.credentialpicker.dll", hr=0x0 2026-02-13T09:40:36.536 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\it-it\msprivs.dll.mui", hr=0x0 2026-02-13T09:40:37.078 Engine:Setting original file name "netiougc.exe.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-tcpip.resources_31bf3856ad364e35_10.0.17763.1_en-us_bd08633e254d6a99_netiougc.exe.mui_ad7a9e4d", hr=0x0 2026-02-13T09:40:37.298 Engine:Setting original file name "SR.exe.mui" for "c:\windows\winsxs\amd64_microsoft-windows-narrator.resources_31bf3856ad364e35_10.0.17763.1_en-us_b71b946ba89732f6\narrator.exe.mui", hr=0x0 2026-02-13T09:40:52.138 Engine:Setting original file name "msi.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.msi.dll.01dc9a324948e7c7.0046", hr=0x0 2026-02-13T09:40:59.465 Engine:Setting original file name "wersvc" for "c:\windows\system32\en-us\wersvc.dll.mui", hr=0x0 2026-02-13T09:41:09.941 Engine:Setting original file name "spwizres.dll" for "c:\windows\syswow64\spwizimg.dll", hr=0x0 Internal signature match:subtype=Lowfi, sigseq=0x0000157EF1BEF48F, sigsha=88199b23bf19d286f43e8f883776ee295b1669db, cached=false, source=0, resourceid=0xc742a477 Internal signature match:subtype=Lowfi, sigseq=0x000078E7B6D8B30B, sigsha=7e39caa16cef41cd13040adae6e049354306a445, cached=false, source=0, resourceid=0xc742a477 2026-02-13T09:41:15.695 Engine:Setting original file name ".NET Host Resolver - 5.0.0" for "c:\manager\licence\bin\hostfxr.dll", hr=0x0 2026-02-13T09:41:16.735 Engine:Setting original file name "IPRTRMGR.DLL.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-rasserver.resources_31bf3856ad364e35_10.0.17763.1_en-us_6c06fe2b1464c7cc_iprtrmgr.dll.mui_eb023b92", hr=0x0 2026-02-13T09:41:30.176 Engine:Setting original file name "git.exe" for "c:\program files\git\git-cmd.exe", hr=0x0 2026-02-13T09:41:31.770 Engine:Setting original file name "OLBNAME" for "c:\program files\microsoft office\root\office16\msprj.olb", hr=0x0 2026-02-13T09:41:32.610 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-security-lsalookup-l2-1-1.dll", hr=0x0 2026-02-13T09:41:36.243 Engine:Setting original file name "System.Drawing.dll" for "c:\windows\winsxs\amd64_netfx4-system_drawing_tlb_b03f5f7f11d50a3a_4.0.15744.161_none_0c09af3eb391f312\system.drawing.tlb", hr=0x0 2026-02-13T09:41:37.837 Engine:Setting original file name "DefaultGPOFix" for "c:\windows\winsxs\amd64_microsoft-windows-g..o-restore.resources_31bf3856ad364e35_10.0.17763.1_en-us_bf4059b20212ecf7\dcgpofix.exe.mui", hr=0x0 2026-02-13T09:41:40.450 Engine:Setting original file name "iismui" for "c:\windows\winsxs\amd64_microsoft-windows-i..acysnapin.resources_31bf3856ad364e35_10.0.17763.1_en-us_a8454c1deaba74c1\iismui.dll.mui", hr=0x0 2026-02-13T09:41:44.706 Engine:Setting original file name "SgrmEnclave.dll" for "c:\windows\winsxs\amd64_security-octagon-enclave_31bf3856ad364e35_10.0.17763.7309_none_9eb22e37352bab9e\sgrmenclave_secure.dll", hr=0x0 2026-02-13T09:42:05.892 Engine:Setting original file name "nsi.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.nsi.dll.01dc9a3224b8b34c.0007", hr=0x0 2026-02-13T09:42:09.210 Engine:Setting original file name "idmcchandler.dll" for "c:\program files (x86)\internet download manager\idmcchandler2_64.dll", hr=0x0 2026-02-13T09:42:21.028 Engine:Setting original file name "rasauto.dll.mui" for "c:\windows\winsxs\backup\wow64_microsoft-windows-rasauto-mui.resources_31bf3856ad364e35_10.0.17763.1_en-us_c24c30edd2c9a5f1_rasauto.dll.mui_12fa2c50", hr=0x0 2026-02-13T09:42:23.359 Engine:Setting original file name "MicrosoftEdgeUpdateSetup.exe" for "c:\users\administrator\downloads\programs\microsoftedgesetup.exe", hr=0x0 2026-02-13T09:42:23.602 Engine:Setting original file name "bcrypt.dll" for "c:\windows\winsxs\temp\pendingdeletes\$$deleteme.bcrypt.dll.01dc9a323ee18a06.0026", hr=0x0 2026-02-13T09:42:24.745 Engine:Setting original file name "mspriv.dll.mui" for "c:\windows\system32\fi-fi\msprivs.dll.mui", hr=0x0 2026-02-13T09:42:26.035 Engine:Setting original file name "davsvc.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-w..r-webclnt.resources_31bf3856ad364e35_10.0.17763.1_en-us_3030de7428c7c284\webclnt.dll.mui", hr=0x0 2026-02-13T09:42:31.361 Engine:Setting original file name "WindowsMediaPlayerPlayDVD_DiagPackage.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_10.0.17763.1_en-us_9181baef114b29b6\diagpackage.dll.mui", hr=0x0 2026-02-13T09:42:33.788 Engine:Setting original file name "WIASERVC.DLL.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-w..eservices.resources_31bf3856ad364e35_10.0.17763.1_en-us_ca1d7e44124f7a48_wiaservc.dll.mui_54051b53", hr=0x0 2026-02-13T09:42:51.808 Engine:Setting original file name "LicProtectorEXE" for "c:\program files\vs revo group\revo uninstaller pro\ruplp.exe", hr=0x0 2026-02-13T09:43:03.568 Engine:Setting original file name "IEBrowseWeb_DiagPackage.dll.mui" for "c:\windows\winsxs\amd64_microsoft-windows-i..iagnostic.resources_31bf3856ad364e35_10.0.17763.1_en-us_e34220f01fb2b602\diagpackage.dll.mui", hr=0x0 2026-02-13T09:43:05.646 Engine:Setting original file name "OGL" for "c:\program files\microsoft office\root\office16\ocogl.dll", hr=0x0 2026-02-13T09:43:10.837 Engine:Setting original file name "DrvInst.EXE.MUI" for "c:\windows\winsxs\backup\amd64_microsoft-windows-pnp-drvinst.resources_31bf3856ad364e35_10.0.17763.1_en-us_a6aff57dee6bf902_drvinst.exe.mui_e88f4c73", hr=0x0 2026-02-13T09:43:12.096 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-threadpool-legacy-l1-1-0.dll", hr=0x0 2026-02-13T09:43:16.310 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-heap-obsolete-l1-1-0.dll", hr=0x0 2026-02-13T09:43:19.477 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-kernel32-legacy-l1-1-1.dll", hr=0x0 2026-02-13T09:43:23.813 Engine:Setting original file name "partmgr.sys.mui" for "c:\windows\winsxs\backup\amd64_microsoft-windows-p..onmanager.resources_31bf3856ad364e35_10.0.17763.1_en-us_eef1af88a2cfbd4e_partmgr.sys.mui_b800c491", hr=0x0 2026-02-13T09:43:27.801 Engine:Setting original file name "MPX Interface.DLL" for "c:\program files\microsoft office\root\office16\mpxint.dll", hr=0x0 2026-02-13T09:43:27.852 Engine:Setting original file name "intldate" for "c:\program files\microsoft office\root\office16\ocintldate.dll", hr=0x0 2026-02-13T09:43:30.356 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_2c59019aeddb7f65\api-ms-win-core-string-obsolete-l1-1-0.dll", hr=0x0 2026-02-13T09:43:32.191 Engine:Setting original file name "apisetstub" for "c:\windows\syswow64\downlevel\api-ms-win-core-libraryloader-l1-1-0.dll", hr=0x0 2026-02-13T09:43:32.319 Engine:Setting original file name "pwsh.dll" for "c:\program files\powershell\7\pwsh.exe", hr=0x0 2026-02-13T09:43:32.432 Engine:Setting original file name "apisetstub" for "c:\windows\winsxs\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.17763.1_none_b82ac495d943b9d7\api-ms-win-core-processthreads-l1-1-1.dll", hr=0x0 2026-02-13T09:43:38.898 OriginalFileName Maintenance::8885 files in Moac, 0 skipped (cached), 377 filename set 2026-02-13T09:43:38.898 [AutoPurge] Routine task for Cache Maintenance has ended. 2026-02-13T09:44:21.500 QuickScan:ScanID:5CA43794-F017-4FC2-A45B-193D5839DA9B: Quick scan finished with error 0 2026-02-13T09:44:22.574 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-13T09:44:22.575 [RTP] Duplicating the current plugin configuration object... 2026-02-13T09:44:22.575 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-13T09:44:22.575 [RTP] Updating plugin configuration due to recent config changes (0x20) ... 2026-02-13T09:44:22.575 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-13T09:44:22.575 [RTP] No config change detected. Not updating plugin configuration. 2026-02-13T09:44:22.575 [RTP] No config changes found. No configuration switch. 2026-02-13T09:44:22.575 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x20, Changed: 0 2026-02-13T09:53:21.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T10:08:26.748 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T10:23:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T10:38:36.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T10:53:41.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T11:08:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T11:23:51.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T11:38:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T11:54:01.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T12:09:06.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T12:24:11.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T12:39:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T12:54:21.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T13:09:26.706 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T13:24:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T13:39:36.714 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T13:54:41.698 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T14:09:46.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T14:24:51.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T14:39:56.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T14:55:01.698 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T15:10:06.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T15:25:11.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T15:40:16.700 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T15:55:21.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T16:10:26.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T16:25:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T16:40:36.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T16:55:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T17:10:46.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T17:25:51.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T17:40:56.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T17:56:01.719 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T18:11:06.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T18:26:11.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T18:41:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T18:56:21.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T19:11:26.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T19:26:31.698 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T19:41:36.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T19:56:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T20:11:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T20:26:51.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T20:41:56.716 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T20:57:01.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T21:12:06.705 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T21:27:11.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T21:42:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T21:57:21.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T22:12:26.737 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T22:27:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T22:42:36.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T22:57:41.712 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T23:12:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T23:27:51.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T23:42:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-13T23:58:01.704 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T00:13:06.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T00:28:11.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T00:43:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T00:58:21.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T01:13:26.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T01:28:31.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T01:43:36.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T01:58:41.706 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T02:13:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T02:28:51.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T02:43:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T02:47:06.697 [AutoPurge] AutoPurgeWorker triggered with dwWork=0x3 2026-02-14T02:47:06.765 Job Notification: New process added to job (220976) 2026-02-14T02:47:06.784 Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) launched 2026-02-14T02:47:06.785 Aggressive catchup quick scan threshold: 634774312814 / 25920000000000 2026-02-14T02:47:06.799 Job Notification: New process added to job (220084) 2026-02-14T02:47:06.807 [RTP] [Mini-filter] Denied OB operation OpenProcess[\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpCmdRun.exe][Pid:220976] from process [\Device\HarddiskVolume4\Windows\System32\conhost.exe][Pid:220084]. OriginalDesiredAccess: [0x1fffff] ResultingAccess: [0x1ff7d4] 2026-02-14T02:47:06.928 Job Notification: New process added to job (221748) 2026-02-14T02:47:06.928 Task(SignaturesUpdateService -ScheduleJob -UnmanagedUpdate) launched 2026-02-14T02:47:06.930 Job Notification: New process added to job (221792) 2026-02-14T02:47:06.933 [RTP] [Mini-filter] Denied OB operation OpenProcess[\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpCmdRun.exe][Pid:221748] from process [\Device\HarddiskVolume4\Windows\System32\conhost.exe][Pid:221792]. OriginalDesiredAccess: [0x1fffff] ResultingAccess: [0x1ff7d4] 2026-02-14T02:47:07.297 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-14T02:47:07.297 [RTP] Duplicating the current plugin configuration object... 2026-02-14T02:47:07.297 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-14T02:47:07.297 [RTP] Updating plugin configuration due to recent config changes (0x20) ... 2026-02-14T02:47:07.297 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-14T02:47:07.297 [RTP] No config change detected. Not updating plugin configuration. 2026-02-14T02:47:07.297 [RTP] No config changes found. No configuration switch. 2026-02-14T02:47:07.297 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x20, Changed: 0 2026-02-14T02:48:13.985 UpdateEngine start: Source: 1, szUpdateDirectory: C:\Windows\Temp\E1E0774F-25D8-4F69-9BD8-151A7CD50D283480c.1dc9d5c5b7d91d4 2026-02-14T02:48:14.354 Verifying engine and signature files (source: 0) ... 2026-02-14T02:48:14.354 Skipped verification of [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{530E2888-8039-408B-BE5B-A12EF870CAFC}\mpengine.dll] due to PPL. 2026-02-14T02:48:14.354 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{530E2888-8039-408B-BE5B-A12EF870CAFC}\mpasbase.vdm] (file in cache) 2026-02-14T02:48:14.354 MpCacheManagerIsTrustedFile [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{530E2888-8039-408B-BE5B-A12EF870CAFC}\mpasdlta.vdm]. File not in cache (0x1) 2026-02-14T02:48:14.363 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{530E2888-8039-408B-BE5B-A12EF870CAFC}\mpasdlta.vdm] 2026-02-14T02:48:14.363 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{530E2888-8039-408B-BE5B-A12EF870CAFC}\mpavbase.vdm] (file in cache) 2026-02-14T02:48:14.363 MpCacheManagerIsTrustedFile [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{530E2888-8039-408B-BE5B-A12EF870CAFC}\mpavdlta.vdm]. File not in cache (0x1) 2026-02-14T02:48:14.368 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{530E2888-8039-408B-BE5B-A12EF870CAFC}\mpavdlta.vdm] 2026-02-14T02:48:14.645 [Engine] IsHybridMode: 0 2026-02-14T02:48:14.654 [KSL]KSL(1.1.25111.3024) Is available via CAMP. KslDevice : KslD 2026-02-14T02:48:15.575 Database:Can't find offline cache cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-C4AE0DAAC4AF1EA531812D4361FFE28231130DE0.bin): 0x00000002 2026-02-14T02:48:15.637 Database:Creating offline cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-C4AE0DAAC4AF1EA531812D4361FFE28231130DE0.bin) 2026-02-14T02:48:15.637 Database:Product:1, ProductVersion:5, Platform:6, PlatformVersion:19, IsBeta:0, IsAdvancedAtLoad:0, IsParanoid: 0, IsOffline: 0 2026-02-14T02:48:15.637 Database:IsEmbedded: 0, IsIEVEnabled: 0, IsServerSku: 1, IsRsdhSku: 1, IsEnterpriseProduct: 0, IsMsft: 0, IsSeville: 0, IsMsSense: 0, IsImmune: 0, IsMba: 0, IsPus: 0, IsManaged: 0, IsSmode: 0 2026-02-14T02:48:15.637 Database:IsAutoSubmit:0, IsPusRem:0, LoadedAS:1, LoadedAV:1, LoadedInternal: 0, PassiveMode: 0, SxsPassiveMode:0, IsDevMode:0, IsTestSigning:0, IsWCOS: 0, IsInsideContainer: 0, IsHybridMode: 0 2026-02-14T02:48:15.637 Database:kLCID:1033, kOsVersion:655360, kProcessorArch:9, dwIsTest:0, kOOsVersion:655360, kOsSP:0, kOsBld:17763, dwPvpRing=0xffffffff IDynamicConfig::ReportError value=BruteForceProtectionIPExclusion hr=0x8007007b IDynamicConfig::ReportError value=BruteForceProtectionStatus hr=0x8007007b IDynamicConfig::ReportError value=DisableGradualRelease hr=0x8007007b IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007b IDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000d IDynamicConfig::ReportError value=MpCampRingThrottled hr=0x8007007b IDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d IDynamicConfig::ReportError value=MpEngineRingThrottled hr=0x8007007b 2026-02-14T02:50:19.917 Geo ID not found using standard default set: :SOAP:https://wdcp.microsoft.com/WdCpSrvc.asmx 2026-02-14T02:50:19.938 [AutoExclusion] Applied roles from cache. 2026-02-14T02:50:19.938 [AutoExclusion] Started roles monitoring. IDynamicConfig::ReportError ECS value=EnableAdsSymlinkMitigation_MpRamp hr=0x8007007b IDynamicConfig::ReportError ECS value=EnableBmProcessInfoMetastoreMaintenance_MpRamp hr=0x800700d4 IDynamicConfig::ReportError ECS value=EnableCIWorkaroundOnCFAEnabled_MpRamp hr=0x8007007b IDynamicConfig::ReportError ECS value=MdDisableResController hr=0x800700d4 IDynamicConfig::ReportError ECS value=MdTimerInitalDelay hr=0x800700d4 IDynamicConfig::ReportError ECS value=MdTimerMonitorInterval hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpCopyAcceleratorCancellableCopyState hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpDisablePropBagNotification hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpEnableNoMetaStoreProcessInfoContainer hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpEnablePurgeHipsCache hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpForceDllHostScanExeOnOpen hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpDisableResourceMonitoring hr=0x8007007b IDynamicConfig::ReportError ECS value=EnableThreatIdKeyForSigExpiry_MpRamp hr=0x800700d4 IDynamicConfig::ReportError ECS value=NIS_DisableTransportCallouts hr=0x8007007b IDynamicConfig::ReportError ECS value=MpDlpClipboardSettings hr=0x8007007b IDynamicConfig::ReportChange ECS value=MpFC_EnableCommonMetricsEvents new=1 old0 IDynamicConfig::ReportChange ECS value=MpFC_SupportThreatActionDetectionOnly new=1 old0 IDynamicConfig::ReportChange ECS value=MpDisableBmHealthOneDsEvent new=True oldFalse 2026-02-14T02:50:20.061 [Engine] RSIG_ENGINE_PRE_SHUTDOWN, 0x00007FFB77BDE190, lRefCount: 5, hr=0 2026-02-14T02:50:20.069 [Engine] New active engine 00007FFB78C6E190 replacing engine 00007FFB77BDE190. Number of active engines: 2 2026-02-14T02:50:20.184 EngineInit:Global ASOC is enabled 2026-02-14T02:50:20.184 EngineInit:ASOO is enabled for developer volumes 2026-02-14T02:50:20.618 Engine-HIPS:Loaded ASR vdm rule "Block use of copied or impersonated system tools", State=5, Action=0, Type=9, Duplicates(Interval=288000000000, scope=0x100) 2026-02-14T02:50:20.619 Engine-HIPS:Loaded ASR vdm rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-14T02:50:20.619 Engine-HIPS:Loaded ASR vdm rule "Block credential stealing from the Windows local security authority subsystem (lsass.exe)", State=5, Action=7, Type=1, Duplicates(Interval=288000000000, scope=0x380) 2026-02-14T02:50:20.620 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from injecting code into other processes", State=5, Action=2, Type=24, Duplicates(Interval=144000000000, scope=0x380) 2026-02-14T02:50:20.620 Engine-HIPS:Loaded ASR vdm rule "Controlled folder access", State=0, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-14T02:50:20.620 Engine-HIPS:Loaded ASR vdm rule "Block untrusted and unsigned processes that run from USB", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-14T02:50:20.621 Engine-HIPS:Loaded ASR vdm rule "Block Adobe Reader from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-14T02:50:20.621 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from creating executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-14T02:50:20.622 Engine-HIPS:Loaded ASR vdm rule "Block Webshell creation for Servers", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-14T02:50:20.622 Engine-HIPS:Loaded ASR vdm rule "Block Office communication application from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-14T02:50:20.622 Engine-HIPS:Loaded ASR vdm rule "Block abuse of in-the-wild exploited vulnerable signed drivers", State=5, Action=0, Type=1, Duplicates(Interval=36000000000, scope=0x100) 2026-02-14T02:50:20.622 Engine-HIPS:Loaded ASR vdm rule "Block all Office applications from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-14T02:50:20.623 Engine-HIPS:Loaded ASR vdm rule "Use advanced protection against ransomware", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-14T02:50:20.623 Engine-HIPS:Loaded ASR vdm rule "Block Process Creations originating from PSExec & WMI commands", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-14T02:50:20.624 Engine-HIPS:Loaded ASR vdm rule "Block Launching of executable content from email attachment", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-14T02:50:20.624 Engine-HIPS:Loaded ASR vdm rule "Block JavaScript or VBScript from launching downloaded executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-14T02:50:20.625 Engine-HIPS:Loaded ASR vdm rule "Block persistence through WMI event subscription", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-14T02:50:20.625 Engine-HIPS:Loaded ASR vdm rule "Block rebooting machine in Safe Mode", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-14T02:50:20.625 Engine-HIPS:Loaded ASR vdm rule "Block execution of potentially obfuscated scripts", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-14T02:50:20.682 MpWriteUupSignatureVersion 1.445.37.0, hr = 0 2026-02-14T02:50:20.683 ForceSyncMoacInsertion config from engine is 0, hr = 0x0 2026-02-14T02:50:20.751 [RTP] [Mini-filter] MpFC: MpFC_Kernel_HardenUxProcesses=0;MpFC_Kernel_SystemIoRequestWorkOnBehalfOf=0x1;MpFC_Kernel_PreventBindfltAbuse=0x1;MpFC_Kernel_ParentProcessObHardeningAllow=0;MpFC_Kernel_ReduceOfficeInjectRuleFP=0x1;MPC_Kernel_CheckValidityOfProcessFilterFlagsInASR=0x1;MpFc_Kernel_UseLowPrioThreadsForAsyncScans=0x1;MpFc_Kernel_DisableFileDirtyLogic=0;MpFC_Kernel_DisableDLPPort=0x1;MpFC_Kernel_DlpFeatures=0;MpFC_Kernel_EnableFolderGuardOnPostCreate=0x1;MpFC_Kernel_StrictTiChildrenMatch=0;MpFC_Kernel_PPLReduxMitigationFlags=0x3;MpFc_Kernel_UseLowPriAsyncScansDevDrvOnly=0x1;MpFc_Kernel_DisableOfficeInjectUevSuppression=0x1;MpFc_Kernel_CopyChunkFileHintMask=0;MpFc_Kernel_DisableScanOnCloseForNetworkFiles=0x1;MpFc_Kernel_MaxAsyncWorkQueue=0x400;MpFc_Kernel_DlpIgnoreSystemFolder=0x1;MpFc_Kernel_DlpPassThroughMode=0;MpFc_Kernel_L2StateCache_DefaultStreamsOnly=0x1;MpFc_Kernel_L2StateCache_SupportGenericFileState=0x1;MpFc_Kernel_CryptSvcPreScanFilter=0x1;MpFc_Kernel_SystemPreScanFilter=0x1;MpFC_Kernel_CheckValidit 2026-02-14T02:50:20.773 [HybridMode] HybridMode change notification isHybridModePolicyEnabled: 0, isVerifiedAndReputableTrustModeEnabled: 0 2026-02-14T02:50:20.773 Hybrid mode change notification called, no change detected in verified and reputable trust mode (0 -> 0)! 2026-02-14T02:50:20.773 Hybrid mode change notification called, no change detected in Hybrid mode (0 -> 0)!ApplyDefenderProcessTokenTrustLableAce succeeded to set. 2026-02-14T02:50:20.793 MpUpdateUpdateResiliencyConfiguration updated to 0 2026-02-14T02:50:20.793 [Plugin] Initializing RTP plugin state... 2026-02-14T02:50:20.793 [Plugin] Normal mode, or passive mode with shadow protection enabled. Will not force RTP off. 2026-02-14T02:50:20.793 [RTP] ****************************RTP Perf Log*************************** RTP Start:‎02‎-‎13‎-‎2026 05:49:17 Last Perf:‎02‎-‎13‎-‎2026 05:49:16 First RTP Scan:N/A Plugin States: AV:1 AS:1 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\OInstall_x64.exe C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\files C:\Users\Administrator\Downloads\InternetDownloadManager6.42Build3.c.taiwebs.com\Internet Download Manager 6.42 Build 3 Multilingual\Patch C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\OInstall.exe Ext Exclusions: Temp Exclusions: Worker Threads: AM:18 Async:4 Cache Flushes: RTP:1 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:1,3,0 SetEngine:1,1,0 SetState:0,0,0 SetUser:0,0,0 Config:0,1,0 ProcExcl:0,1,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:281166 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:26156 AsyncQCurrent:0 BMFlags:1160 ServiceMaj:0 ServiceMin:0 NumInstance:6 TotalStreamCon:3376 NTFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:229592379 TotalHits:0 InstanceCacheInserts:5262 InstanceCacheUpdates:0 InstanceCacheDeletes:2773 InstanceCacheHits:807 InstanceCacheMisses:622653 InstanceCacheOverflows:0 CSVFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 SyncProcessCreateDuration:-1ms (0/0) Success: 0, failures: 0 (last code: 0x0), timeouts: 0, baddata: 0 **************************END RTP Perf Log************************* 2026-02-14T02:50:20.793 [Engine] Loaded C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{530E2888-8039-408B-BE5B-A12EF870CAFC} 2026-02-14T02:50:20.793 [Engine] Skip removing C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{80CFA718-A6F0-42F9-AE7D-68836ED4693C}, C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{80CFA718-A6F0-42F9-AE7D-68836ED4693C}\mpasbase.vdm in use, hr=0x80070020 2026-02-14T02:50:20.794 Failed to retrieve config value from engine or configurations for config key (MdCpuSensorCollectionLag) hr = 0x8050800f 2026-02-14T02:50:20.794 Failed to retrieve config value from engine or configurations for config key (MdCrashSensorCollectionLag) hr = 0x8050800f 2026-02-14T02:50:20.794 Failed to retrieve config value from engine or configurations for config key (MdDiskSensorCollectionLag) hr = 0x8050800f 2026-02-14T02:50:20.794 Failed to retrieve config value from engine or configurations for config key (MdMemorySensorCollectionLag) hr = 0x8050800f 2026-02-14T02:50:20.794 MdCoreSvc is supported in this platform and OS 2026-02-14T02:50:20.805 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). Beginning quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Target: Flags:131074 Start time:02-14-2026 02:50:20 Finished quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Result:0 End time:02-14-2026 02:50:20 2026-02-14T02:50:20.925 MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0 2026-02-14T02:50:20.925 MpPlatformKillbitsFromEngineEx (0x0) (0x0) written, hr = 0 2026-02-14T02:50:20.936 [NRI] Stopping NIS service ... 2026-02-14T02:50:20.941 Failed to retrieve config value from engine or configurations for config key (MdCpuSensorCollectionLag) hr = 0x8050800f 2026-02-14T02:50:20.941 Failed to retrieve config value from engine or configurations for config key (MdCrashSensorCollectionLag) hr = 0x8050800f 2026-02-14T02:50:20.941 Failed to retrieve config value from engine or configurations for config key (MdDiskSensorCollectionLag) hr = 0x8050800f 2026-02-14T02:50:20.941 Failed to retrieve config value from engine or configurations for config key (MdMemorySensorCollectionLag) hr = 0x8050800f 2026-02-14T02:50:20.941 MdCoreSvc is supported in this platform and OS 2026-02-14T02:50:20.987 [TP] State change. FeatureAvialable: False, NewState: 0x2, OldState: 0x2, Scenario: Consumer, Source: Signatures, ConfigChange: Remove 2026-02-14T02:50:21.011 [TP] TP Enabled: 0, SecureConfigEnabled: 0, DisableTPExclusionBypass: 0, EnableTPExclusion via FC: 0, IsIntuneManagedDefender: 0, IsSCCMManagedDefender: 0, IsMDEAttachManagedDefender: 0, IsSCCMOnlyManagedDefender: 0, IsStrictPolicyModeEnabled: 0 (from snapshot: 0), Effective EnableTPExclusions: 0, Previous EnableTPExclusions: 0, Delayed call: 0 Signature updated on 02-14-2026 02:50:21 Product Version: 4.18.26010.5 Service Version: 4.18.26010.5 Engine Version: 1.1.26010.1 AS Signature Version: 1.445.37.0 AV Signature Version: 1.445.37.0 ************************************************************ 2026-02-14T02:50:21.152 [Update] Performing ScanOnUpdate, GetConfigHr: 0x0, dwDisableScanOnUpdate: 0, passiveMode: 0, killbit: 0 2026-02-14T02:50:21.152 UpdateEngine finished with 0: Source: 1, szUpdateDirectory: C:\Windows\Temp\E1E0774F-25D8-4F69-9BD8-151A7CD50D283480c.1dc9d5c5b7d91d4 2026-02-14T02:50:21.154 Process scan (postsignatureupdatescan) started. 2026-02-14T02:50:21.197 [KSL] Entering CKSLEngine::EnableKSL. State: [3] 2026-02-14T02:50:21.197 [KSL] CKSLEngine::EnableKSL feature is already enabled. 2026-02-14T02:50:21.197 [KSL] Leaving CKSLEngine::EnableKsl(0). 2026-02-14T02:50:21.285 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-14T02:50:21.285 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-14T02:50:21.286 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-14T02:50:21.286 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-14T02:50:21.286 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-14T02:50:21.914 [Engine] Engine 00007FFB77BDE190 no longer in use. Number of active engines: 1 2026-02-14T02:50:21.914 [RTP] [RTP] FilterCommunicator object 0x000002800EA85F20 StopCommunication (\MicrosoftMalwareProtectionPortWD, \MicrosoftMalwareProtectionVeryLowIoPortWD), threads: 8 normal, 2 very low, 0 alt, thread pool threads: 0 normal, 0 very low, 8 alt Signature updated via MicrosoftUpdateServer on 02-14-2026 02:50:23 ************************************************************ 2026-02-14T02:50:23.358 Job Notification: Process exited from job (221748) 2026-02-14T02:50:23.413 Job Notification: Process exited from job (221792) 2026-02-14T02:50:23.809 Job Notification: Process exited from job (220976) 2026-02-14T02:50:23.812 Job Notification: Process exited from job (220084) 2026-02-14T02:50:35.856 [Engine] RSIG_UNLOADENGINE, 00007FFB77BDE190, err=0x0 2026-02-14T02:50:36.004 [Engine] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{80CFA718-A6F0-42F9-AE7D-68836ED4693C} removed Internal signature match:subtype=Lowfi, sigseq=0x0000157E55A4A794, sigsha=0d6df75c878ae2057e5184c1c65cd97a922b0f0b, cached=false, source=0, resourceid=0xa865ed51 Internal signature match:subtype=Lowfi, sigseq=0x00004AE7F6712C36, sigsha=d96c66db50bb3adef460233484cf124f27fd61c2, cached=false, source=0, resourceid=0x49ced1a9 2026-02-14T02:51:47.567 Process scan (postsignatureupdatescan) completed. 2026-02-14T02:55:20.348 [RbM] Setting Last known good engine candidate. hr = 0 2026-02-14T02:59:01.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T03:14:06.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T03:29:11.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T03:44:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T03:59:21.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T04:14:26.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T04:29:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T04:44:36.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T04:59:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T05:14:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T05:29:51.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T05:44:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T06:00:01.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T06:15:06.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T06:30:11.698 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T06:45:16.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T07:00:21.706 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T07:15:26.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T07:30:31.713 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T07:45:36.700 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T08:00:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T08:15:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T08:30:51.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T08:45:56.708 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T09:01:01.698 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T09:16:06.698 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T09:31:11.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T09:46:16.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T10:01:21.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T10:16:26.707 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T10:20:45.665 [AutoPurge] Verification Routine tasks have started.ApplyDefenderProcessTokenTrustLableAce succeeded to set. 2026-02-14T10:20:47.311 EnsureProtectedFolderAcls(), hr = 0x0 2026-02-14T10:20:47.313 [AutoPurge] MpReinforceServiceAcls: 0 2026-02-14T10:20:47.324 [AutoPurge] Readded platform files to MOAC after ACL enforcement. hr=0 2026-02-14T10:20:47.355 [AutoPurge] SendHeartbeatTelemetryIfDue failed. hr = 0x80508015 2026-02-14T10:20:47.777 [AutoPurge] Removing expired default signature package ... 2026-02-14T10:20:48.263 CheckProductDisabled(fWaitWSC: 0, fRemoveConfigs: 1) ... 2026-02-14T10:20:48.834 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-14T10:20:48.834 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-14T10:20:48.834 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-14T10:20:48.834 [RTP] [RtpConfig] Config change detected, type: 4 2026-02-14T10:20:48.834 [RTP] [RtpConfig] Config change detected, type: 8 2026-02-14T10:20:48.834 [RTP] [RtpConfig] Config change detected, type: 16 2026-02-14T10:20:48.834 [RTP] [RtpConfig] Config change detected, type: 1024 2026-02-14T10:20:48.834 [RTP] [RtpConfig] Config change detected, type: 2048 2026-02-14T10:20:48.834 [RTP] Setting DisableAsyncScanOnClose to 0 (hr=0). 2026-02-14T10:20:48.834 [RTP] Setting DisableAsyncScanOnOpen to 0 in wdfilter (hr=0). 2026-02-14T10:20:48.834 [RTP] Setting FilterExperimentMode to 0 (hr=0). 2026-02-14T10:20:49.070 [RTP] Setting DisableDriverUnload to 1 (hr=0). 2026-02-14T10:20:49.070 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-14T10:20:49.070 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-14T10:20:49.079 [NRI] Stopping NIS service ... 2026-02-14T10:20:49.079 [NRI] Stopping NIS service ... 2026-02-14T10:20:49.080 [NRI] Stopping NIS service ... 2026-02-14T10:20:49.080 [NRI] Stopping NIS service ... 2026-02-14T10:20:49.081 [NRI] Stopping NIS service ... 2026-02-14T10:20:49.082 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-14T10:20:49.082 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-14T10:20:49.082 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-14T10:20:49.181 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-14T10:20:49.181 [RTP] [RTP] LastAccessTimeSuppression for network files is enabled by configuration. 2026-02-14T10:20:49.181 [RTP] [RtpConfig] Config change detected, type: 64 2026-02-14T10:20:50.484 Job Notification: New process added to job (240248) 2026-02-14T10:20:51.349 [RTP] Duplicating the current plugin configuration object... 2026-02-14T10:20:51.349 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-14T10:20:51.349 [RTP] Updating plugin configuration due to recent config changes (0x43e) ... 2026-02-14T10:20:51.349 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-14T10:20:51.349 [RTP] Calling GenerateEngineConfigStruct (0x18) ... 2026-02-14T10:20:51.408 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x43e, Changed: 0x218 2026-02-14T10:20:56.835 Job Notification: Process exited from job (240248) 2026-02-14T10:20:57.085 [AutoPurge] Verification Routine tasks have ended. 2026-02-14T10:31:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T10:46:36.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T11:01:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T11:16:46.710 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T11:31:51.703 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T11:46:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T12:02:01.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T12:17:06.701 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T12:32:11.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T12:47:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T13:02:21.698 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T13:17:26.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T13:32:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T13:47:36.716 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T14:02:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T14:17:46.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T14:32:51.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T14:47:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T15:03:01.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T15:18:06.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T15:33:11.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T15:48:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T16:03:21.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T16:18:26.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T16:33:31.703 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T16:48:36.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T17:03:41.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T17:18:46.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T17:33:51.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T17:48:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T18:04:01.700 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T18:19:06.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T18:34:11.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T18:49:16.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T19:04:21.702 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T19:19:26.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T19:34:31.751 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T19:49:36.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T20:04:41.699 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T20:19:46.720 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T20:34:51.698 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T20:49:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T21:05:01.698 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T21:20:06.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T21:35:11.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T21:50:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T22:05:21.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T22:20:26.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T22:35:31.702 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T22:50:36.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T23:05:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T23:20:46.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T23:35:51.698 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-14T23:50:56.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T00:06:01.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T00:21:06.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T00:36:11.703 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T00:51:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T01:06:21.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T01:21:26.698 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T01:36:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T01:51:36.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T02:06:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T02:21:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T02:36:51.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T02:47:06.698 [AutoPurge] AutoPurgeWorker triggered with dwWork=0x3 2026-02-15T02:47:06.736 Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) launched 2026-02-15T02:47:06.736 Aggressive catchup quick scan threshold: 1498773833941 / 25920000000000 2026-02-15T02:47:06.745 Job Notification: New process added to job (270044) 2026-02-15T02:47:06.768 Job Notification: New process added to job (271804) 2026-02-15T02:47:06.778 [RTP] [Mini-filter] Denied OB operation OpenProcess[\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpCmdRun.exe][Pid:270044] from process [\Device\HarddiskVolume4\Windows\System32\conhost.exe][Pid:271804]. OriginalDesiredAccess: [0x1fffff] ResultingAccess: [0x1ff7d4] 2026-02-15T02:47:06.940 Task(SignaturesUpdateService -ScheduleJob -UnmanagedUpdate) launched 2026-02-15T02:47:06.942 Job Notification: New process added to job (264772) 2026-02-15T02:47:06.943 Job Notification: New process added to job (274056) 2026-02-15T02:47:06.950 [RTP] [Mini-filter] Denied OB operation OpenProcess[\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpCmdRun.exe][Pid:264772] from process [\Device\HarddiskVolume4\Windows\System32\conhost.exe][Pid:274056]. OriginalDesiredAccess: [0x1fffff] ResultingAccess: [0x1ff7d4] 2026-02-15T02:47:07.249 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-15T02:47:07.249 [RTP] Duplicating the current plugin configuration object... 2026-02-15T02:47:07.249 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-15T02:47:07.249 [RTP] Updating plugin configuration due to recent config changes (0x20) ... 2026-02-15T02:47:07.249 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-15T02:47:07.249 [RTP] No config change detected. Not updating plugin configuration. 2026-02-15T02:47:07.249 [RTP] No config changes found. No configuration switch. 2026-02-15T02:47:07.249 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x20, Changed: 0 2026-02-15T02:48:24.761 UpdateEngine start: Source: 1, szUpdateDirectory: C:\Windows\Temp\633B86F9-5BC9-4819-A8DE-DE52DBC2E47E4151c.1dc9e258af0191f 2026-02-15T02:48:25.060 Verifying engine and signature files (source: 0) ... 2026-02-15T02:48:25.060 Skipped verification of [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6E5F147-E2DC-4995-8677-0B614DE662A9}\mpengine.dll] due to PPL. 2026-02-15T02:48:25.060 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6E5F147-E2DC-4995-8677-0B614DE662A9}\mpasbase.vdm] (file in cache) 2026-02-15T02:48:25.060 MpCacheManagerIsTrustedFile [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6E5F147-E2DC-4995-8677-0B614DE662A9}\mpasdlta.vdm]. File not in cache (0x1) 2026-02-15T02:48:25.081 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6E5F147-E2DC-4995-8677-0B614DE662A9}\mpasdlta.vdm] 2026-02-15T02:48:25.081 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6E5F147-E2DC-4995-8677-0B614DE662A9}\mpavbase.vdm] (file in cache) 2026-02-15T02:48:25.081 MpCacheManagerIsTrustedFile [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6E5F147-E2DC-4995-8677-0B614DE662A9}\mpavdlta.vdm]. File not in cache (0x1) 2026-02-15T02:48:25.086 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6E5F147-E2DC-4995-8677-0B614DE662A9}\mpavdlta.vdm] 2026-02-15T02:48:25.408 [Engine] IsHybridMode: 0 2026-02-15T02:48:25.421 [KSL]KSL(1.1.25111.3024) Is available via CAMP. KslDevice : KslD 2026-02-15T02:48:25.555 Database:Can't find offline cache cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-9C6D5C54B949CD2BF5C7ADEF0FF1F0D5BD256B20.bin): 0x00000002 2026-02-15T02:48:25.705 Database:Creating offline cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-9C6D5C54B949CD2BF5C7ADEF0FF1F0D5BD256B20.bin) 2026-02-15T02:48:25.705 Database:Product:1, ProductVersion:5, Platform:6, PlatformVersion:19, IsBeta:0, IsAdvancedAtLoad:0, IsParanoid: 0, IsOffline: 0 2026-02-15T02:48:25.706 Database:IsEmbedded: 0, IsIEVEnabled: 0, IsServerSku: 1, IsRsdhSku: 1, IsEnterpriseProduct: 0, IsMsft: 0, IsSeville: 0, IsMsSense: 0, IsImmune: 0, IsMba: 0, IsPus: 0, IsManaged: 0, IsSmode: 0 2026-02-15T02:48:25.706 Database:IsAutoSubmit:0, IsPusRem:0, LoadedAS:1, LoadedAV:1, LoadedInternal: 0, PassiveMode: 0, SxsPassiveMode:0, IsDevMode:0, IsTestSigning:0, IsWCOS: 0, IsInsideContainer: 0, IsHybridMode: 0 2026-02-15T02:48:25.706 Database:kLCID:1033, kOsVersion:655360, kProcessorArch:9, dwIsTest:0, kOOsVersion:655360, kOsSP:0, kOsBld:17763, dwPvpRing=0xffffffff IDynamicConfig::ReportError value=BruteForceProtectionIPExclusion hr=0x8007007b IDynamicConfig::ReportError value=BruteForceProtectionStatus hr=0x8007007b IDynamicConfig::ReportError value=DisableGradualRelease hr=0x8007007b IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007b IDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000d IDynamicConfig::ReportError value=MpCampRingThrottled hr=0x8007007b IDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d IDynamicConfig::ReportError value=MpEngineRingThrottled hr=0x8007007b 2026-02-15T02:49:03.949 Geo ID not found using standard default set: :SOAP:https://wdcp.microsoft.com/WdCpSrvc.asmx 2026-02-15T02:49:03.960 [AutoExclusion] Applied roles from cache. 2026-02-15T02:49:03.960 [AutoExclusion] Started roles monitoring. IDynamicConfig::ReportError ECS value=EnableAdsSymlinkMitigation_MpRamp hr=0x8007007b IDynamicConfig::ReportError ECS value=EnableBmProcessInfoMetastoreMaintenance_MpRamp hr=0x800700d4 IDynamicConfig::ReportError ECS value=EnableCIWorkaroundOnCFAEnabled_MpRamp hr=0x8007007b IDynamicConfig::ReportError ECS value=MdDisableResController hr=0x800700d4 IDynamicConfig::ReportError ECS value=MdTimerInitalDelay hr=0x800700d4 IDynamicConfig::ReportError ECS value=MdTimerMonitorInterval hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpCopyAcceleratorCancellableCopyState hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpDisablePropBagNotification hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpEnableNoMetaStoreProcessInfoContainer hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpEnablePurgeHipsCache hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpForceDllHostScanExeOnOpen hr=0x800700d4 IDynamicConfig::ReportError ECS value=MpDisableResourceMonitoring hr=0x8007007b IDynamicConfig::ReportError ECS value=EnableThreatIdKeyForSigExpiry_MpRamp hr=0x800700d4 IDynamicConfig::ReportError ECS value=NIS_DisableTransportCallouts hr=0x8007007b IDynamicConfig::ReportError ECS value=MpDlpClipboardSettings hr=0x8007007b IDynamicConfig::ReportChange ECS value=MpFC_EnableCommonMetricsEvents new=1 old0 IDynamicConfig::ReportChange ECS value=MpFC_SupportThreatActionDetectionOnly new=1 old0 IDynamicConfig::ReportChange ECS value=MpDisableBmHealthOneDsEvent new=True oldFalse 2026-02-15T02:49:04.278 [Engine] RSIG_ENGINE_PRE_SHUTDOWN, 0x00007FFB78C6E190, lRefCount: 5, hr=0 2026-02-15T02:49:04.282 [Engine] New active engine 00007FFB7AC5E190 replacing engine 00007FFB78C6E190. Number of active engines: 2 2026-02-15T02:49:04.373 EngineInit:Global ASOC is enabled 2026-02-15T02:49:04.373 EngineInit:ASOO is enabled for developer volumes 2026-02-15T02:49:05.539 Engine-HIPS:Loaded ASR vdm rule "Block use of copied or impersonated system tools", State=5, Action=0, Type=9, Duplicates(Interval=288000000000, scope=0x100) 2026-02-15T02:49:05.539 Engine-HIPS:Loaded ASR vdm rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-15T02:49:05.540 Engine-HIPS:Loaded ASR vdm rule "Block credential stealing from the Windows local security authority subsystem (lsass.exe)", State=5, Action=7, Type=1, Duplicates(Interval=288000000000, scope=0x380) 2026-02-15T02:49:05.540 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from injecting code into other processes", State=5, Action=2, Type=24, Duplicates(Interval=144000000000, scope=0x380) 2026-02-15T02:49:05.540 Engine-HIPS:Loaded ASR vdm rule "Controlled folder access", State=0, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-15T02:49:05.540 Engine-HIPS:Loaded ASR vdm rule "Block untrusted and unsigned processes that run from USB", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-15T02:49:05.540 Engine-HIPS:Loaded ASR vdm rule "Block Adobe Reader from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-15T02:49:05.540 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from creating executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-15T02:49:05.541 Engine-HIPS:Loaded ASR vdm rule "Block Webshell creation for Servers", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-15T02:49:05.541 Engine-HIPS:Loaded ASR vdm rule "Block Office communication application from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-15T02:49:05.541 Engine-HIPS:Loaded ASR vdm rule "Block abuse of in-the-wild exploited vulnerable signed drivers", State=5, Action=0, Type=1, Duplicates(Interval=36000000000, scope=0x100) 2026-02-15T02:49:05.541 Engine-HIPS:Loaded ASR vdm rule "Block all Office applications from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-15T02:49:05.541 Engine-HIPS:Loaded ASR vdm rule "Use advanced protection against ransomware", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-15T02:49:05.541 Engine-HIPS:Loaded ASR vdm rule "Block Process Creations originating from PSExec & WMI commands", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-15T02:49:05.541 Engine-HIPS:Loaded ASR vdm rule "Block Launching of executable content from email attachment", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-15T02:49:05.541 Engine-HIPS:Loaded ASR vdm rule "Block JavaScript or VBScript from launching downloaded executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-15T02:49:05.541 Engine-HIPS:Loaded ASR vdm rule "Block persistence through WMI event subscription", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-15T02:49:05.541 Engine-HIPS:Loaded ASR vdm rule "Block rebooting machine in Safe Mode", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-15T02:49:05.541 Engine-HIPS:Loaded ASR vdm rule "Block execution of potentially obfuscated scripts", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-15T02:49:05.632 MpWriteUupSignatureVersion 1.445.56.0, hr = 0 2026-02-15T02:49:05.633 ForceSyncMoacInsertion config from engine is 0, hr = 0x0 2026-02-15T02:49:05.792 [HybridMode] HybridMode change notification isHybridModePolicyEnabled: 0, isVerifiedAndReputableTrustModeEnabled: 0 2026-02-15T02:49:05.792 Hybrid mode change notification called, no change detected in verified and reputable trust mode (0 -> 0)! 2026-02-15T02:49:05.792 Hybrid mode change notification called, no change detected in Hybrid mode (0 -> 0)! 2026-02-15T02:49:05.798 [RTP] [Mini-filter] MpFC: MpFC_Kernel_HardenUxProcesses=0;MpFC_Kernel_SystemIoRequestWorkOnBehalfOf=0x1;MpFC_Kernel_PreventBindfltAbuse=0x1;MpFC_Kernel_ParentProcessObHardeningAllow=0;MpFC_Kernel_ReduceOfficeInjectRuleFP=0x1;MPC_Kernel_CheckValidityOfProcessFilterFlagsInASR=0x1;MpFc_Kernel_UseLowPrioThreadsForAsyncScans=0x1;MpFc_Kernel_DisableFileDirtyLogic=0;MpFC_Kernel_DisableDLPPort=0x1;MpFC_Kernel_DlpFeatures=0;MpFC_Kernel_EnableFolderGuardOnPostCreate=0x1;MpFC_Kernel_StrictTiChildrenMatch=0;MpFC_Kernel_PPLReduxMitigationFlags=0x3;MpFc_Kernel_UseLowPriAsyncScansDevDrvOnly=0x1;MpFc_Kernel_DisableOfficeInjectUevSuppression=0x1;MpFc_Kernel_CopyChunkFileHintMask=0;MpFc_Kernel_DisableScanOnCloseForNetworkFiles=0x1;MpFc_Kernel_MaxAsyncWorkQueue=0x400;MpFc_Kernel_DlpIgnoreSystemFolder=0x1;MpFc_Kernel_DlpPassThroughMode=0;MpFc_Kernel_L2StateCache_DefaultStreamsOnly=0x1;MpFc_Kernel_L2StateCache_SupportGenericFileState=0x1;MpFc_Kernel_CryptSvcPreScanFilter=0x1;MpFc_Kernel_SystemPreScanFilter=0x1;MpFC_Kernel_CheckValiditApplyDefenderProcessTokenTrustLableAce succeeded to set. 2026-02-15T02:49:05.914 MpUpdateUpdateResiliencyConfiguration updated to 0 2026-02-15T02:49:05.914 [Plugin] Initializing RTP plugin state... 2026-02-15T02:49:05.914 [Plugin] Normal mode, or passive mode with shadow protection enabled. Will not force RTP off. 2026-02-15T02:49:05.914 [Engine] Loaded C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6E5F147-E2DC-4995-8677-0B614DE662A9} 2026-02-15T02:49:05.915 [Engine] Skip removing C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{530E2888-8039-408B-BE5B-A12EF870CAFC}, C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{530E2888-8039-408B-BE5B-A12EF870CAFC}\mpasbase.vdm in use, hr=0x80070020 2026-02-15T02:49:05.915 Failed to retrieve config value from engine or configurations for config key (MdCpuSensorCollectionLag) hr = 0x8050800f 2026-02-15T02:49:05.915 Failed to retrieve config value from engine or configurations for config key (MdCrashSensorCollectionLag) hr = 0x8050800f 2026-02-15T02:49:05.915 Failed to retrieve config value from engine or configurations for config key (MdDiskSensorCollectionLag) hr = 0x8050800f 2026-02-15T02:49:05.915 Failed to retrieve config value from engine or configurations for config key (MdMemorySensorCollectionLag) hr = 0x8050800f 2026-02-15T02:49:05.915 MdCoreSvc is supported in this platform and OS 2026-02-15T02:49:05.915 [RTP] ****************************RTP Perf Log*************************** RTP Start:‎02‎-‎14‎-‎2026 05:50:21 Last Perf:‎02‎-‎14‎-‎2026 05:50:20 First RTP Scan:N/A Plugin States: AV:1 AS:1 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\OInstall_x64.exe C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\files C:\Users\Administrator\Downloads\InternetDownloadManager6.42Build3.c.taiwebs.com\Internet Download Manager 6.42 Build 3 Multilingual\Patch C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\OInstall.exe Ext Exclusions: Temp Exclusions: Worker Threads: AM:18 Async:4 Cache Flushes: RTP:1 System File Cache: Hits:0 Misses:0 BM Queue:0,3,0 Proc:0,3,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:2,3,0 SetEngine:1,1,0 SetState:1,1,0 SetUser:0,1,0 Config:0,1,0 ProcExcl:0,1,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:281166 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:36298 AsyncQCurrent:0 BMFlags:1160 ServiceMaj:0 ServiceMin:0 NumInstance:6 TotalStreamCon:3325 NTFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:287190434 TotalHits:0 InstanceCacheInserts:12945 InstanceCacheUpdates:0 InstanceCacheDeletes:10200 InstanceCacheHits:1131 InstanceCacheMisses:876252 InstanceCacheOverflows:0 CSVFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 SyncProcessCreateDuration:-1ms (0/0) Success: 0, failures: 0 (last code: 0x0), timeouts: 0, baddata: 0 **************************END RTP Perf Log************************* 2026-02-15T02:49:05.932 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). Beginning quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Target: Flags:131074 Start time:02-15-2026 02:49:05 Finished quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Result:0 End time:02-15-2026 02:49:05 2026-02-15T02:49:05.938 MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0 2026-02-15T02:49:05.938 MpPlatformKillbitsFromEngineEx (0x0) (0x0) written, hr = 0 2026-02-15T02:49:05.938 [NRI] Stopping NIS service ... 2026-02-15T02:49:05.939 Failed to retrieve config value from engine or configurations for config key (MdCpuSensorCollectionLag) hr = 0x8050800f 2026-02-15T02:49:05.939 Failed to retrieve config value from engine or configurations for config key (MdCrashSensorCollectionLag) hr = 0x8050800f 2026-02-15T02:49:05.939 Failed to retrieve config value from engine or configurations for config key (MdDiskSensorCollectionLag) hr = 0x8050800f 2026-02-15T02:49:05.939 Failed to retrieve config value from engine or configurations for config key (MdMemorySensorCollectionLag) hr = 0x8050800f 2026-02-15T02:49:05.940 MdCoreSvc is supported in this platform and OS Signature updated on 02-15-2026 02:49:05 Product Version: 4.18.26010.5 Service Version: 4.18.26010.5 Engine Version: 1.1.26010.1 AS Signature Version: 1.445.56.0 AV Signature Version: 1.445.56.0 ************************************************************ 2026-02-15T02:49:05.943 [Update] Performing ScanOnUpdate, GetConfigHr: 0x0, dwDisableScanOnUpdate: 0, passiveMode: 0, killbit: 0 2026-02-15T02:49:05.943 UpdateEngine finished with 0: Source: 1, szUpdateDirectory: C:\Windows\Temp\633B86F9-5BC9-4819-A8DE-DE52DBC2E47E4151c.1dc9e258af0191f 2026-02-15T02:49:05.948 Process scan (postsignatureupdatescan) started. 2026-02-15T02:49:06.052 [TP] State change. FeatureAvialable: False, NewState: 0x2, OldState: 0x2, Scenario: Consumer, Source: Signatures, ConfigChange: Remove 2026-02-15T02:49:06.052 [TP] TP Enabled: 0, SecureConfigEnabled: 0, DisableTPExclusionBypass: 0, EnableTPExclusion via FC: 0, IsIntuneManagedDefender: 0, IsSCCMManagedDefender: 0, IsMDEAttachManagedDefender: 0, IsSCCMOnlyManagedDefender: 0, IsStrictPolicyModeEnabled: 0 (from snapshot: 0), Effective EnableTPExclusions: 0, Previous EnableTPExclusions: 0, Delayed call: 0 2026-02-15T02:49:06.138 [KSL] Entering CKSLEngine::EnableKSL. State: [3] 2026-02-15T02:49:06.138 [KSL] CKSLEngine::EnableKSL feature is already enabled. 2026-02-15T02:49:06.138 [KSL] Leaving CKSLEngine::EnableKsl(0). 2026-02-15T02:49:06.222 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-15T02:49:06.222 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-15T02:49:06.222 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-15T02:49:06.222 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-15T02:49:06.222 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-15T02:49:06.553 [Engine] Engine 00007FFB78C6E190 no longer in use. Number of active engines: 1 2026-02-15T02:49:06.553 [RTP] [RTP] FilterCommunicator object 0x000002800EA85F20 StopCommunication (\MicrosoftMalwareProtectionPortWD, \MicrosoftMalwareProtectionVeryLowIoPortWD), threads: 8 normal, 2 very low, 0 alt, thread pool threads: 0 normal, 0 very low, 8 alt Signature updated via MicrosoftUpdateServer on 02-15-2026 02:49:07 ************************************************************ 2026-02-15T02:49:09.977 Job Notification: Process exited from job (270044) 2026-02-15T02:49:09.977 Job Notification: Process exited from job (264772) 2026-02-15T02:49:09.980 Job Notification: Process exited from job (274056) 2026-02-15T02:49:09.980 Job Notification: Process exited from job (271804) 2026-02-15T02:49:23.854 [Engine] RSIG_UNLOADENGINE, 00007FFB78C6E190, err=0x0 2026-02-15T02:49:23.868 [Engine] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{530E2888-8039-408B-BE5B-A12EF870CAFC} removed Internal signature match:subtype=Lowfi, sigseq=0x0000157E67AA49DF, sigsha=cd8f16a9d4beb15e15e36fc9a546c2d5bfbafd06, cached=false, source=0, resourceid=0x0d0ba041 Internal signature match:subtype=Lowfi, sigseq=0x0000157E6A355FB9, sigsha=3c28ee82ab3f56f4141657f4295ad06eea5e80a0, cached=false, source=0, resourceid=0xa99e4425 Internal signature match:subtype=Lowfi, sigseq=0x0000157E320BA841, sigsha=d301e64fc2d3c759849fad38b6dcbd1fbad4d9a5, cached=false, source=0, resourceid=0xa99e4425 Internal signature match:subtype=Lowfi, sigseq=0x0000157E99436E23, sigsha=539bae921a19250dfcb9aeabf43420451f66b909, cached=false, source=0, resourceid=0xa99e4425 Internal signature match:subtype=Lowfi, sigseq=0x0000157E6A355FB9, sigsha=3c28ee82ab3f56f4141657f4295ad06eea5e80a0, cached=false, source=0, resourceid=0xad15f3e4 Internal signature match:subtype=Lowfi, sigseq=0x0000157E320BA841, sigsha=d301e64fc2d3c759849fad38b6dcbd1fbad4d9a5, cached=false, source=0, resourceid=0xad15f3e4 Internal signature match:subtype=Lowfi, sigseq=0x0000157E99436E23, sigsha=539bae921a19250dfcb9aeabf43420451f66b909, cached=false, source=0, resourceid=0xad15f3e4 Internal signature match:subtype=Lowfi, sigseq=0x0000157E55A4A794, sigsha=0d6df75c878ae2057e5184c1c65cd97a922b0f0b, cached=false, source=0, resourceid=0xa865ed51 Internal signature match:subtype=Lowfi, sigseq=0x0000157E67AA49DF, sigsha=cd8f16a9d4beb15e15e36fc9a546c2d5bfbafd06, cached=false, source=0, resourceid=0x0d0ba041 2026-02-15T02:50:22.859 Process scan (postsignatureupdatescan) completed. 2026-02-15T02:51:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T02:54:04.597 [RbM] Setting Last known good engine candidate. hr = 0 2026-02-15T03:07:01.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T03:22:06.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T03:37:11.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T03:52:16.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T04:07:21.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T04:22:26.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T04:37:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T04:52:36.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T05:07:41.700 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T05:22:46.704 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T05:37:51.709 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T05:52:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T06:08:01.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T06:23:06.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T06:38:11.698 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T06:53:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T07:08:21.698 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T07:23:26.698 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T07:38:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T07:53:36.717 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T08:08:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T08:23:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T08:38:51.710 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T08:53:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T09:09:01.700 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T09:24:06.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T09:39:11.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T09:54:16.715 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T10:09:21.728 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T10:24:26.702 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T10:39:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T10:54:36.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T11:09:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T11:24:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T11:39:51.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T11:54:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T12:10:01.699 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T12:25:06.727 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T12:30:56.355 [AutoPurge] Verification Routine tasks have started.ApplyDefenderProcessTokenTrustLableAce succeeded to set. 2026-02-15T12:30:58.597 EnsureProtectedFolderAcls(), hr = 0x0 2026-02-15T12:30:58.619 [AutoPurge] MpReinforceServiceAcls: 0 2026-02-15T12:30:58.633 [AutoPurge] Readded platform files to MOAC after ACL enforcement. hr=0 2026-02-15T12:30:58.691 [AutoPurge] SendHeartbeatTelemetryIfDue failed. hr = 0x80508015 2026-02-15T12:30:58.691 [AutoPurge] Removing expired default signature package ... 2026-02-15T12:31:00.426 Job Notification: New process added to job (292848) 2026-02-15T12:31:07.144 Job Notification: Process exited from job (292848) 2026-02-15T12:31:07.307 [AutoPurge] Verification Routine tasks have ended. 2026-02-15T12:37:07.208 CheckProductDisabled(fWaitWSC: 0, fRemoveConfigs: 1) ... 2026-02-15T12:37:07.378 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-15T12:37:07.379 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-15T12:37:07.379 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-15T12:37:07.379 [RTP] [RtpConfig] Config change detected, type: 4 2026-02-15T12:37:07.379 [RTP] [RtpConfig] Config change detected, type: 8 2026-02-15T12:37:07.379 [RTP] [RtpConfig] Config change detected, type: 16 2026-02-15T12:37:07.379 [RTP] [RtpConfig] Config change detected, type: 1024 2026-02-15T12:37:07.379 [RTP] [RtpConfig] Config change detected, type: 2048 2026-02-15T12:37:07.379 [RTP] Setting DisableAsyncScanOnClose to 0 (hr=0). 2026-02-15T12:37:07.379 [RTP] Setting DisableAsyncScanOnOpen to 0 in wdfilter (hr=0). 2026-02-15T12:37:07.379 [RTP] Setting FilterExperimentMode to 0 (hr=0). 2026-02-15T12:37:07.461 [RTP] Setting DisableDriverUnload to 1 (hr=0). 2026-02-15T12:37:07.461 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-15T12:37:07.461 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-15T12:37:07.473 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-15T12:37:07.473 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-15T12:37:07.473 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-15T12:37:07.480 [NRI] Stopping NIS service ... 2026-02-15T12:37:07.481 [NRI] Stopping NIS service ... 2026-02-15T12:37:07.481 [NRI] Stopping NIS service ... 2026-02-15T12:37:07.482 [NRI] Stopping NIS service ... 2026-02-15T12:37:07.482 [NRI] Stopping NIS service ... 2026-02-15T12:37:07.504 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-15T12:37:07.504 [RTP] [RTP] LastAccessTimeSuppression for network files is enabled by configuration. 2026-02-15T12:37:07.504 [RTP] [RtpConfig] Config change detected, type: 64 2026-02-15T12:37:09.889 [RTP] Duplicating the current plugin configuration object... 2026-02-15T12:37:09.889 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-15T12:37:09.889 [RTP] Updating plugin configuration due to recent config changes (0x43e) ... 2026-02-15T12:37:09.889 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-15T12:37:09.889 [RTP] Calling GenerateEngineConfigStruct (0x18) ... 2026-02-15T12:37:10.001 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x43e, Changed: 0x218 2026-02-15T12:40:11.703 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T12:55:16.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T13:10:21.704 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T13:25:26.700 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T13:40:31.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T13:55:36.699 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T14:10:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T14:25:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T14:40:51.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T14:55:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T15:11:01.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T15:26:06.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T15:41:11.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T15:56:16.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T16:11:21.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T16:26:26.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T16:41:31.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T16:56:36.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T17:11:41.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T17:26:46.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T17:41:51.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T17:56:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T18:12:01.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T18:27:06.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T18:42:11.700 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T18:57:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T19:12:21.705 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T19:27:26.702 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T19:42:31.715 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T19:57:36.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T20:12:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T20:27:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T20:42:51.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T20:57:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T21:13:01.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T21:28:06.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T21:43:11.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T21:58:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T22:13:21.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T22:28:26.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T22:43:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T22:58:36.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T23:13:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T23:28:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T23:43:51.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-15T23:58:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T00:14:01.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T00:29:06.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T00:44:11.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T00:59:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T01:14:21.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T01:29:26.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T01:44:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T01:59:36.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T02:14:41.705 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T02:29:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T02:44:51.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T02:47:06.700 [AutoPurge] AutoPurgeWorker triggered with dwWork=0x3 2026-02-16T02:47:06.778 Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) launched 2026-02-16T02:47:06.779 Aggressive catchup quick scan threshold: 2362774263105 / 25920000000000 2026-02-16T02:47:06.791 Job Notification: New process added to job (325164) 2026-02-16T02:47:06.797 Job Notification: New process added to job (327044) 2026-02-16T02:47:06.807 [RTP] [Mini-filter] Denied OB operation OpenProcess[\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpCmdRun.exe][Pid:325164] from process [\Device\HarddiskVolume4\Windows\System32\conhost.exe][Pid:327044]. OriginalDesiredAccess: [0x1fffff] ResultingAccess: [0x1ff7d4] 2026-02-16T02:47:06.959 Task(SignaturesUpdateService -ScheduleJob -UnmanagedUpdate) launched 2026-02-16T02:47:06.960 Job Notification: New process added to job (327352) 2026-02-16T02:47:06.962 Job Notification: New process added to job (323320) 2026-02-16T02:47:06.987 [RTP] [Mini-filter] Denied OB operation OpenProcess[\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpCmdRun.exe][Pid:327352] from process [\Device\HarddiskVolume4\Windows\System32\conhost.exe][Pid:323320]. OriginalDesiredAccess: [0x1fffff] ResultingAccess: [0x1ff7d4] 2026-02-16T02:47:07.296 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-16T02:47:07.296 [RTP] Duplicating the current plugin configuration object... 2026-02-16T02:47:07.296 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-16T02:47:07.296 [RTP] Updating plugin configuration due to recent config changes (0x20) ... 2026-02-16T02:47:07.296 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-16T02:47:07.296 [RTP] No config change detected. Not updating plugin configuration. 2026-02-16T02:47:07.296 [RTP] No config changes found. No configuration switch. 2026-02-16T02:47:07.296 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x20, Changed: 0 2026-02-16T02:48:02.344 UpdateEngine start: Source: 1, szUpdateDirectory: C:\Windows\Temp\A22AEB10-C566-4DF7-8993-EB01937829474fbdc.1dc9eeea874eb46 2026-02-16T02:48:02.617 Verifying engine and signature files (source: 0) ... 2026-02-16T02:48:02.617 Skipped verification of [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E5A35DD-CC60-4602-9D2C-2CDBF047E787}\mpengine.dll] due to PPL. 2026-02-16T02:48:02.618 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E5A35DD-CC60-4602-9D2C-2CDBF047E787}\mpasbase.vdm] (file in cache) 2026-02-16T02:48:02.618 MpCacheManagerIsTrustedFile [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E5A35DD-CC60-4602-9D2C-2CDBF047E787}\mpasdlta.vdm]. File not in cache (0x1) 2026-02-16T02:48:02.643 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E5A35DD-CC60-4602-9D2C-2CDBF047E787}\mpasdlta.vdm] 2026-02-16T02:48:02.643 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E5A35DD-CC60-4602-9D2C-2CDBF047E787}\mpavbase.vdm] (file in cache) 2026-02-16T02:48:02.643 MpCacheManagerIsTrustedFile [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E5A35DD-CC60-4602-9D2C-2CDBF047E787}\mpavdlta.vdm]. File not in cache (0x1) 2026-02-16T02:48:02.651 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E5A35DD-CC60-4602-9D2C-2CDBF047E787}\mpavdlta.vdm] 2026-02-16T02:48:02.885 [Engine] IsHybridMode: 0 2026-02-16T02:48:02.899 [KSL]KSL(1.1.25111.3024) Is available via CAMP. KslDevice : KslD 2026-02-16T02:48:03.268 Database:Can't find offline cache cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-E2649FDE496DBB11DE80598E15CA3EA065593951.bin): 0x00000002 2026-02-16T02:48:03.299 Database:Creating offline cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-E2649FDE496DBB11DE80598E15CA3EA065593951.bin) 2026-02-16T02:48:03.299 Database:Product:1, ProductVersion:5, Platform:6, PlatformVersion:19, IsBeta:0, IsAdvancedAtLoad:0, IsParanoid: 0, IsOffline: 0 2026-02-16T02:48:03.299 Database:IsEmbedded: 0, IsIEVEnabled: 0, IsServerSku: 1, IsRsdhSku: 1, IsEnterpriseProduct: 0, IsMsft: 0, IsSeville: 0, IsMsSense: 0, IsImmune: 0, IsMba: 0, IsPus: 0, IsManaged: 0, IsSmode: 0 2026-02-16T02:48:03.299 Database:IsAutoSubmit:0, IsPusRem:0, LoadedAS:1, LoadedAV:1, LoadedInternal: 0, PassiveMode: 0, SxsPassiveMode:0, IsDevMode:0, IsTestSigning:0, IsWCOS: 0, IsInsideContainer: 0, IsHybridMode: 0 2026-02-16T02:48:03.299 Database:kLCID:1033, kOsVersion:655360, kProcessorArch:9, dwIsTest:0, kOOsVersion:655360, kOsSP:0, kOsBld:17763, dwPvpRing=0xffffffff IDynamicConfig::ReportError value=BruteForceProtectionIPExclusion hr=0x8007007b IDynamicConfig::ReportError value=BruteForceProtectionStatus hr=0x8007007b IDynamicConfig::ReportError value=DisableGradualRelease hr=0x8007007b IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007b IDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000d IDynamicConfig::ReportError value=MpCampRingThrottled hr=0x8007007b IDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d IDynamicConfig::ReportError value=MpEngineRingThrottled hr=0x8007007b 2026-02-16T02:48:42.272 Geo ID not found using standard default set: :SOAP:https://wdcp.microsoft.com/WdCpSrvc.asmx 2026-02-16T02:48:42.283 [AutoExclusion] Applied roles from cache. 2026-02-16T02:48:42.283 [AutoExclusion] Started roles monitoring. 2026-02-16T02:48:43.968 [Engine] RSIG_ENGINE_PRE_SHUTDOWN, 0x00007FFB7AC5E190, lRefCount: 5, hr=0 2026-02-16T02:48:43.976 [Engine] New active engine 00007FFB79BCE190 replacing engine 00007FFB7AC5E190. Number of active engines: 2 2026-02-16T02:48:44.303 EngineInit:Global ASOC is enabled 2026-02-16T02:48:44.303 EngineInit:ASOO is enabled for developer volumes 2026-02-16T02:48:45.302 Engine-HIPS:Loaded ASR vdm rule "Block use of copied or impersonated system tools", State=5, Action=0, Type=9, Duplicates(Interval=288000000000, scope=0x100) 2026-02-16T02:48:45.302 Engine-HIPS:Loaded ASR vdm rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-16T02:48:45.302 Engine-HIPS:Loaded ASR vdm rule "Block credential stealing from the Windows local security authority subsystem (lsass.exe)", State=5, Action=7, Type=1, Duplicates(Interval=288000000000, scope=0x380) 2026-02-16T02:48:45.302 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from injecting code into other processes", State=5, Action=2, Type=24, Duplicates(Interval=144000000000, scope=0x380) 2026-02-16T02:48:45.302 Engine-HIPS:Loaded ASR vdm rule "Controlled folder access", State=0, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-16T02:48:45.302 Engine-HIPS:Loaded ASR vdm rule "Block untrusted and unsigned processes that run from USB", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-16T02:48:45.302 Engine-HIPS:Loaded ASR vdm rule "Block Adobe Reader from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-16T02:48:45.302 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from creating executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-16T02:48:45.303 Engine-HIPS:Loaded ASR vdm rule "Block Webshell creation for Servers", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-16T02:48:45.303 Engine-HIPS:Loaded ASR vdm rule "Block Office communication application from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-16T02:48:45.303 Engine-HIPS:Loaded ASR vdm rule "Block abuse of in-the-wild exploited vulnerable signed drivers", State=5, Action=0, Type=1, Duplicates(Interval=36000000000, scope=0x100) 2026-02-16T02:48:45.303 Engine-HIPS:Loaded ASR vdm rule "Block all Office applications from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-16T02:48:45.303 Engine-HIPS:Loaded ASR vdm rule "Use advanced protection against ransomware", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-16T02:48:45.303 Engine-HIPS:Loaded ASR vdm rule "Block Process Creations originating from PSExec & WMI commands", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-16T02:48:45.303 Engine-HIPS:Loaded ASR vdm rule "Block Launching of executable content from email attachment", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-16T02:48:45.303 Engine-HIPS:Loaded ASR vdm rule "Block JavaScript or VBScript from launching downloaded executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-16T02:48:45.303 Engine-HIPS:Loaded ASR vdm rule "Block persistence through WMI event subscription", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-16T02:48:45.303 Engine-HIPS:Loaded ASR vdm rule "Block rebooting machine in Safe Mode", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-16T02:48:45.303 Engine-HIPS:Loaded ASR vdm rule "Block execution of potentially obfuscated scripts", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-16T02:48:45.455 MpWriteUupSignatureVersion 1.445.72.0, hr = 0 2026-02-16T02:48:45.456 ForceSyncMoacInsertion config from engine is 0, hr = 0x0 2026-02-16T02:48:45.532 [RTP] [Mini-filter] MpFC: MpFC_Kernel_HardenUxProcesses=0;MpFC_Kernel_SystemIoRequestWorkOnBehalfOf=0x1;MpFC_Kernel_PreventBindfltAbuse=0x1;MpFC_Kernel_ParentProcessObHardeningAllow=0;MpFC_Kernel_ReduceOfficeInjectRuleFP=0x1;MPC_Kernel_CheckValidityOfProcessFilterFlagsInASR=0x1;MpFc_Kernel_UseLowPrioThreadsForAsyncScans=0x1;MpFc_Kernel_DisableFileDirtyLogic=0;MpFC_Kernel_DisableDLPPort=0x1;MpFC_Kernel_DlpFeatures=0;MpFC_Kernel_EnableFolderGuardOnPostCreate=0x1;MpFC_Kernel_StrictTiChildrenMatch=0;MpFC_Kernel_PPLReduxMitigationFlags=0x3;MpFc_Kernel_UseLowPriAsyncScansDevDrvOnly=0x1;MpFc_Kernel_DisableOfficeInjectUevSuppression=0x1;MpFc_Kernel_CopyChunkFileHintMask=0;MpFc_Kernel_DisableScanOnCloseForNetworkFiles=0x1;MpFc_Kernel_MaxAsyncWorkQueue=0x400;MpFc_Kernel_DlpIgnoreSystemFolder=0x1;MpFc_Kernel_DlpPassThroughMode=0;MpFc_Kernel_L2StateCache_DefaultStreamsOnly=0x1;MpFc_Kernel_L2StateCache_SupportGenericFileState=0x1;MpFc_Kernel_CryptSvcPreScanFilter=0x1;MpFc_Kernel_SystemPreScanFilter=0x1;MpFC_Kernel_CheckValidit 2026-02-16T02:48:45.544 [HybridMode] HybridMode change notification isHybridModePolicyEnabled: 0, isVerifiedAndReputableTrustModeEnabled: 0 2026-02-16T02:48:45.568 Hybrid mode change notification called, no change detected in verified and reputable trust mode (0 -> 0)! 2026-02-16T02:48:45.568 Hybrid mode change notification called, no change detected in Hybrid mode (0 -> 0)!ApplyDefenderProcessTokenTrustLableAce succeeded to set. 2026-02-16T02:48:45.592 MpUpdateUpdateResiliencyConfiguration updated to 0 2026-02-16T02:48:45.592 [Plugin] Initializing RTP plugin state... 2026-02-16T02:48:45.592 [Plugin] Normal mode, or passive mode with shadow protection enabled. Will not force RTP off. 2026-02-16T02:48:45.592 [RTP] ****************************RTP Perf Log*************************** RTP Start:‎02‎-‎15‎-‎2026 05:49:06 Last Perf:‎02‎-‎15‎-‎2026 05:49:05 First RTP Scan:N/A Plugin States: AV:1 AS:1 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\OInstall_x64.exe C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\files C:\Users\Administrator\Downloads\InternetDownloadManager6.42Build3.c.taiwebs.com\Internet Download Manager 6.42 Build 3 Multilingual\Patch C:\Users\Administrator\Downloads\Office 2013-2024 C2R Install_Install Lite 7.7.7.5\OInstall.exe Ext Exclusions: Temp Exclusions: Worker Threads: AM:18 Async:4 Cache Flushes: RTP:1 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:1,3,0 SetEngine:1,1,0 SetState:0,0,0 SetUser:0,0,0 Config:0,1,0 ProcExcl:0,1,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:281166 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:40354 AsyncQCurrent:0 BMFlags:1160 ServiceMaj:0 ServiceMin:0 NumInstance:6 TotalStreamCon:3601 NTFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:344039773 TotalHits:0 InstanceCacheInserts:15042 InstanceCacheUpdates:0 InstanceCacheDeletes:12690 InstanceCacheHits:1346 InstanceCacheMisses:977024 InstanceCacheOverflows:0 CSVFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Instance Cache Type:GenericTable): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 SyncProcessCreateDuration:-1ms (0/0) Success: 0, failures: 0 (last code: 0x0), timeouts: 0, baddata: 0 **************************END RTP Perf Log************************* 2026-02-16T02:48:45.592 [Engine] Loaded C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E5A35DD-CC60-4602-9D2C-2CDBF047E787} 2026-02-16T02:48:45.592 [Engine] Skip removing C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6E5F147-E2DC-4995-8677-0B614DE662A9}, C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6E5F147-E2DC-4995-8677-0B614DE662A9}\mpasbase.vdm in use, hr=0x80070020 2026-02-16T02:48:45.593 Failed to retrieve config value from engine or configurations for config key (MdCpuSensorCollectionLag) hr = 0x8050800f 2026-02-16T02:48:45.593 Failed to retrieve config value from engine or configurations for config key (MdCrashSensorCollectionLag) hr = 0x8050800f 2026-02-16T02:48:45.593 Failed to retrieve config value from engine or configurations for config key (MdDiskSensorCollectionLag) hr = 0x8050800f 2026-02-16T02:48:45.593 Failed to retrieve config value from engine or configurations for config key (MdMemorySensorCollectionLag) hr = 0x8050800f 2026-02-16T02:48:45.593 MdCoreSvc is supported in this platform and OS Beginning quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Target: Flags:131074 Start time:02-16-2026 02:48:45 Finished quarantine recovery Quarantine ID:{00000000-0000-0000-0000-000000000000} Result:0 End time:02-16-2026 02:48:45 2026-02-16T02:48:45.597 MpPlatformKillbitsFromEngine (0x4000000) written, hr = 0 2026-02-16T02:48:45.597 MpPlatformKillbitsFromEngineEx (0x0) (0x0) written, hr = 0 2026-02-16T02:48:45.598 [NRI] Stopping NIS service ... 2026-02-16T02:48:45.598 Failed to retrieve config value from engine or configurations for config key (MdCpuSensorCollectionLag) hr = 0x8050800f 2026-02-16T02:48:45.598 Failed to retrieve config value from engine or configurations for config key (MdCrashSensorCollectionLag) hr = 0x8050800f 2026-02-16T02:48:45.598 Failed to retrieve config value from engine or configurations for config key (MdDiskSensorCollectionLag) hr = 0x8050800f 2026-02-16T02:48:45.598 Failed to retrieve config value from engine or configurations for config key (MdMemorySensorCollectionLag) hr = 0x8050800f 2026-02-16T02:48:45.598 MdCoreSvc is supported in this platform and OS Signature updated on 02-16-2026 02:48:45 Product Version: 4.18.26010.5 Service Version: 4.18.26010.5 Engine Version: 1.1.26010.1 AS Signature Version: 1.445.72.0 AV Signature Version: 1.445.72.0 ************************************************************ 2026-02-16T02:48:45.602 [Update] Performing ScanOnUpdate, GetConfigHr: 0x0, dwDisableScanOnUpdate: 0, passiveMode: 0, killbit: 0 2026-02-16T02:48:45.602 UpdateEngine finished with 0: Source: 1, szUpdateDirectory: C:\Windows\Temp\A22AEB10-C566-4DF7-8993-EB01937829474fbdc.1dc9eeea874eb46 2026-02-16T02:48:45.604 Process scan (postsignatureupdatescan) started. 2026-02-16T02:48:45.614 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-16T02:48:45.683 [TP] State change. FeatureAvialable: False, NewState: 0x2, OldState: 0x2, Scenario: Consumer, Source: Signatures, ConfigChange: Remove 2026-02-16T02:48:45.683 [TP] TP Enabled: 0, SecureConfigEnabled: 0, DisableTPExclusionBypass: 0, EnableTPExclusion via FC: 0, IsIntuneManagedDefender: 0, IsSCCMManagedDefender: 0, IsMDEAttachManagedDefender: 0, IsSCCMOnlyManagedDefender: 0, IsStrictPolicyModeEnabled: 0 (from snapshot: 0), Effective EnableTPExclusions: 0, Previous EnableTPExclusions: 0, Delayed call: 0 2026-02-16T02:48:45.788 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-16T02:48:45.788 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-16T02:48:45.788 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-16T02:48:45.788 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-16T02:48:45.788 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-16T02:48:45.959 [KSL] Entering CKSLEngine::EnableKSL. State: [3] 2026-02-16T02:48:45.959 [KSL] CKSLEngine::EnableKSL feature is already enabled. 2026-02-16T02:48:45.959 [KSL] Leaving CKSLEngine::EnableKsl(0). Signature updated via MicrosoftUpdateServer on 02-16-2026 02:48:46 ************************************************************ 2026-02-16T02:48:46.715 [Engine] Engine 00007FFB7AC5E190 no longer in use. Number of active engines: 1 2026-02-16T02:48:46.715 [RTP] [RTP] FilterCommunicator object 0x000002800EA85F20 StopCommunication (\MicrosoftMalwareProtectionPortWD, \MicrosoftMalwareProtectionVeryLowIoPortWD), threads: 8 normal, 2 very low, 0 alt, thread pool threads: 0 normal, 0 very low, 8 alt 2026-02-16T02:48:48.124 Job Notification: Process exited from job (327352) 2026-02-16T02:48:48.150 Job Notification: Process exited from job (323320) 2026-02-16T02:48:48.366 Job Notification: Process exited from job (325164) 2026-02-16T02:48:48.389 Job Notification: Process exited from job (327044) 2026-02-16T02:49:02.401 [Engine] RSIG_UNLOADENGINE, 00007FFB7AC5E190, err=0x0 2026-02-16T02:49:02.473 [Engine] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6E5F147-E2DC-4995-8677-0B614DE662A9} removed Internal signature match:subtype=Lowfi, sigseq=0x0000157E67AA49DF, sigsha=cd8f16a9d4beb15e15e36fc9a546c2d5bfbafd06, cached=false, source=0, resourceid=0x0d0ba041 Internal signature match:subtype=Lowfi, sigseq=0x0000157E6A355FB9, sigsha=3c28ee82ab3f56f4141657f4295ad06eea5e80a0, cached=false, source=0, resourceid=0xa99e4425 Internal signature match:subtype=Lowfi, sigseq=0x0000157E320BA841, sigsha=d301e64fc2d3c759849fad38b6dcbd1fbad4d9a5, cached=false, source=0, resourceid=0xa99e4425 Internal signature match:subtype=Lowfi, sigseq=0x0000157E99436E23, sigsha=539bae921a19250dfcb9aeabf43420451f66b909, cached=false, source=0, resourceid=0xa99e4425 Internal signature match:subtype=Lowfi, sigseq=0x0000157E6A355FB9, sigsha=3c28ee82ab3f56f4141657f4295ad06eea5e80a0, cached=false, source=0, resourceid=0xad15f3e4 Internal signature match:subtype=Lowfi, sigseq=0x0000157E320BA841, sigsha=d301e64fc2d3c759849fad38b6dcbd1fbad4d9a5, cached=false, source=0, resourceid=0xad15f3e4 Internal signature match:subtype=Lowfi, sigseq=0x0000157E99436E23, sigsha=539bae921a19250dfcb9aeabf43420451f66b909, cached=false, source=0, resourceid=0xad15f3e4 Internal signature match:subtype=Lowfi, sigseq=0x0000157E55A4A794, sigsha=0d6df75c878ae2057e5184c1c65cd97a922b0f0b, cached=false, source=0, resourceid=0xa865ed51 Internal signature match:subtype=Lowfi, sigseq=0x0000157E67AA49DF, sigsha=cd8f16a9d4beb15e15e36fc9a546c2d5bfbafd06, cached=false, source=0, resourceid=0x0d0ba041 2026-02-16T02:51:20.471 Process scan (postsignatureupdatescan) completed. 2026-02-16T02:53:44.571 [RbM] Setting Last known good engine candidate. hr = 0 2026-02-16T02:59:56.756 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T03:15:01.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T03:30:06.699 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T03:45:11.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T04:00:16.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T04:15:21.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T04:30:26.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T04:45:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T05:00:36.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T05:15:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T05:30:46.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T05:45:51.710 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T06:00:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T06:16:01.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T06:31:06.699 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T06:46:11.701 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T07:01:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T07:16:21.715 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T07:31:26.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T07:46:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T08:01:36.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T08:16:41.699 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T08:31:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T08:46:51.700 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T09:01:56.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T09:17:01.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T09:32:06.713 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T09:47:11.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T10:02:16.700 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T10:17:21.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T10:32:26.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T10:47:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T11:02:36.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T11:17:41.700 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T11:32:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T11:47:51.698 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T12:02:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T12:18:01.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T12:33:06.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T12:48:11.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T13:03:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T13:18:21.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T13:33:26.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T13:48:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T14:03:36.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T14:18:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T14:25:37.228 [AutoPurge] Verification Routine tasks have started.ApplyDefenderProcessTokenTrustLableAce succeeded to set. 2026-02-16T14:25:38.368 EnsureProtectedFolderAcls(), hr = 0x0 2026-02-16T14:25:38.409 [AutoPurge] MpReinforceServiceAcls: 0 2026-02-16T14:25:38.421 [AutoPurge] Readded platform files to MOAC after ACL enforcement. hr=0 2026-02-16T14:25:38.502 [AutoPurge] SendHeartbeatTelemetryIfDue failed. hr = 0x80508015 2026-02-16T14:25:38.516 [AutoPurge] Removing expired default signature package ... 2026-02-16T14:25:40.004 Job Notification: New process added to job (340016) 2026-02-16T14:25:45.296 Job Notification: Process exited from job (340016) 2026-02-16T14:25:45.427 [AutoPurge] Verification Routine tasks have ended. 2026-02-16T14:33:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T14:37:07.205 CheckProductDisabled(fWaitWSC: 0, fRemoveConfigs: 1) ... 2026-02-16T14:37:07.299 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-16T14:37:07.299 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-16T14:37:07.299 [RTP] [RtpConfig] Config change detected, type: 2 2026-02-16T14:37:07.299 [RTP] [RtpConfig] Config change detected, type: 4 2026-02-16T14:37:07.299 [RTP] [RtpConfig] Config change detected, type: 8 2026-02-16T14:37:07.299 [RTP] [RtpConfig] Config change detected, type: 16 2026-02-16T14:37:07.299 [RTP] [RtpConfig] Config change detected, type: 1024 2026-02-16T14:37:07.299 [RTP] [RtpConfig] Config change detected, type: 2048 2026-02-16T14:37:07.299 [RTP] Setting DisableAsyncScanOnClose to 0 (hr=0). 2026-02-16T14:37:07.299 [RTP] Setting DisableAsyncScanOnOpen to 0 in wdfilter (hr=0). 2026-02-16T14:37:07.299 [RTP] Setting FilterExperimentMode to 0 (hr=0). 2026-02-16T14:37:07.413 [RTP] Setting DisableDriverUnload to 1 (hr=0). 2026-02-16T14:37:07.413 [RTP] Setting RegLinkHardeningMode to 1 (hr=0). 2026-02-16T14:37:07.426 [RTP] Setting TrustedInstallerHardeningExcludeFlags to 7 (hr=0). 2026-02-16T14:37:07.497 [RTP] Setting EfsHardeningFlags to 0 (hr=0). 2026-02-16T14:37:07.497 [RTP] PreventPagingFileAbuseKillbit[0]. 2026-02-16T14:37:07.497 [RTP] Setting PreventPagingFileAbuse to 0 (hr=0). 2026-02-16T14:37:07.540 [RTP] Setting DisableDynamicFsHardening to 0 (hr=0). 2026-02-16T14:37:07.540 [RTP] [RTP] LastAccessTimeSuppression for network files is enabled by configuration. 2026-02-16T14:37:07.591 [NRI] Stopping NIS service ... 2026-02-16T14:37:07.591 [RTP] [RtpConfig] Config change detected, type: 64 2026-02-16T14:37:07.592 [NRI] Stopping NIS service ... 2026-02-16T14:37:07.593 [NRI] Stopping NIS service ... 2026-02-16T14:37:07.593 [NRI] Stopping NIS service ... 2026-02-16T14:37:07.594 [NRI] Stopping NIS service ... 2026-02-16T14:37:09.803 [RTP] Duplicating the current plugin configuration object... 2026-02-16T14:37:09.803 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-16T14:37:09.803 [RTP] Updating plugin configuration due to recent config changes (0x43e) ... 2026-02-16T14:37:09.803 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-16T14:37:09.803 [RTP] Calling GenerateEngineConfigStruct (0x18) ... 2026-02-16T14:37:09.848 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x43e, Changed: 0x218 2026-02-16T14:48:51.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T15:03:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T15:19:01.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T15:34:06.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T15:49:11.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T16:04:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T16:19:21.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T16:34:26.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T16:49:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T17:04:36.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T17:19:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T17:34:46.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T17:49:51.703 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T18:04:56.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T18:20:01.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T18:35:06.702 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T18:50:11.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T19:05:16.715 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T19:20:21.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T19:35:26.698 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T19:50:31.701 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T20:05:36.703 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T20:20:41.699 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T20:35:46.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T20:50:51.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T21:05:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T21:21:01.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T21:36:06.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T21:51:11.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T22:06:16.700 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T22:21:21.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T22:36:26.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T22:51:31.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T23:06:36.704 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T23:21:41.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T23:36:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-16T23:51:51.713 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-17T00:06:56.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-17T00:22:01.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-17T00:37:06.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-17T00:52:11.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-17T01:07:16.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-17T01:22:21.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-17T01:37:26.701 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-17T01:52:31.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-17T02:07:36.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-17T02:22:41.696 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-17T02:37:46.697 [ESU] ESU heartbeat: ESU disabled (explicit EnableEmergencySigs config) 2026-02-17T02:47:06.697 [AutoPurge] AutoPurgeWorker triggered with dwWork=0x3 2026-02-17T02:47:06.734 Job Notification: New process added to job (374424) 2026-02-17T02:47:06.767 Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) launched 2026-02-17T02:47:06.768 Aggressive catchup quick scan threshold: 3226774143712 / 25920000000000 2026-02-17T02:47:06.796 Job Notification: New process added to job (379300) 2026-02-17T02:47:06.805 [RTP] [Mini-filter] Denied OB operation OpenProcess[\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpCmdRun.exe][Pid:374424] from process [\Device\HarddiskVolume4\Windows\System32\conhost.exe][Pid:379300]. OriginalDesiredAccess: [0x1fffff] ResultingAccess: [0x1ff7d4] 2026-02-17T02:47:07.147 Task(SignaturesUpdateService -ScheduleJob -UnmanagedUpdate) launched 2026-02-17T02:47:07.147 Job Notification: New process added to job (376844) 2026-02-17T02:47:07.149 Job Notification: New process added to job (375480) 2026-02-17T02:47:07.167 [RTP] [Mini-filter] Denied OB operation OpenProcess[\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpCmdRun.exe][Pid:376844] from process [\Device\HarddiskVolume4\Windows\System32\conhost.exe][Pid:375480]. OriginalDesiredAccess: [0x1fffff] ResultingAccess: [0x1ff7d4] 2026-02-17T02:47:07.272 [RTP] [RtpConfig] Config change detected, type: 32 2026-02-17T02:47:07.272 [RTP] Duplicating the current plugin configuration object... 2026-02-17T02:47:07.272 [RTP] CCMPluginConfiguration::Duplicate() - no GenerateEngineEngineConfigStruct ... 2026-02-17T02:47:07.272 [RTP] Updating plugin configuration due to recent config changes (0x20) ... 2026-02-17T02:47:07.272 [RTP] OS Copy Accelerator feature is: 0 (0:Disabled, 1:Enabled) 2026-02-17T02:47:07.272 [RTP] No config change detected. Not updating plugin configuration. 2026-02-17T02:47:07.272 [RTP] No config changes found. No configuration switch. 2026-02-17T02:47:07.272 [RTP] RefreshPluginConfiguration completed successfully. Requested: 0x20, Changed: 0 2026-02-17T02:48:08.400 UpdateEngine start: Source: 1, szUpdateDirectory: C:\Windows\Temp\A715264A-EE39-46C8-AA9B-E76C297DB45C5ca04.1dc9fb7d2ea9801 2026-02-17T02:48:08.695 Verifying engine and signature files (source: 0) ... 2026-02-17T02:48:08.695 Skipped verification of [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{10E404ED-443F-4093-A41E-30841A7DE883}\mpengine.dll] due to PPL. 2026-02-17T02:48:08.695 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{10E404ED-443F-4093-A41E-30841A7DE883}\mpasbase.vdm] (file in cache) 2026-02-17T02:48:08.695 MpCacheManagerIsTrustedFile [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{10E404ED-443F-4093-A41E-30841A7DE883}\mpasdlta.vdm]. File not in cache (0x1) 2026-02-17T02:48:08.730 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{10E404ED-443F-4093-A41E-30841A7DE883}\mpasdlta.vdm] 2026-02-17T02:48:08.730 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{10E404ED-443F-4093-A41E-30841A7DE883}\mpavbase.vdm] (file in cache) 2026-02-17T02:48:08.730 MpCacheManagerIsTrustedFile [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{10E404ED-443F-4093-A41E-30841A7DE883}\mpavdlta.vdm]. File not in cache (0x1) 2026-02-17T02:48:08.738 Verified [C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{10E404ED-443F-4093-A41E-30841A7DE883}\mpavdlta.vdm] 2026-02-17T02:48:09.292 [Engine] IsHybridMode: 0 2026-02-17T02:48:09.304 [KSL]KSL(1.1.25111.3024) Is available via CAMP. KslDevice : KslD 2026-02-17T02:48:09.443 Database:Can't find offline cache cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-05C7E8F8C19432B156EFF7F6C437B9984468C477.bin): 0x00000002 2026-02-17T02:48:09.453 Database:Creating offline cache (C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-05C7E8F8C19432B156EFF7F6C437B9984468C477.bin) 2026-02-17T02:48:09.453 Database:Product:1, ProductVersion:5, Platform:6, PlatformVersion:19, IsBeta:0, IsAdvancedAtLoad:0, IsParanoid: 0, IsOffline: 0 2026-02-17T02:48:09.453 Database:IsEmbedded: 0, IsIEVEnabled: 0, IsServerSku: 1, IsRsdhSku: 1, IsEnterpriseProduct: 0, IsMsft: 0, IsSeville: 0, IsMsSense: 0, IsImmune: 0, IsMba: 0, IsPus: 0, IsManaged: 0, IsSmode: 0 2026-02-17T02:48:09.453 Database:IsAutoSubmit:0, IsPusRem:0, LoadedAS:1, LoadedAV:1, LoadedInternal: 0, PassiveMode: 0, SxsPassiveMode:0, IsDevMode:0, IsTestSigning:0, IsWCOS: 0, IsInsideContainer: 0, IsHybridMode: 0 2026-02-17T02:48:09.453 Database:kLCID:1033, kOsVersion:655360, kProcessorArch:9, dwIsTest:0, kOOsVersion:655360, kOsSP:0, kOsBld:17763, dwPvpRing=0xffffffff IDynamicConfig::ReportError value=BruteForceProtectionIPExclusion hr=0x8007007b IDynamicConfig::ReportError value=BruteForceProtectionStatus hr=0x8007007b IDynamicConfig::ReportError value=DisableGradualRelease hr=0x8007007b IDynamicConfig::ReportError value=EnableFileHashComputation hr=0x8007007b IDynamicConfig::ReportError value=MpBafsExtendedTimeout hr=0x8007000d IDynamicConfig::ReportError value=MpCampRingThrottled hr=0x8007007b IDynamicConfig::ReportError value=MpCloudBlockLevel hr=0x8007000d IDynamicConfig::ReportError value=MpEngineRingThrottled hr=0x8007007b 2026-02-17T02:50:57.966 Geo ID not found using standard default set: :SOAP:https://wdcp.microsoft.com/WdCpSrvc.asmx 2026-02-17T02:50:57.986 [AutoExclusion] Applied roles from cache. 2026-02-17T02:50:57.986 [AutoExclusion] Started roles monitoring. 2026-02-17T02:50:58.720 [Engine] RSIG_ENGINE_PRE_SHUTDOWN, 0x00007FFB79BCE190, lRefCount: 5, hr=0 2026-02-17T02:50:58.737 [Engine] New active engine 00007FFB7AC5E190 replacing engine 00007FFB79BCE190. Number of active engines: 2 2026-02-17T02:50:58.880 EngineInit:Global ASOC is enabled 2026-02-17T02:50:58.880 EngineInit:ASOO is enabled for developer volumes 2026-02-17T02:50:59.556 Engine-HIPS:Loaded ASR vdm rule "Block use of copied or impersonated system tools", State=5, Action=0, Type=9, Duplicates(Interval=288000000000, scope=0x100) 2026-02-17T02:50:59.556 Engine-HIPS:Loaded ASR vdm rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-17T02:50:59.556 Engine-HIPS:Loaded ASR vdm rule "Block credential stealing from the Windows local security authority subsystem (lsass.exe)", State=5, Action=7, Type=1, Duplicates(Interval=288000000000, scope=0x380) 2026-02-17T02:50:59.556 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from injecting code into other processes", State=5, Action=2, Type=24, Duplicates(Interval=144000000000, scope=0x380) 2026-02-17T02:50:59.556 Engine-HIPS:Loaded ASR vdm rule "Controlled folder access", State=0, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-17T02:50:59.556 Engine-HIPS:Loaded ASR vdm rule "Block untrusted and unsigned processes that run from USB", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-17T02:50:59.556 Engine-HIPS:Loaded ASR vdm rule "Block Adobe Reader from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-17T02:50:59.556 Engine-HIPS:Loaded ASR vdm rule "Block Office applications from creating executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-17T02:50:59.565 Engine-HIPS:Loaded ASR vdm rule "Block Webshell creation for Servers", State=5, Action=0, Type=1, Duplicates(Interval=0, scope=0x0) 2026-02-17T02:50:59.565 Engine-HIPS:Loaded ASR vdm rule "Block Office communication application from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-17T02:50:59.565 Engine-HIPS:Loaded ASR vdm rule "Block abuse of in-the-wild exploited vulnerable signed drivers", State=5, Action=0, Type=1, Duplicates(Interval=36000000000, scope=0x100) 2026-02-17T02:50:59.565 Engine-HIPS:Loaded ASR vdm rule "Block all Office applications from creating child processes", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-17T02:50:59.565 Engine-HIPS:Loaded ASR vdm rule "Use advanced protection against ransomware", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-17T02:50:59.565 Engine-HIPS:Loaded ASR vdm rule "Block Process Creations originating from PSExec & WMI commands", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-17T02:50:59.565 Engine-HIPS:Loaded ASR vdm rule "Block Launching of executable content from email attachment", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-17T02:50:59.565 Engine-HIPS:Loaded ASR vdm rule "Block JavaScript or VBScript from launching downloaded executable content", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-17T02:50:59.565 Engine-HIPS:Loaded ASR vdm rule "Block persistence through WMI event subscription", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-17T02:50:59.565 Engine-HIPS:Loaded ASR vdm rule "Block rebooting machine in Safe Mode", State=5, Action=1, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-17T02:50:59.565 Engine-HIPS:Loaded ASR vdm rule "Block execution of potentially obfuscated scripts", State=5, Action=0, Type=1, Duplicates(Interval=1200000000, scope=0x100) 2026-02-17T02:50:59.606 MpWriteUupSignatureVersion 1.445.94.0, hr = 0 2026-02-17T02:50:59.626 ForceSyncMoacInsertion config from engine is 0, hr = 0x0 2026-02-17T02:50:59.691 [HybridMode] HybridMode change notification isHybridModePolicyEnabled: 0, isVerifiedAndReputableTrustModeEnabled: 0 2026-02-17T02:50:59.691 Hybrid mode change notification called, no change detected in verified and reputable trust mode (0 -> 0)! 2026-02-17T02:50:59.691 Hybrid mode change notification called, no change detected in Hybrid mode (0 -> 0)! 2026-02-17T02:50:59.691 [RTP] [Mini-filter] MpFC: MpFC_Kernel_HardenUxProcesses=0;MpFC_Kernel_SystemIoRequestWorkOnBehalfOf=0x1;MpFC_Kernel_PreventBindfltAbuse=0x1;MpFC_Kernel_ParentProcessObHardeningAllow=0;MpFC_Kernel_ReduceOfficeInjectRuleFP=0x1;MPC_Kernel_CheckValidityOfProcessFilterFlagsInASR=0x1;MpFc_Kernel_UseLowPrioThreadsForAsyncScans=0x1;MpFc_Kernel_DisableFileDirtyLogic=0;MpFC_Kernel_DisableDLPPort=0x1;MpFC_Kernel_DlpFeatures=0;MpFC_Kernel_EnableFolderGuardOnPostCreate=0x1;MpFC_Kernel_StrictTiChildrenMatch=0;MpFC_Kernel_PPLReduxMitigationFlags=0x3;MpFc_Kernel_UseLowPriAsyncScansDevDrvOnly=0x1;MpFc_Kernel_DisableOfficeInjectUevSuppression=0x1;MpFc_Kernel_CopyChunkFileHintMask=0;MpFc_Kernel_DisableScanOnCloseForNetworkFiles=0x1;MpFc_Kernel_MaxAsyncWorkQueue=0x400;MpFc_Kernel_DlpIgnoreSystemFolder=0x1;MpFc_Kernel_DlpPassThroughMode=0;MpFc_Kernel_L2StateCache_DefaultStreamsOnly=0x1;MpFc_Kernel_L2StateCache_SupportGenericFileState=0x1;MpFc_Kernel_CryptSvcPreScanFilter=0x1;MpFc_Kernel_SystemPreScanFilter=0x1;MpFC_Kernel_CheckValidit