Computer name      ATW-D00168     
Computer description           
Operating system      Windows 10     
Service pack           
Domain/workgroup      ATTWOODCAMBODIA     
IP address      192.168.1.157     
Sophos Anti-Virus version      10.7.2 VE3.69.2     
HIPS rules      10.3.221.1     
HIPS configuration      1.0.65.1     
Detection data      5.42     
On-access scanning      Active     
Anti-virus and HIPS policy      Same as policy     
Last scheduled scan completed      6/22/2017 12:12:39 PM (Scan my computer)     
Last message received from computer      8/18/2017 8:17:27 AM     
Last logged on user      ATTWOODCAMBODIA\khieu.sophoan     
Up to date      Yes     
Updating policy      Same as policy     
Time installed package became available      8/3/2017 6:30:46 PM     
Time next package became available           
Primary update server      \\TERMINAL2\SophosUpdate\CIDs\S006\SAVSCFXP\     
Secondary update server           
Exploit prevention status      Inactive     
Exploit prevention policy compliance      Same as policy     
Exploit prevention agent version      3.6.3.583     
Client firewall enabled      No     
Client firewall policy      Same as policy     
Client firewall version      3.0.4     
Client firewall mode      Block by default     
Application control policy      Same as policy     
Application control on-access scanning      Active     
Data control scanning status      Active     
Device control scanning status      Inactive     
Data control policy compliance      Same as policy     
Device control policy compliance      Same as policy     
Tamper protection status      Inactive     
Tamper protection policy compliance      Same as policy     
Patch assessment      Active     
Patch policy      Same as policy     
Patch agent version      1.0.311.1     
Web control status      Active     
Web control policy      Same as policy     
Group      \Global Group\Computers     
 
Outstanding alerts and errors     
 
Client firewall status     
Date/time      Code      Description     
8/13/2017 1:49:30 AM      e0140002      Event Decode Unavailable (Event Number: "-535560190" Message Code: "" Inserts: "80320012", "", "", "", "")     
 
Sophos AutoUpdate status     
Date/time      Code      Description     
8/18/2017 8:17:41 AM      0000006b      Download of Sophos Clean failed from server \\TERMINAL2\SophosUpdate\CIDs\S006\OPMHMPA     
 
Latest application control events     
 
Date/time      User      Application name      Application type     
8/17/2017 10:01:01 AM      ATTWOODCAMBODIA\khieu.sophoan      Windows Store      Download manager     
8/12/2017 11:51:55 AM      ATTWOODCAMBODIA\khieu.sophoan      Internet Download Manager      Download manager     
8/12/2017 7:55:03 AM      ATTWOODCAMBODIA\khieu.sophoan      Internet Download Manager      Download manager     
8/11/2017 3:01:21 AM      ATTWOODCAMBODIA\khieu.sophoan      Internet Download Manager      Download manager     
8/7/2017 12:20:42 AM      ATTWOODCAMBODIA\khieu.sophoan      Internet Download Manager      Download manager     
8/5/2017 8:02:13 AM      ATTWOODCAMBODIA\khieu.sophoan      Internet Download Manager      Download manager     
8/3/2017 7:52:34 AM      ATTWOODCAMBODIA\khieu.sophoan      Internet Download Manager      Download manager     
7/31/2017 5:31:33 PM      ATTWOODCAMBODIA\khieu.sophoan      Internet Download Manager      Download manager     
7/29/2017 4:37:32 AM      ATTWOODCAMBODIA\khieu.sophoan      Internet Download Manager      Download manager     
7/26/2017 9:28:35 AM      ATTWOODCAMBODIA\khieu.sophoan      Internet Download Manager      Download manager     
 
Latest firewall events     
 
Date/time      Event type      File name      File version      Direction      Protocol      File checksum      Remote port      Remote address      Launching process     
3/29/2017 5:37:43 PM      No application rule      Skype.exe      7.33.0.105      Outbound      UDP      e4203b7b3d3434fe280770e0f95e3810      40014      64.4.23.174           
3/29/2017 5:37:10 PM      No application rule      Skype.exe      7.33.0.105      Outbound      UDP      e4203b7b3d3434fe280770e0f95e3810      40003      111.221.77.160           
3/29/2017 5:36:46 PM      No application rule      LINE.exe      5.0.1.1394      Outbound      UDP      450bdea745e55f8301c68b445ab28c30      11662      103.2.31.99           
3/29/2017 5:36:46 PM      No application rule      LINE.exe      5.0.1.1394      Outbound      UDP      450bdea745e55f8301c68b445ab28c30      13707      103.2.31.99           
3/29/2017 5:36:46 PM      No application rule      LINE.exe      5.0.1.1394      Outbound      UDP      450bdea745e55f8301c68b445ab28c30      10471      103.2.31.99           
3/29/2017 5:36:46 PM      No application rule      LINE.exe      5.0.1.1394      Outbound      UDP      450bdea745e55f8301c68b445ab28c30      11000      103.2.31.5           
3/29/2017 5:36:29 PM      No application rule      Skype.exe      7.33.0.105      Outbound      UDP      e4203b7b3d3434fe280770e0f95e3810      47007      192.168.1.128           
3/29/2017 5:36:26 PM      No application rule      OUTLOOK.EXE      16.0.7766.2060      Outbound      TCP      456eaf3e33c5d127bab45fa324fea1d6      443      40.76.12.4           
3/29/2017 5:36:06 PM      No application rule      Skype.exe      7.33.0.105      Outbound      UDP      e4203b7b3d3434fe280770e0f95e3810      40028      111.221.77.169           
3/29/2017 5:34:48 PM      No application rule      chrome.exe      56.0.2924.87      Outbound      UDP      642d464f0ede1b3c81bc20c3e3a3ecc6      443      216.58.196.42           
 
Latest web events     
 
Date/time      User      URL      Action      Reason      Referring URL      Reference ID     
8/18/2017 7:55:17 AM      ATTWOODCAMBODIA\khieu.sophoan      attwoodcambodia.com      Proceed      Alcohol & Tobacco      attwoodcambodia.com           
8/18/2017 7:54:49 AM      ATTWOODCAMBODIA\khieu.sophoan      attwoodcambodia.com      Warn      Alcohol & Tobacco                 
8/17/2017 2:02:04 PM      ATTWOODCAMBODIA\khieu.sophoan      attwoodcambodia.com      Proceed      Alcohol & Tobacco      attwoodcambodia.com           
8/17/2017 2:01:59 PM      ATTWOODCAMBODIA\khieu.sophoan      attwoodcambodia.com      Warn      Alcohol & Tobacco      attwoodcambodia.com           
8/17/2017 12:06:05 PM      ATTWOODCAMBODIA\khieu.sophoan      attwoodcambodia.com      Proceed      Alcohol & Tobacco      attwoodcambodia.com           
8/17/2017 12:06:03 PM      ATTWOODCAMBODIA\khieu.sophoan      attwoodcambodia.com      Warn      Alcohol & Tobacco                 
8/17/2017 8:56:43 AM      ATTWOODCAMBODIA\khieu.sophoan      attwoodcambodia.com      Proceed      Alcohol & Tobacco      attwoodcambodia.com           
8/17/2017 8:56:42 AM      ATTWOODCAMBODIA\khieu.sophoan      attwoodcambodia.com      Warn      Alcohol & Tobacco      attwoodcambodia.com           
8/17/2017 7:59:01 AM      ATTWOODCAMBODIA\khieu.sophoan      attwoodcambodia.com      Proceed      Alcohol & Tobacco      attwoodcambodia.com           
8/17/2017 7:58:59 AM      ATTWOODCAMBODIA\khieu.sophoan      attwoodcambodia.com      Warn      Alcohol & Tobacco      attwoodcambodia.com           
 
History     
 
Items detected     
Date/time      Type      Name      Sub-type      Details      Reference      Action taken      Username     
8/17/2017 3:26:42 PM      Adware or PUA      Windows 7 Loader      Hacking tool      I:\phay\windows\window 7\Windows 7 ACTIVATION\Windows 7 Activation.exe            Removed from quarantine list      ATTWOODCAMBODIA\khieu.sophoan     
8/17/2017 3:26:42 PM      Adware or PUA      Registry Cleaner      Other      I:\AIE-Airport\data-file;attwood\Downloads\rcpsetup_softonic_englobal.exe            Removed from quarantine list      ATTWOODCAMBODIA\khieu.sophoan     
8/17/2017 3:26:42 PM      Adware or PUA      OpenCandy      Other      I:\phay\driver\Tools\OCSetupHlp.dll            Removed from quarantine list      ATTWOODCAMBODIA\khieu.sophoan     
8/17/2017 3:26:42 PM      Adware or PUA      MailPassView      Hacking tool      I:\phay\11-Mail password\11-Mail password\mailpv.exe            Removed from quarantine list      ATTWOODCAMBODIA\khieu.sophoan     
8/17/2017 3:26:42 PM      Adware or PUA      KMS Activator      Other      I:\phay\KMS_Pico7.1 - jadibacaan\KMS_Pico7.1\KMSpico OEM\$OEM$\$$\Setup\Scripts\KMSpico.exe            Removed from quarantine list      ATTWOODCAMBODIA\khieu.sophoan     
8/17/2017 3:26:42 PM      Adware or PUA      Keygen      Hacking tool      I:\Sokhom_Document_2016-08-31\Soft\GDB for NTFS v 3.63\keygen\keygen.exe            Removed from quarantine list      ATTWOODCAMBODIA\khieu.sophoan     
8/17/2017 3:26:42 PM      Adware or PUA      Install Monster      Other      I:\SOTHY_DOC\USER_document\Downloads\MS Office 2010 Crack Product Serial Key Free Download.exe            Removed from quarantine list      ATTWOODCAMBODIA\khieu.sophoan     
8/17/2017 3:26:42 PM      Adware or PUA      Install Core Installer      Other      I:\Sokhom_Document_2016-08-31\Soft\teamviewer.exe            Removed from quarantine list      ATTWOODCAMBODIA\khieu.sophoan     
8/17/2017 3:26:42 PM      Adware or PUA      Generic PUA LC      Other      I:\SECRETARY FOLDER\Former Executive Secretary\COMPUTER FILE\Old\BK\New folder\Downloads\LphantV7.exe            Removed from quarantine list      ATTWOODCAMBODIA\khieu.sophoan     
8/17/2017 3:26:42 PM      Adware or PUA      Generic PUA JK      Other      I:\phay\KMS_Pico7.1 - jadibacaan\KMS_Pico7.1\KMSpico Install\KMSpico_Install_v7.1.exe            Removed from quarantine list      ATTWOODCAMBODIA\khieu.sophoan     
8/17/2017 3:26:42 PM      Adware or PUA      Generic PUA IH      Other      C:\Users\khieu.sophoan\Downloads\adobe_flash_setup_3648696942.exe            Removed from quarantine list      ATTWOODCAMBODIA\khieu.sophoan     
8/17/2017 3:26:42 PM      Adware or PUA      Generic PUA HI      Other      H:\AIE-IT\Software\FreeScreenVideoRecorder_3.0.42.721_o.exe            Removed from quarantine list      ATTWOODCAMBODIA\khieu.sophoan     
8/17/2017 3:26:42 PM      Adware or PUA      Generic PUA HA      Other      I:\phay\KMS_Pico7.1 - jadibacaan\KMS_Pico7.1\KMSpico Only Service\Service_KMS.exe            Removed from quarantine list      ATTWOODCAMBODIA\khieu.sophoan     
8/17/2017 3:26:42 PM      Adware or PUA      Generic PUA EF      Other      I:\SOTHY_DOC\Software\Microsoft Office Professional Plus 2016 + Activation Tool [danhuk]\Disc Image\Office_2016_x86_x64_EN_16.0.6769.2040\OInstall.exe            Removed from quarantine list      ATTWOODCAMBODIA\khieu.sophoan     
8/17/2017 3:26:42 PM      Adware or PUA      Generic PUA DJ      Other      I:\Molika_Chine Document\Desktop\Recycle Bin\SimBundD.exe            Removed from quarantine list      ATTWOODCAMBODIA\khieu.sophoan     
8/17/2017 3:26:42 PM      Adware or PUA      Generic Patcher      Hacking tool      I:\Sokhom_Document_2016-08-31\Soft\Adobe Acrobat XI Pro 11.0.7 Multilanguage [ChingLiu]\patch MPT\adobe.acrobat.xi.pro.patch-MPT.exe            Removed from quarantine list      ATTWOODCAMBODIA\khieu.sophoan     
8/17/2017 3:26:42 PM      Adware or PUA      CrackTool      Hacking tool      I:\phay\Quicken QuickBooks 2009\2009 Intuit.QuickBooks.Activator.0.1.Build.34-BEAST\QBRegCrack.exe            Removed from quarantine list      ATTWOODCAMBODIA\khieu.sophoan     
8/17/2017 3:26:42 PM      Adware or PUA      Corel Painter Keygen      Hacking tool      I:\Sokhom_Document_2016-08-31\Soft\Corel DRAW 13\EGY\keygen.exe            Removed from quarantine list      ATTWOODCAMBODIA\khieu.sophoan     
8/17/2017 3:26:42 PM      Adware or PUA      Alot Toolbar Installer      Adware      I:\Vannvuth\Old\vichet.exe            Removed from quarantine list      ATTWOODCAMBODIA\khieu.sophoan     
8/17/2017 3:26:42 PM      Adware or PUA      Adobe PhotoShop KeyGen      Hacking tool      I:\Vannvuth\Soft\Photoshop CS2\Crack\keygen.exe            Removed from quarantine list      ATTWOODCAMBODIA\khieu.sophoan     
7/31/2017 5:42:09 PM      Adware or PUA      Generic PUA IH      Other      C:\Users\khieu.sophoan\Downloads\adobe_flash_setup_3648696942.exe            Blocked      ATTWOODCAMBODIA\khieu.sophoan     
7/24/2017 12:09:19 PM      Virus/spyware      Mal/Bundpil-LNK                        Threat no longer present      NT AUTHORITY\SYSTEM     
7/24/2017 12:09:19 PM      Virus/spyware      VBS/Agent-AULB            I:\dem.vbs            Cleaned up      NT AUTHORITY\SYSTEM     
7/24/2017 12:08:57 PM      Virus/spyware      Mal/Bundpil-LNK            I:\WIN7_SP1_32 (8GB).lnk            Cleaned up      NT AUTHORITY\SYSTEM     
7/24/2017 12:08:19 PM      Virus/spyware      VBS/Agent-AULB            I:\dem.vbs            Blocked      ATTWOODCAMBODIA\khieu.sophoan     
7/24/2017 12:08:15 PM      Virus/spyware      Mal/Bundpil-LNK            I:\WIN7_SP1_32 (8GB).lnk            Blocked      ATTWOODCAMBODIA\khieu.sophoan     
7/20/2017 1:34:27 PM      Adware or PUA      Generic PUA HI      Other      H:\AIE-IT\Software\FreeScreenVideoRecorder_3.0.42.721_o.exe            Blocked      ATTWOODCAMBODIA\khieu.sophoan     
 
Client firewall status     
Date/time      Code      Description     
8/13/2017 1:49:30 AM      e0140002      Event Decode Unavailable (Event Number: "-535560190" Message Code: "" Inserts: "80320012", "", "", "", "")     
 
Sophos AutoUpdate status     
Date/time      Code      Description     
8/18/2017 8:17:41 AM      0000006b      Download of Sophos Clean failed from server \\TERMINAL2\SophosUpdate\CIDs\S006\OPMHMPA     
8/17/2017 3:09:58 PM      0000006b      Download of Sophos Clean failed from server \\TERMINAL2\SophosUpdate\CIDs\S006\OPMHMPA     
8/16/2017 5:20:23 PM      0000006b      Download of Sophos Clean failed from server \\TERMINAL2\SophosUpdate\CIDs\S000\OPMHMPA     
8/15/2017 4:08:03 PM      00000071      ERROR: Could not find a source for updated packages     
8/15/2017 2:39:18 PM      0000006b      Download of Sophos Clean failed from server \\TERMINAL2\SophosUpdate\CIDs\S000\OPMHMPA     
8/15/2017 2:18:12 PM      00000071      ERROR: Could not find a source for updated packages     
8/15/2017 2:18:12 PM      00000071      ERROR: Could not find a source for updated packages     
8/14/2017 11:59:36 AM      0000006b      Download of Sophos Clean failed from server \\TERMINAL2\SophosUpdate\CIDs\S000\OPMHMPA     
8/12/2017 11:53:33 AM      0000006b      Download of Sophos Clean failed from server \\TERMINAL2\SophosUpdate\CIDs\S000\OPMHMPA     
8/12/2017 7:55:32 AM      0000006b      Download of Sophos Clean failed from server \\TERMINAL2\SophosUpdate\CIDs\S000\OPMHMPA     
8/12/2017 7:46:31 AM      0000006b      Download of Sophos Clean failed from server \\TERMINAL2\SophosUpdate\CIDs\S000\OPMHMPA     
8/11/2017 10:44:09 AM      0000006b      Download of Sophos Clean failed from server \\TERMINAL2\SophosUpdate\CIDs\S000\OPMHMPA     
8/11/2017 10:34:20 AM      00000071      ERROR: Could not find a source for updated packages     
8/11/2017 10:34:20 AM      00000071      ERROR: Could not find a source for updated packages     
8/10/2017 7:18:27 PM      0000006b      Download of Sophos Clean failed from server \\TERMINAL2\SophosUpdate\CIDs\S000\OPMHMPA     
8/6/2017 2:07:31 AM      0000006b      Download of Sophos Clean failed from server \\TERMINAL2\SophosUpdate\CIDs\S000\OPMHMPA     
8/5/2017 10:35:15 AM      00000071      ERROR: Could not find a source for updated packages     
 
IDEs installed     
 
adwi-aqu.ide      adwi-atr.ide      age-awqx.ide      age-awrr.ide      age-awrs.ide     
age-awsn.ide      age-awsq.ide      age-awtu.ide      age-awvb.ide      age-awvf.ide     
age-awvn.ide      age-awvp.ide      age-awvq.ide      andro-sv.ide      auto-cav.ide     
auto-cbl.ide      bank-gtv.ide      bank-gtw.ide      bank-guc.ide      banl-cqt.ide     
banl-cqz.ide      banl-cra.ide      bckd-rvb.ide      blada-ey.ide      blada-fa.ide     
burst-dv.ide      cerb-ani.ide      cerb-ans.ide      cerbe-aa.ide      chisb-sh.ide     
chisb-sk.ide      darkc-fq.ide      darkc-fs.ide      decep-ak.ide      decep-am.ide     
decep-as.ide      delf-gcv.ide      docd-jlm.ide      docd-jly.ide      docd-jmc.ide     
docd-jmz.ide      docd-jow.ide      docd-jql.ide      docd-jqt.ide      docd-jqu.ide     
docd-jqv.ide      docd-jre.ide      docd-jrm.ide      docd-jsp.ide      docd-jst.ide     
docd-jta.ide      docd-jte.ide      docd-jtq.ide      docd-jue.ide      docd-juj.ide     
docd-jvb.ide      docd-jwu.ide      docd-jwx.ide      docd-jxt.ide      docd-jyz.ide     
dofoi-fr.ide      dride-yo.ide      dride-ys.ide      dwnl-tyo.ide      dwnl-ucz.ide     
emoge-co.ide      emote-cg.ide      emote-ci.ide      emote-ck.ide      emote-cr.ide     
emote-dd.ide      emote-dm.ide      emote-du.ide      emote-ea.ide      emotme-a.ide     
fantom-c.ide      fantom-f.ide      fare-dgg.ide      fare-dgn.ide      fare-dgy.ide     
fare-dhr.ide      fare-dhz.ide      fare-dia.ide      fare-dic.ide      fare-did.ide     
fare-dif.ide      fare-diu.ide      fare-div.ide      fare-dkg.ide      fare-dko.ide     
fare-dkt.ide      fare-dlq.ide      fare-dls.ide      fare-dlt.ide      fare-dme.ide     
fare-dmj.ide      fare-dml.ide      fare-dmw.ide      filfro-a.ide      fynlo-ao.ide     
google-a.ide      gozi-iw.ide      gozi-iy.ide      gozi-jh.ide      gozi-jj.ide     
html-bz.ide      htmld-fk.ide      htmldl-j.ide      inje-cqk.ide      inje-crr.ide     
inje-crz.ide      injec-si.ide      injec-ta.ide      injec-tk.ide      jsdld-xc.ide     
kelih-bp.ide      konni-c.ide      kovte-hh.ide      kovte-hj.ide      kovte-hk.ide     
lethi-bv.ide      lethi-bw.ide      limit-pu.ide      limit-px.ide      locky-zx.ide     
malra-aw.ide      mdro-hyi.ide      mdro-hyk.ide      mdro-hyr.ide      miner-cp.ide     
miner-cr.ide      miner-cu.ide      msil-jzo.ide      msil-kar.ide      msil-kas.ide     
msil-kat.ide      msil-kau.ide      msil-kax.ide      msil-kbj.ide      msil-kbk.ide     
msil-kbm.ide      msil-kbn.ide      msil-kbz.ide      msil-kco.ide      msil-kcq.ide     
msil-kcr.ide      msil-kct.ide      msil-kcu.ide      msil-kdz.ide      msil-kea.ide     
msil-ken.ide      msil-ket.ide      msili-ob.ide      msilkl-c.ide      nanoc-qr.ide     
netwi-lx.ide      netwi-ly.ide      neutri-b.ide      nymai-fo.ide      nymai-ft.ide     
nymai-gb.ide      nymai-gf.ide      nymai-gj.ide      nymai-gk.ide      nymai-gp.ide     
omanea-h.ide      pdfdoc-q.ide      pdfdw-aq.ide      pdfdwn-f.ide      pdfj-ajn.ide     
pdfu-buw.ide      pdfu-bvi.ide      pdfu-bvm.ide      pdfu-bxi.ide      pdfu-bxj.ide     
pdfu-bxo.ide      pdfu-byp.ide      pdfu-bzg.ide      pdfu-cbu.ide      pdfu-cbx.ide     
pdfu-cci.ide      pdfu-cei.ide      pdfu-cel.ide      pdfu-cgf.ide      pdfu-cgg.ide     
pdfu-cgh.ide      pdfu-cic.ide      pdfu-cij.ide      pdfu-cjn.ide      pdfu-ckc.ide     
pdfu-ckz.ide      petya-bh.ide      petya-bi.ide      petya-bk.ide      petya-bl.ide     
petya-bn.ide      phis-ape.ide      phis-apg.ide      phis-apx.ide      phis-apz.ide     
phis-arn.ide      phis-aro.ide      phis-arp.ide      phis-arq.ide      phis-ato.ide     
phis-aty.ide      phis-aue.ide      phis-aum.ide      phis-auv.ide      phis-avs.ide     
phis-avt.ide      phis-awf.ide      proci-ae.ide      pws-cja.ide      qakbo-ck.ide     
qbot-dm.ide      rans-eob.ide      rans-eom.ide      rans-eot.ide      rans-eou.ide     
rans-eov.ide      rans-eow.ide      rans-eoy.ide      rans-epb.ide      rans-epl.ide     
rans-epn.ide      rans-epo.ide      rans-epu.ide      rans-epv.ide      recam-l.ide     
recam-r.ide      rtfex-ec.ide      shifu-e.ide      shiot-cb.ide      shiot-cc.ide     
shiot-ce.ide      spy-amg.ide      spy-ami.ide      spy-amj.ide      spy-amk.ide     
talmad-c.ide      trickb-c.ide      trickb-d.ide      trickb-q.ide      trickb-x.ide     
trickb-y.ide      trikbo-c.ide      trikbo-d.ide      vb-jnq.ide      vbsdl-am.ide     
vortex-c.ide      waucho-m.ide      wont-aba.ide      wont-abn.ide      zbot-lsz.ide     
zbot-ltd.ide      zbot-lte.ide      zbot-ltf.ide      zbot-lth.ide           
 
Total      259