Software: Microsoft-IIS/10.0. PHP/7.4.33 uname -a: Windows NT LAKE 10.0 build 20348 (Windows Server 2016) AMD64 IWPD_801(traduongco) Safe-mode: OFF (not secure) C:\ProgramData\Bitdefender\Endpoint Security\Logs\appctrl\ drwxrwxrwx | |
| Viewing file: Select action/file-type: ========================== EVENTS STARTED ==========================
{
"type": "inventory_started",
"details": 0,
"datetime": "2024\/11\/16 13:28:46"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 8436,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 10664,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 4088,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 18824,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 30988,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 14008,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 22496,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 23888,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 17936,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 1136,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 20784,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 38452,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 16160,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 37356,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 6224,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 38232,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 19960,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 37964,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 3344,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 30820,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 4552,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 14744,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 19720,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "inventory_finished",
"details": 0,
"datetime": "2024\/11\/16 13:28:46",
"elapsed": 34133,
"volumes": 3,
"total_files": 1712191,
"pe_files": 83563,
"unique_pe_files": 50244,
"signed_pe_files": 28837,
"stopped": false
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 31876,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 25172,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 36316,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 9436,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 20328,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 12488,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 22120,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 20396,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 32472,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 19344,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 17008,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 9296,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 15776,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 11756,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 37632,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 27580,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 21688,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 34924,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 41232,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 23636,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 33364,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 15952,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 19340,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 37700,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 32868,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 17992,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 38100,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 18172,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 22132,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 16844,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 20332,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 14724,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 24876,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 18052,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 18024,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 16936,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 33332,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 14504,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 12108,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 3980,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 38980,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 39880,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 27488,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 36392,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 25048,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 11032,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 9052,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 28616,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 30312,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 34348,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 13740,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 1216,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 4492,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 40160,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 32880,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 41940,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 39772,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 4476,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 12948,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 11136,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 23772,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 34408,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 18228,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 18312,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 30832,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 42844,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipmf428b673-64b8-4e52-9287-b46a5f63e156 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 7216,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 24004,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 21524,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 1500,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 32680,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 10740,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 28428,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 40252,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 26716,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 11940,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 42788,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 32580,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 12104,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 29860,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 19692,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 37504,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 21780,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 39172,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 27888,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 16732,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 28896,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 25812,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 38436,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 28768,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 14344,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 9184,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 18968,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 10644,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 7588,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 42180,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 30460,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 17444,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 42240,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 10540,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 30920,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 15332,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 34800,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 12632,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 13548,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 39264,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 33128,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 17716,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 36904,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 12460,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 17960,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 34148,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 41728,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 10880,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 19068,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 16776,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 37876,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 27148,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 17572,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 38292,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 16072,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 40996,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 39516,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 7172,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 40456,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 7564,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 20068,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 30172,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 23996,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 20828,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 35300,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 42672,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 9852,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 21308,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 27704,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 41916,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 7200,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 33492,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 19688,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 14052,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 25252,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 39968,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 21444,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "app",
"details": 0,
"matched": false,
"category_id": 0,
"group_id": 0,
"rule_id": 0,
"inherited": false,
"action_result": "deny",
"status": "production",
"file_path": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe",
"cmd_line": "D:\\vhosts\\nesenmitsu.vn\\httpdocs\\Nop.Web.exe ",
"pid": 19144,
"parents":
[
{
"path": "C:\\Windows\\SysWOW64\\inetsrv\\w3wp.exe",
"cmd_line": "C:\\WINDOWS\\SysWOW64\\inetsrv\\w3wp.exe -ap \"plesk(default)(2.0)(pool)\" -v \"v2.0\" -l \"webengine4.dll\" -a \\\\.\\pipe\\iisipm55fb3429-2fa1-4fb5-b02d-c3ed65a13cb6 -h \"C:\\inetpub\\temp\\apppools\\plesk(default)(2.0)(pool)\\plesk(default)(2.0)(pool).config\" -w \"\" -m 0 -t 30 -ta 0",
"pid": 40192,
"fingerprint": "0060000000000000A4E1A5B1489B316064F083C4CD7BFC83B70EE4684A4D97D1AD1C4E6D648161A3",
"thumbprints":
[
"2D7FFCE2C256016291B67285456AA8DA779D711BBF8E6B85C212A157DDFBE77E"
]
},
{
"path": "C:\\Windows\\System32\\svchost.exe",
"cmd_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
"pid": 3756,
"fingerprint": "B838010000000000C188A1F4419C2DBE836ED831E9CED03A132C435958758D191670A940AD3857C9",
"thumbprints":
[
"5FC581A4B101E94BFA06E6548DAA244B91B0A62B90D559820FD49BACB625B90B",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\services.exe",
"cmd_line": "C:\\WINDOWS\\system32\\services.exe",
"pid": 872,
"fingerprint": "E07F0B000000000058A3CEDA651E313390B8C3194E7AB35C7BA33126DDE9DEB4ACAE51A315BF5AA5",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
},
{
"path": "C:\\Windows\\System32\\wininit.exe",
"cmd_line": "wininit.exe",
"pid": 964,
"fingerprint": "70A90800000000003F15B3F1835C3E8358140CF38E4D712D269C24388660BBF33BFE375EE82B6F5F",
"thumbprints":
[
"9CE005653E7DEA05CA7779EA36DF567B9E3769B716C91229BC553D9A66624FA0",
"AEC8B67481DFCD2B03398CF9C9439E80EF3E75D407FB0753F9E6C548BC3B5EFF"
]
}
],
"fingerprint": "0006220000000000376E1CDAAC0A2616378B4237F5B15673ED009ADB94576321C8A35048F4CFDBA7"
}
{
"type": "inventory_started",
"details": 0,
"datetime": "2024\/11\/18 12:56:42"
}
{
"type": "inventory_finished",
"details": 0,
"datetime": "2024\/11\/18 12:56:42",
"elapsed": 29591,
"volumes": 3,
"total_files": 1704675,
"pe_files": 83570,
"unique_pe_files": 50248,
"signed_pe_files": 258,
"stopped": false
}
|
:: Command execute :: | |
--[ c99shell v. 2.1 [PHP 8 Update] [02.02.2022] maintained byC99Shell Github | Generation time: 0.8877 ]-- |