Make WordPress Core

Ticket #50818: ESETLog.xml

File ESETLog.xml, 16.1 KB (added by wretana, 4 years ago)

Log from ESET32

Line 
1<?xml version="1.0" encoding="utf-8" ?>
2<ESET>
3  <LOG>
4    <RECORD>
5      <COLUMN NAME="Time">7/30/2020 3:02:15 AM</COLUMN>
6      <COLUMN NAME="Scanner">Real-time file system protection</COLUMN>
7      <COLUMN NAME="Object type">file</COLUMN>
8      <COLUMN NAME="Object">\Device\HarddiskVolumeShadowCopy49\_sites\despachomunoz.com\wp-content\themes\illdy\functions.php</COLUMN>
9      <COLUMN NAME="Detection">PHP/Agent.NJJ trojan</COLUMN>
10      <COLUMN NAME="Action">cleaned by deleting</COLUMN>
11      <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN>
12      <COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Windows\System32\wbengine.exe (97D02D3EEA8BA01A30134828E53F9EE94A3EB884).</COLUMN>
13      <COLUMN NAME="Hash">C808F9C52A5CF09CC13F80CAAB6BE564E0C502B4</COLUMN>
14      <COLUMN NAME="First seen here">7/29/2020 1:41:26 PM</COLUMN>
15    </RECORD>
16    <RECORD>
17      <COLUMN NAME="Time">7/30/2020 3:02:15 AM</COLUMN>
18      <COLUMN NAME="Scanner">Real-time file system protection</COLUMN>
19      <COLUMN NAME="Object type">file</COLUMN>
20      <COLUMN NAME="Object">\Device\HarddiskVolumeShadowCopy49\_sites\despachomunoz.com\wp-content\themes\onepress\functions.php</COLUMN>
21      <COLUMN NAME="Detection">PHP/Agent.NJJ trojan</COLUMN>
22      <COLUMN NAME="Action">cleaned by deleting</COLUMN>
23      <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN>
24      <COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Windows\System32\wbengine.exe (97D02D3EEA8BA01A30134828E53F9EE94A3EB884).</COLUMN>
25      <COLUMN NAME="Hash">E9D3FCDBA1ED4C25B9AFE3DCE099C46340CF1E83</COLUMN>
26      <COLUMN NAME="First seen here">7/29/2020 1:41:27 PM</COLUMN>
27    </RECORD>
28    <RECORD>
29      <COLUMN NAME="Time">7/30/2020 3:02:16 AM</COLUMN>
30      <COLUMN NAME="Scanner">Real-time file system protection</COLUMN>
31      <COLUMN NAME="Object type">file</COLUMN>
32      <COLUMN NAME="Object">\Device\HarddiskVolumeShadowCopy49\_sites\despachomunoz.com\wp-content\themes\twentyseventeen\functions.php</COLUMN>
33      <COLUMN NAME="Detection">PHP/Agent.NJJ trojan</COLUMN>
34      <COLUMN NAME="Action">cleaned by deleting</COLUMN>
35      <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN>
36      <COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Windows\System32\wbengine.exe (97D02D3EEA8BA01A30134828E53F9EE94A3EB884).</COLUMN>
37      <COLUMN NAME="Hash">461150FD0B8A7BE844DCA201C8CD9944D96662ED</COLUMN>
38      <COLUMN NAME="First seen here">7/29/2020 1:41:28 PM</COLUMN>
39    </RECORD>
40    <RECORD>
41      <COLUMN NAME="Time">7/30/2020 3:02:16 AM</COLUMN>
42      <COLUMN NAME="Scanner">Real-time file system protection</COLUMN>
43      <COLUMN NAME="Object type">file</COLUMN>
44      <COLUMN NAME="Object">\Device\HarddiskVolumeShadowCopy49\_sites\despachomunoz.com\wp-content\themes\twentysixteen\functions.php</COLUMN>
45      <COLUMN NAME="Detection">PHP/Agent.NJJ trojan</COLUMN>
46      <COLUMN NAME="Action">cleaned by deleting</COLUMN>
47      <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN>
48      <COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Windows\System32\wbengine.exe (97D02D3EEA8BA01A30134828E53F9EE94A3EB884).</COLUMN>
49      <COLUMN NAME="Hash">502A0428E97926F8A17485D8544771FEB7F8B419</COLUMN>
50      <COLUMN NAME="First seen here">7/29/2020 1:41:28 PM</COLUMN>
51    </RECORD>
52    <RECORD>
53      <COLUMN NAME="Time">7/30/2020 3:02:42 AM</COLUMN>
54      <COLUMN NAME="Scanner">Real-time file system protection</COLUMN>
55      <COLUMN NAME="Object type">file</COLUMN>
56      <COLUMN NAME="Object">\Device\HarddiskVolumeShadowCopy49\_sites\hotelaltopalomo.com\wp-content\themes\Divi\functions.php</COLUMN>
57      <COLUMN NAME="Detection">PHP/Agent.NJJ trojan</COLUMN>
58      <COLUMN NAME="Action">cleaned by deleting</COLUMN>
59      <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN>
60      <COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Windows\System32\wbengine.exe (97D02D3EEA8BA01A30134828E53F9EE94A3EB884).</COLUMN>
61      <COLUMN NAME="Hash">79221994CA75504E300FDC0680BF382EAB70219D</COLUMN>
62      <COLUMN NAME="First seen here">7/29/2020 1:42:06 PM</COLUMN>
63    </RECORD>
64    <RECORD>
65      <COLUMN NAME="Time">7/30/2020 3:02:44 AM</COLUMN>
66      <COLUMN NAME="Scanner">Real-time file system protection</COLUMN>
67      <COLUMN NAME="Object type">file</COLUMN>
68      <COLUMN NAME="Object">\Device\HarddiskVolumeShadowCopy49\_sites\hotelaltopalomo.com\wp-content\themes\Divi-child\functions.php</COLUMN>
69      <COLUMN NAME="Detection">PHP/Agent.NJJ trojan</COLUMN>
70      <COLUMN NAME="Action">cleaned by deleting</COLUMN>
71      <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN>
72      <COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Windows\System32\wbengine.exe (97D02D3EEA8BA01A30134828E53F9EE94A3EB884).</COLUMN>
73      <COLUMN NAME="Hash">5A27D6F390774A8099D75AE417A57CFA17EDC466</COLUMN>
74      <COLUMN NAME="First seen here">7/29/2020 1:42:09 PM</COLUMN>
75    </RECORD>
76    <RECORD>
77      <COLUMN NAME="Time">7/30/2020 3:02:44 AM</COLUMN>
78      <COLUMN NAME="Scanner">Real-time file system protection</COLUMN>
79      <COLUMN NAME="Object type">file</COLUMN>
80      <COLUMN NAME="Object">\Device\HarddiskVolumeShadowCopy49\_sites\hotelaltopalomo.com\wp-content\themes\twentynineteen\functions.php</COLUMN>
81      <COLUMN NAME="Detection">PHP/Agent.NJJ trojan</COLUMN>
82      <COLUMN NAME="Action">cleaned by deleting</COLUMN>
83      <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN>
84      <COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Windows\System32\wbengine.exe (97D02D3EEA8BA01A30134828E53F9EE94A3EB884).</COLUMN>
85      <COLUMN NAME="Hash">AE23BBAEF9ECAC4803B7F6EC5E70DBA140339E92</COLUMN>
86      <COLUMN NAME="First seen here">7/29/2020 1:42:09 PM</COLUMN>
87    </RECORD>
88    <RECORD>
89      <COLUMN NAME="Time">7/30/2020 3:02:45 AM</COLUMN>
90      <COLUMN NAME="Scanner">Real-time file system protection</COLUMN>
91      <COLUMN NAME="Object type">file</COLUMN>
92      <COLUMN NAME="Object">\Device\HarddiskVolumeShadowCopy49\_sites\hotelaltopalomo.com\wp-content\themes\twentyseventeen\functions.php</COLUMN>
93      <COLUMN NAME="Detection">PHP/Agent.NJJ trojan</COLUMN>
94      <COLUMN NAME="Action">cleaned by deleting</COLUMN>
95      <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN>
96      <COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Windows\System32\wbengine.exe (97D02D3EEA8BA01A30134828E53F9EE94A3EB884).</COLUMN>
97      <COLUMN NAME="Hash">41A40956FB8392E7ABE7987C114249C393BC4BCF</COLUMN>
98      <COLUMN NAME="First seen here">7/29/2020 1:42:10 PM</COLUMN>
99    </RECORD>
100    <RECORD>
101      <COLUMN NAME="Time">7/30/2020 3:02:45 AM</COLUMN>
102      <COLUMN NAME="Scanner">Real-time file system protection</COLUMN>
103      <COLUMN NAME="Object type">file</COLUMN>
104      <COLUMN NAME="Object">\Device\HarddiskVolumeShadowCopy49\_sites\hotelaltopalomo.com\wp-content\themes\twentytwenty\functions.php</COLUMN>
105      <COLUMN NAME="Detection">PHP/Agent.NJJ trojan</COLUMN>
106      <COLUMN NAME="Action">cleaned by deleting</COLUMN>
107      <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN>
108      <COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Windows\System32\wbengine.exe (97D02D3EEA8BA01A30134828E53F9EE94A3EB884).</COLUMN>
109      <COLUMN NAME="Hash">525EEC51E1CA9EE97CF76B8EF890DA1FEE59C1FE</COLUMN>
110      <COLUMN NAME="First seen here">7/29/2020 1:42:10 PM</COLUMN>
111    </RECORD>
112    <RECORD>
113      <COLUMN NAME="Time">7/30/2020 3:02:46 AM</COLUMN>
114      <COLUMN NAME="Scanner">Real-time file system protection</COLUMN>
115      <COLUMN NAME="Object type">file</COLUMN>
116      <COLUMN NAME="Object">\Device\HarddiskVolumeShadowCopy49\_sites\hotelaltopalomo.com\wp-includes\post.php</COLUMN>
117      <COLUMN NAME="Detection">PHP/Agent.NGW trojan</COLUMN>
118      <COLUMN NAME="Action">cleaned by deleting</COLUMN>
119      <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN>
120      <COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Windows\System32\wbengine.exe (97D02D3EEA8BA01A30134828E53F9EE94A3EB884).</COLUMN>
121      <COLUMN NAME="Hash">DEF4730CA978FE8DEF693EBCA945D186489259DA</COLUMN>
122      <COLUMN NAME="First seen here">7/29/2020 1:42:11 PM</COLUMN>
123    </RECORD>
124    <RECORD>
125      <COLUMN NAME="Time">7/30/2020 3:03:52 AM</COLUMN>
126      <COLUMN NAME="Scanner">Real-time file system protection</COLUMN>
127      <COLUMN NAME="Object type">file</COLUMN>
128      <COLUMN NAME="Object">\Device\HarddiskVolumeShadowCopy49\_sites\ortopedicagarbanzo.com\wp-content\themes\Divi\functions.php</COLUMN>
129      <COLUMN NAME="Detection">PHP/Agent.NJJ trojan</COLUMN>
130      <COLUMN NAME="Action">cleaned by deleting</COLUMN>
131      <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN>
132      <COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Windows\System32\wbengine.exe (97D02D3EEA8BA01A30134828E53F9EE94A3EB884).</COLUMN>
133      <COLUMN NAME="Hash">54FE36E4494B0EB771A899E0708B4F05D950AC2D</COLUMN>
134      <COLUMN NAME="First seen here">7/29/2020 1:40:46 PM</COLUMN>
135    </RECORD>
136    <RECORD>
137      <COLUMN NAME="Time">7/30/2020 3:03:56 AM</COLUMN>
138      <COLUMN NAME="Scanner">Real-time file system protection</COLUMN>
139      <COLUMN NAME="Object type">file</COLUMN>
140      <COLUMN NAME="Object">\Device\HarddiskVolumeShadowCopy49\_sites\ortopedicagarbanzo.com\wp-content\themes\enlightenment\functions.php</COLUMN>
141      <COLUMN NAME="Detection">PHP/Agent.NJJ trojan</COLUMN>
142      <COLUMN NAME="Action">cleaned by deleting</COLUMN>
143      <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN>
144      <COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Windows\System32\wbengine.exe (97D02D3EEA8BA01A30134828E53F9EE94A3EB884).</COLUMN>
145      <COLUMN NAME="Hash">BCBD87F49B7D277E285B6237C68C83AE78974182</COLUMN>
146      <COLUMN NAME="First seen here">7/29/2020 1:40:49 PM</COLUMN>
147    </RECORD>
148    <RECORD>
149      <COLUMN NAME="Time">7/30/2020 3:03:56 AM</COLUMN>
150      <COLUMN NAME="Scanner">Real-time file system protection</COLUMN>
151      <COLUMN NAME="Object type">file</COLUMN>
152      <COLUMN NAME="Object">\Device\HarddiskVolumeShadowCopy49\_sites\ortopedicagarbanzo.com\wp-content\themes\Divi-child\functions.php</COLUMN>
153      <COLUMN NAME="Detection">PHP/Agent.NJJ trojan</COLUMN>
154      <COLUMN NAME="Action">cleaned by deleting</COLUMN>
155      <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN>
156      <COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Windows\System32\wbengine.exe (97D02D3EEA8BA01A30134828E53F9EE94A3EB884).</COLUMN>
157      <COLUMN NAME="Hash">4793045EC6D565AC19432C1460C947FE6381A140</COLUMN>
158      <COLUMN NAME="First seen here">7/29/2020 1:40:49 PM</COLUMN>
159    </RECORD>
160    <RECORD>
161      <COLUMN NAME="Time">7/30/2020 3:03:56 AM</COLUMN>
162      <COLUMN NAME="Scanner">Real-time file system protection</COLUMN>
163      <COLUMN NAME="Object type">file</COLUMN>
164      <COLUMN NAME="Object">\Device\HarddiskVolumeShadowCopy49\_sites\ortopedicagarbanzo.com\wp-content\themes\estore\functions.php</COLUMN>
165      <COLUMN NAME="Detection">PHP/Agent.NJJ trojan</COLUMN>
166      <COLUMN NAME="Action">cleaned by deleting</COLUMN>
167      <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN>
168      <COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Windows\System32\wbengine.exe (97D02D3EEA8BA01A30134828E53F9EE94A3EB884).</COLUMN>
169      <COLUMN NAME="Hash">C6780155556AA30E658277C3FDD0D52D7327836B</COLUMN>
170      <COLUMN NAME="First seen here">7/29/2020 1:40:50 PM</COLUMN>
171    </RECORD>
172    <RECORD>
173      <COLUMN NAME="Time">7/30/2020 3:03:57 AM</COLUMN>
174      <COLUMN NAME="Scanner">Real-time file system protection</COLUMN>
175      <COLUMN NAME="Object type">file</COLUMN>
176      <COLUMN NAME="Object">\Device\HarddiskVolumeShadowCopy49\_sites\ortopedicagarbanzo.com\wp-content\themes\storefront\functions.php</COLUMN>
177      <COLUMN NAME="Detection">PHP/Agent.NJJ trojan</COLUMN>
178      <COLUMN NAME="Action">cleaned by deleting</COLUMN>
179      <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN>
180      <COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Windows\System32\wbengine.exe (97D02D3EEA8BA01A30134828E53F9EE94A3EB884).</COLUMN>
181      <COLUMN NAME="Hash">2DBD5AED6F5381863DCE1D1349F5E3F57310A69C</COLUMN>
182      <COLUMN NAME="First seen here">7/29/2020 1:40:50 PM</COLUMN>
183    </RECORD>
184    <RECORD>
185      <COLUMN NAME="Time">7/30/2020 3:03:57 AM</COLUMN>
186      <COLUMN NAME="Scanner">Real-time file system protection</COLUMN>
187      <COLUMN NAME="Object type">file</COLUMN>
188      <COLUMN NAME="Object">\Device\HarddiskVolumeShadowCopy49\_sites\ortopedicagarbanzo.com\wp-content\themes\twentynineteen\functions.php</COLUMN>
189      <COLUMN NAME="Detection">PHP/Agent.NJJ trojan</COLUMN>
190      <COLUMN NAME="Action">cleaned by deleting</COLUMN>
191      <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN>
192      <COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Windows\System32\wbengine.exe (97D02D3EEA8BA01A30134828E53F9EE94A3EB884).</COLUMN>
193      <COLUMN NAME="Hash">ECA06BE37963EA2A945EA34B99A59A38CB111611</COLUMN>
194      <COLUMN NAME="First seen here">7/29/2020 1:40:51 PM</COLUMN>
195    </RECORD>
196    <RECORD>
197      <COLUMN NAME="Time">7/30/2020 3:03:57 AM</COLUMN>
198      <COLUMN NAME="Scanner">Real-time file system protection</COLUMN>
199      <COLUMN NAME="Object type">file</COLUMN>
200      <COLUMN NAME="Object">\Device\HarddiskVolumeShadowCopy49\_sites\ortopedicagarbanzo.com\wp-content\themes\twentyseventeen\functions.php</COLUMN>
201      <COLUMN NAME="Detection">PHP/Agent.NJJ trojan</COLUMN>
202      <COLUMN NAME="Action">cleaned by deleting</COLUMN>
203      <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN>
204      <COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Windows\System32\wbengine.exe (97D02D3EEA8BA01A30134828E53F9EE94A3EB884).</COLUMN>
205      <COLUMN NAME="Hash">5606C20DE3C47762AB2CA87BED55326D865BCE00</COLUMN>
206      <COLUMN NAME="First seen here">7/29/2020 1:40:51 PM</COLUMN>
207    </RECORD>
208    <RECORD>
209      <COLUMN NAME="Time">7/30/2020 3:03:57 AM</COLUMN>
210      <COLUMN NAME="Scanner">Real-time file system protection</COLUMN>
211      <COLUMN NAME="Object type">file</COLUMN>
212      <COLUMN NAME="Object">\Device\HarddiskVolumeShadowCopy49\_sites\ortopedicagarbanzo.com\wp-content\themes\twentysixteen\functions.php</COLUMN>
213      <COLUMN NAME="Detection">PHP/Agent.NJJ trojan</COLUMN>
214      <COLUMN NAME="Action">cleaned by deleting</COLUMN>
215      <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN>
216      <COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Windows\System32\wbengine.exe (97D02D3EEA8BA01A30134828E53F9EE94A3EB884).</COLUMN>
217      <COLUMN NAME="Hash">A3F8924BDC6EEAA3A8DE6D4FEBADD7A0C33A5619</COLUMN>
218      <COLUMN NAME="First seen here">7/29/2020 1:40:51 PM</COLUMN>
219    </RECORD>
220    <RECORD>
221      <COLUMN NAME="Time">7/30/2020 3:03:58 AM</COLUMN>
222      <COLUMN NAME="Scanner">Real-time file system protection</COLUMN>
223      <COLUMN NAME="Object type">file</COLUMN>
224      <COLUMN NAME="Object">\Device\HarddiskVolumeShadowCopy49\_sites\ortopedicagarbanzo.com\wp-content\themes\twentytwenty\functions.php</COLUMN>
225      <COLUMN NAME="Detection">PHP/Agent.NJJ trojan</COLUMN>
226      <COLUMN NAME="Action">cleaned by deleting</COLUMN>
227      <COLUMN NAME="User">NT AUTHORITY\SYSTEM</COLUMN>
228      <COLUMN NAME="Information">Event occurred during an attempt to access the file by the application: C:\Windows\System32\wbengine.exe (97D02D3EEA8BA01A30134828E53F9EE94A3EB884).</COLUMN>
229      <COLUMN NAME="Hash">9336064FBA198976E8E6BCFC6F3E34E7212D1619</COLUMN>
230      <COLUMN NAME="First seen here">7/29/2020 1:40:51 PM</COLUMN>
231    </RECORD>
232 </LOG>
233</ESET>