3371	6/20/2019 3:08:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:07:04 PM	6/20/2019 3:07:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3372	6/20/2019 3:09:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:08:04 PM	6/20/2019 3:08:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3373	6/20/2019 3:10:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:09:04 PM	6/20/2019 3:09:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3374	6/20/2019 3:11:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:10:04 PM	6/20/2019 3:10:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3375	6/20/2019 3:12:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:11:04 PM	6/20/2019 3:11:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3376	6/20/2019 3:13:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:12:04 PM	6/20/2019 3:12:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3377	6/20/2019 3:14:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:13:04 PM	6/20/2019 3:13:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3378	6/20/2019 3:15:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:14:04 PM	6/20/2019 3:14:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3379	6/20/2019 3:16:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:15:04 PM	6/20/2019 3:15:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3380	6/20/2019 3:17:04 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:16:04 PM	6/20/2019 3:16:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3381	6/20/2019 3:18:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:17:04 PM	6/20/2019 3:17:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3382	6/20/2019 3:19:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:18:04 PM	6/20/2019 3:18:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3383	6/20/2019 3:20:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:19:04 PM	6/20/2019 3:19:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3384	6/20/2019 3:21:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:20:04 PM	6/20/2019 3:20:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3385	6/20/2019 3:22:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:21:04 PM	6/20/2019 3:21:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3386	6/20/2019 3:23:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:22:04 PM	6/20/2019 3:22:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3387	6/20/2019 3:24:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:23:04 PM	6/20/2019 3:23:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3388	6/20/2019 3:25:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:24:04 PM	6/20/2019 3:24:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3389	6/20/2019 3:25:17 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/20/2019 3:24:15 PM	6/20/2019 3:24:15 PM	LockDown	192.168.2.22	1080	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3390	6/20/2019 3:26:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:25:04 PM	6/20/2019 3:25:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3391	6/20/2019 3:27:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:26:04 PM	6/20/2019 3:26:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3392	6/20/2019 3:28:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:27:04 PM	6/20/2019 3:27:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3393	6/20/2019 3:29:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:28:04 PM	6/20/2019 3:28:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3394	6/20/2019 3:30:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:29:04 PM	6/20/2019 3:29:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3395	6/20/2019 3:31:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:30:04 PM	6/20/2019 3:30:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3396	6/20/2019 3:32:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:31:04 PM	6/20/2019 3:31:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3397	6/20/2019 3:33:04 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:32:04 PM	6/20/2019 3:32:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3398	6/20/2019 3:34:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:33:04 PM	6/20/2019 3:33:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3399	6/20/2019 3:35:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:34:04 PM	6/20/2019 3:34:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3400	6/20/2019 3:36:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:35:04 PM	6/20/2019 3:35:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3401	6/20/2019 3:37:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:36:04 PM	6/20/2019 3:36:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3402	6/20/2019 3:38:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:37:04 PM	6/20/2019 3:37:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3403	6/20/2019 3:39:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:38:04 PM	6/20/2019 3:38:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3404	6/20/2019 3:39:24 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=d3c21cd0c70dc36fdd8a61e4517a226d	File Write	0	6/20/2019 3:38:23 PM	6/20/2019 3:38:23 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	1028	C:\Windows\System32\msiexec.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Program Files (x86)\Manufacturer\Endpoint Agent	0 Bytes	Default	SYSTEM	GLSTR	Alert
3405	6/20/2019 3:40:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:39:04 PM	6/20/2019 3:39:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3406	6/20/2019 3:41:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:40:04 PM	6/20/2019 3:40:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3407	6/20/2019 3:42:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:41:04 PM	6/20/2019 3:41:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3408	6/20/2019 3:42:55 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/20/2019 3:41:54 PM	6/20/2019 3:41:54 PM	LockDown	192.168.2.22	1080	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3409	6/20/2019 3:43:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:42:04 PM	6/20/2019 3:42:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3410	6/20/2019 3:44:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:43:04 PM	6/20/2019 3:43:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3411	6/20/2019 3:45:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:44:04 PM	6/20/2019 3:44:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3412	6/20/2019 3:46:00 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/20/2019 3:44:57 PM	6/20/2019 3:44:57 PM	LockDown	192.168.2.22	1080	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3413	6/20/2019 3:46:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:45:04 PM	6/20/2019 3:45:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3414	6/20/2019 3:47:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:46:04 PM	6/20/2019 3:46:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3415	6/20/2019 3:48:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:47:04 PM	6/20/2019 3:47:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3416	6/20/2019 3:49:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:48:04 PM	6/20/2019 3:48:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3417	6/20/2019 3:49:25 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/20/2019 3:48:23 PM	6/20/2019 3:48:23 PM	LockDown	192.168.2.22	1080	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3418	6/20/2019 3:50:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:49:04 PM	6/20/2019 3:49:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3419	6/20/2019 3:51:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:50:04 PM	6/20/2019 3:50:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3420	6/20/2019 3:52:04 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:51:04 PM	6/20/2019 3:51:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3421	6/20/2019 3:53:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:52:04 PM	6/20/2019 3:52:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3422	6/20/2019 3:54:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:53:04 PM	6/20/2019 3:53:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3423	6/20/2019 3:55:04 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:54:04 PM	6/20/2019 3:54:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3424	6/20/2019 3:56:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:55:04 PM	6/20/2019 3:55:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3425	6/20/2019 3:57:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:56:04 PM	6/20/2019 3:56:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3426	6/20/2019 3:58:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:57:04 PM	6/20/2019 3:57:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3427	6/20/2019 3:59:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:58:04 PM	6/20/2019 3:58:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3428	6/20/2019 4:00:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 3:59:04 PM	6/20/2019 3:59:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3429	6/20/2019 4:00:33 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/20/2019 3:59:29 PM	6/20/2019 3:59:29 PM	LockDown	192.168.2.22	1084	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3430	6/20/2019 4:01:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:00:04 PM	6/20/2019 4:00:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3431	6/20/2019 4:02:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:01:04 PM	6/20/2019 4:01:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3432	6/20/2019 4:03:07 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/20/2019 4:02:02 PM	6/20/2019 4:02:02 PM	LockDown	192.168.2.22	1080	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3433	6/20/2019 4:03:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:02:04 PM	6/20/2019 4:02:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3434	6/20/2019 4:04:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:03:04 PM	6/20/2019 4:03:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3435	6/20/2019 4:05:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:04:04 PM	6/20/2019 4:04:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3436	6/20/2019 4:05:46 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/20/2019 4:04:43 PM	6/20/2019 4:04:43 PM	LockDown	192.168.2.22	1080	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3437	6/20/2019 4:06:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:05:04 PM	6/20/2019 4:05:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3438	6/20/2019 4:07:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:06:04 PM	6/20/2019 4:06:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3439	6/20/2019 4:08:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:07:04 PM	6/20/2019 4:07:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3440	6/20/2019 4:09:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:08:04 PM	6/20/2019 4:08:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3441	6/20/2019 4:10:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:09:04 PM	6/20/2019 4:09:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3442	6/20/2019 4:11:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:10:04 PM	6/20/2019 4:10:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3443	6/20/2019 4:12:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:11:04 PM	6/20/2019 4:11:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3444	6/20/2019 4:13:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:12:04 PM	6/20/2019 4:12:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3445	6/20/2019 4:14:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:13:04 PM	6/20/2019 4:13:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3446	6/20/2019 4:15:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:14:04 PM	6/20/2019 4:14:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3447	6/20/2019 4:16:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:15:04 PM	6/20/2019 4:15:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3448	6/20/2019 4:17:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:16:04 PM	6/20/2019 4:16:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3449	6/20/2019 4:18:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:17:04 PM	6/20/2019 4:17:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3450	6/20/2019 4:19:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:18:04 PM	6/20/2019 4:18:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3451	6/20/2019 4:20:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:19:04 PM	6/20/2019 4:19:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3452	6/20/2019 4:21:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:20:04 PM	6/20/2019 4:20:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3453	6/20/2019 4:22:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:21:04 PM	6/20/2019 4:21:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3454	6/20/2019 4:22:48 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/20/2019 4:21:43 PM	6/20/2019 4:21:43 PM	LockDown	192.168.2.22	1080	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3455	6/20/2019 4:23:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:22:04 PM	6/20/2019 4:22:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3456	6/20/2019 4:24:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:23:04 PM	6/20/2019 4:23:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3457	6/20/2019 4:25:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:24:04 PM	6/20/2019 4:24:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3458	6/20/2019 4:26:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:25:04 PM	6/20/2019 4:25:04 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3459	6/20/2019 4:27:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:26:05 PM	6/20/2019 4:26:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3460	6/20/2019 4:28:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:27:05 PM	6/20/2019 4:27:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3461	6/20/2019 4:29:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:28:05 PM	6/20/2019 4:28:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3462	6/20/2019 4:30:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:29:05 PM	6/20/2019 4:29:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3463	6/20/2019 4:31:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:30:05 PM	6/20/2019 4:30:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3464	6/20/2019 4:32:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:31:05 PM	6/20/2019 4:31:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3465	6/20/2019 4:33:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:32:05 PM	6/20/2019 4:32:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3466	6/20/2019 4:34:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:33:05 PM	6/20/2019 4:33:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3467	6/20/2019 4:35:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:34:05 PM	6/20/2019 4:34:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3468	6/20/2019 4:36:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:35:05 PM	6/20/2019 4:35:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3469	6/20/2019 4:37:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:36:05 PM	6/20/2019 4:36:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3470	6/20/2019 4:38:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:37:05 PM	6/20/2019 4:37:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3471	6/20/2019 4:39:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:38:05 PM	6/20/2019 4:38:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3472	6/20/2019 4:40:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:39:05 PM	6/20/2019 4:39:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3473	6/20/2019 4:41:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:40:05 PM	6/20/2019 4:40:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3474	6/20/2019 4:42:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:41:05 PM	6/20/2019 4:41:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3475	6/20/2019 4:43:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:42:05 PM	6/20/2019 4:42:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3476	6/20/2019 4:44:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:43:05 PM	6/20/2019 4:43:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3477	6/20/2019 4:45:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:44:05 PM	6/20/2019 4:44:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3478	6/20/2019 4:46:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:45:05 PM	6/20/2019 4:45:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3479	6/20/2019 4:47:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:46:05 PM	6/20/2019 4:46:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3480	6/20/2019 4:48:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:47:05 PM	6/20/2019 4:47:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3481	6/20/2019 4:49:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:48:05 PM	6/20/2019 4:48:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3482	6/20/2019 4:50:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:49:05 PM	6/20/2019 4:49:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3483	6/20/2019 4:51:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:50:05 PM	6/20/2019 4:50:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3484	6/20/2019 4:52:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:51:05 PM	6/20/2019 4:51:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3485	6/20/2019 4:53:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:52:05 PM	6/20/2019 4:52:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3486	6/20/2019 4:54:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:53:05 PM	6/20/2019 4:53:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3487	6/20/2019 4:55:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:54:05 PM	6/20/2019 4:54:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3488	6/20/2019 4:56:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:55:05 PM	6/20/2019 4:55:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3489	6/20/2019 4:57:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:56:05 PM	6/20/2019 4:56:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3490	6/20/2019 4:57:22 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/20/2019 4:56:19 PM	6/20/2019 4:56:19 PM	LockDown	192.168.2.22	1080	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3491	6/20/2019 4:58:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:57:05 PM	6/20/2019 4:57:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3492	6/20/2019 4:59:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:58:05 PM	6/20/2019 4:58:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3493	6/20/2019 5:00:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 4:59:05 PM	6/20/2019 4:59:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3494	6/20/2019 5:00:16 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/20/2019 4:59:13 PM	6/20/2019 4:59:13 PM	LockDown	192.168.2.22	1080	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3495	6/20/2019 5:01:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:00:05 PM	6/20/2019 5:00:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3496	6/20/2019 5:02:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:01:05 PM	6/20/2019 5:01:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3497	6/20/2019 5:03:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:02:05 PM	6/20/2019 5:02:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3498	6/20/2019 5:03:57 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/20/2019 5:02:53 PM	6/20/2019 5:02:53 PM	LockDown	192.168.2.22	1080	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3499	6/20/2019 5:04:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:03:05 PM	6/20/2019 5:03:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3500	6/20/2019 5:05:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:04:05 PM	6/20/2019 5:04:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3501	6/20/2019 5:06:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:05:05 PM	6/20/2019 5:05:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3502	6/20/2019 5:06:15 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/20/2019 5:05:11 PM	6/20/2019 5:05:11 PM	LockDown	192.168.2.22	1080	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3503	6/20/2019 5:07:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:06:05 PM	6/20/2019 5:06:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3504	6/20/2019 5:08:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:07:05 PM	6/20/2019 5:07:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3505	6/20/2019 5:08:23 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/20/2019 5:07:22 PM	6/20/2019 5:07:22 PM	LockDown	192.168.2.22	1080	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3506	6/20/2019 5:09:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:08:05 PM	6/20/2019 5:08:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3507	6/20/2019 5:10:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:09:05 PM	6/20/2019 5:09:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3508	6/20/2019 5:11:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:10:05 PM	6/20/2019 5:10:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3509	6/20/2019 5:12:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:11:05 PM	6/20/2019 5:11:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3510	6/20/2019 5:12:14 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/20/2019 5:11:10 PM	6/20/2019 5:11:10 PM	LockDown	192.168.2.22	1080	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3511	6/20/2019 5:13:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:12:05 PM	6/20/2019 5:12:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3512	6/20/2019 5:13:52 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/20/2019 5:12:47 PM	6/20/2019 5:12:47 PM	LockDown	192.168.2.22	1080	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3513	6/20/2019 5:14:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:13:05 PM	6/20/2019 5:13:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3514	6/20/2019 5:15:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:14:05 PM	6/20/2019 5:14:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3515	6/20/2019 5:16:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:15:05 PM	6/20/2019 5:15:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3516	6/20/2019 5:17:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:16:05 PM	6/20/2019 5:16:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3517	6/20/2019 5:18:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:17:05 PM	6/20/2019 5:17:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3518	6/20/2019 5:19:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:18:05 PM	6/20/2019 5:18:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3519	6/20/2019 5:20:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:19:05 PM	6/20/2019 5:19:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3520	6/20/2019 5:21:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:20:05 PM	6/20/2019 5:20:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3521	6/20/2019 5:22:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:21:05 PM	6/20/2019 5:21:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3522	6/20/2019 5:23:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:22:05 PM	6/20/2019 5:22:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3523	6/20/2019 5:24:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:23:05 PM	6/20/2019 5:23:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3524	6/20/2019 5:25:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:24:05 PM	6/20/2019 5:24:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3525	6/20/2019 5:26:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:25:05 PM	6/20/2019 5:25:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3526	6/20/2019 5:27:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:26:05 PM	6/20/2019 5:26:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3527	6/20/2019 5:28:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:27:05 PM	6/20/2019 5:27:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3528	6/20/2019 5:29:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:28:05 PM	6/20/2019 5:28:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3529	6/20/2019 5:30:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:29:05 PM	6/20/2019 5:29:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3530	6/20/2019 5:31:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:30:05 PM	6/20/2019 5:30:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3531	6/20/2019 5:32:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=d3c21cd0c70dc36fdd8a61e4517a226d	File Write	0	6/20/2019 5:31:01 PM	6/20/2019 5:31:01 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	19760	C:\Windows\System32\msiexec.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Program Files (x86)\Manufacturer\Endpoint Agent	0 Bytes	Default	SYSTEM	GLSTR	Alert
3532	6/20/2019 5:32:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:31:05 PM	6/20/2019 5:31:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3533	6/20/2019 5:33:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:32:05 PM	6/20/2019 5:32:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3534	6/20/2019 5:34:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:33:05 PM	6/20/2019 5:33:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3535	6/20/2019 5:35:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:34:05 PM	6/20/2019 5:34:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3536	6/20/2019 5:36:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:35:05 PM	6/20/2019 5:35:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3537	6/20/2019 5:37:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:36:05 PM	6/20/2019 5:36:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3538	6/20/2019 5:38:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:37:05 PM	6/20/2019 5:37:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3539	6/20/2019 5:39:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:38:05 PM	6/20/2019 5:38:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3540	6/20/2019 5:40:02 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/20/2019 5:38:57 PM	6/20/2019 5:38:57 PM	LockDown	192.168.2.22	1084	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3541	6/20/2019 5:40:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:39:05 PM	6/20/2019 5:39:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3542	6/20/2019 5:41:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:40:05 PM	6/20/2019 5:40:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3543	6/20/2019 5:42:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:41:05 PM	6/20/2019 5:41:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3544	6/20/2019 5:43:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:42:05 PM	6/20/2019 5:42:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3545	6/20/2019 5:44:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:43:05 PM	6/20/2019 5:43:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3546	6/20/2019 5:45:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:44:05 PM	6/20/2019 5:44:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3547	6/20/2019 5:46:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:45:05 PM	6/20/2019 5:45:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3548	6/20/2019 5:47:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:46:05 PM	6/20/2019 5:46:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3549	6/20/2019 5:47:33 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/20/2019 5:46:30 PM	6/20/2019 5:46:30 PM	LockDown	192.168.2.22	1080	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3550	6/20/2019 5:48:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:47:05 PM	6/20/2019 5:47:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3551	6/20/2019 5:49:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:48:05 PM	6/20/2019 5:48:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3552	6/20/2019 5:50:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:49:05 PM	6/20/2019 5:49:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3553	6/20/2019 5:51:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:50:05 PM	6/20/2019 5:50:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3554	6/20/2019 5:52:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:51:05 PM	6/20/2019 5:51:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3555	6/20/2019 5:52:26 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/20/2019 5:51:25 PM	6/20/2019 5:51:25 PM	LockDown	192.168.2.22	1080	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3556	6/20/2019 5:53:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:52:05 PM	6/20/2019 5:52:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3557	6/20/2019 5:54:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:53:05 PM	6/20/2019 5:53:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3558	6/20/2019 5:54:34 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/20/2019 5:53:29 PM	6/20/2019 5:53:29 PM	LockDown	192.168.2.22	1084	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3559	6/20/2019 5:55:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:54:05 PM	6/20/2019 5:54:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3560	6/20/2019 5:56:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:55:05 PM	6/20/2019 5:55:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3561	6/20/2019 5:57:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:56:05 PM	6/20/2019 5:56:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3562	6/20/2019 5:58:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:57:05 PM	6/20/2019 5:57:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3563	6/20/2019 5:59:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:58:05 PM	6/20/2019 5:58:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3564	6/20/2019 6:00:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 5:59:05 PM	6/20/2019 5:59:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3565	6/20/2019 6:01:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 6:00:05 PM	6/20/2019 6:00:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3566	6/20/2019 6:02:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 6:01:05 PM	6/20/2019 6:01:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3567	6/20/2019 6:03:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 6:02:05 PM	6/20/2019 6:02:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3568	6/20/2019 6:04:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 6:03:05 PM	6/20/2019 6:03:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3569	6/20/2019 6:05:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 6:04:05 PM	6/20/2019 6:04:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3570	6/20/2019 6:06:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 6:05:05 PM	6/20/2019 6:05:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3571	6/20/2019 6:07:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 6:06:05 PM	6/20/2019 6:06:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3572	6/20/2019 6:08:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 6:07:05 PM	6/20/2019 6:07:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3573	6/20/2019 6:09:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 6:08:05 PM	6/20/2019 6:08:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3574	6/20/2019 6:10:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 6:09:05 PM	6/20/2019 6:09:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3575	6/20/2019 6:11:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 6:10:05 PM	6/20/2019 6:10:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3576	6/20/2019 6:12:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 6:11:05 PM	6/20/2019 6:11:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3577	6/20/2019 6:13:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 6:12:05 PM	6/20/2019 6:12:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3578	6/20/2019 6:14:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 6:13:05 PM	6/20/2019 6:13:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3579	6/20/2019 6:14:14 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/20/2019 6:13:11 PM	6/20/2019 6:13:11 PM	LockDown	192.168.2.22	1080	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3580	6/20/2019 6:15:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 6:14:05 PM	6/20/2019 6:14:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3581	6/20/2019 6:16:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 6:15:05 PM	6/20/2019 6:15:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3582	6/20/2019 6:17:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 6:16:05 PM	6/20/2019 6:16:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3583	6/20/2019 6:18:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 6:17:05 PM	6/20/2019 6:17:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3584	6/20/2019 6:19:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 6:18:05 PM	6/20/2019 6:18:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3585	6/20/2019 6:20:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 6:19:05 PM	6/20/2019 6:19:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3586	6/20/2019 6:21:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 6:20:05 PM	6/20/2019 6:20:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3587	6/20/2019 6:22:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 6:21:05 PM	6/20/2019 6:21:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3588	6/20/2019 6:23:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 6:22:05 PM	6/20/2019 6:22:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3589	6/20/2019 6:24:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 6:23:05 PM	6/20/2019 6:23:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3590	6/20/2019 6:25:06 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 6:24:05 PM	6/20/2019 6:24:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3591	6/20/2019 6:26:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 6:25:05 PM	6/20/2019 6:25:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3592	6/20/2019 6:27:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 6:26:05 PM	6/20/2019 6:26:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3593	6/20/2019 6:28:05 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 6:27:05 PM	6/20/2019 6:27:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3594	6/20/2019 6:29:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 6:28:05 PM	6/20/2019 6:28:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3595	6/20/2019 6:30:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 6:29:05 PM	6/20/2019 6:29:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3596	6/20/2019 6:30:55 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/20/2019 6:29:49 PM	6/20/2019 6:29:50 PM	LockDown	192.168.2.22	1084	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3597	6/20/2019 6:31:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 6:30:05 PM	6/20/2019 6:30:05 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3598	6/20/2019 6:31:28 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/20/2019 6:31:05 PM	6/20/2019 6:31:25 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	6184	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3599	6/21/2019 8:52:59 AM	Kernel Event	15	Continue	Production	Application and Device Control is ready	System	0	6/21/2019 8:52:44 AM	6/21/2019 8:52:44 AM	Built-in rule	0.0.0.0	0	SysPlant		None	0 Bytes	None	None	GLSTR	Alert
3600	6/21/2019 8:52:59 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:52:57 AM	6/21/2019 8:52:57 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	0.0.0.0	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3601	6/21/2019 8:52:59 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:52:57 AM	6/21/2019 8:52:57 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	0.0.0.0	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3602	6/21/2019 8:54:08 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="NVCPL.DLL,NvStartupRunOnFirstSessionUserAccount"	Create Process	0	6/21/2019 8:53:06 AM	6/21/2019 8:53:06 AM	LockDown	192.168.2.22	3192	C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3603	6/21/2019 8:54:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:53:07 AM	6/21/2019 8:53:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3604	6/21/2019 8:55:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:54:09 AM	6/21/2019 8:54:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3605	6/21/2019 8:56:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:55:09 AM	6/21/2019 8:55:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3606	6/21/2019 8:57:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:56:09 AM	6/21/2019 8:56:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3607	6/21/2019 8:58:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:57:09 AM	6/21/2019 8:57:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3608	6/21/2019 8:59:23 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding"	Create Process	0	6/21/2019 8:58:20 AM	6/21/2019 8:58:20 AM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3609	6/21/2019 8:59:23 AM	User Event	0	Block	Production	Autorun has been blocked.  Check the Control Log for more details. - Caller MD5=c8fb56b60458b09c1caebd4daf1ac8bb	File Read	0	6/21/2019 8:58:21 AM	6/21/2019 8:58:21 AM	Explorer | [AC9-1.1] Autorun.inf	192.168.2.22	9888	C:\Windows\explorer.exe	USBSTOR\Disk&Ven_iODD&Prod__External_HDD&Rev_\______XX00000001&1	Z:\Autorun.inf	0 Bytes	Default	ali.geyik	GLSTR	Alert
3610	6/21/2019 9:00:47 AM	User Event	0	Block	Production	Autorun has been blocked.  Check the Control Log for more details. - Caller MD5=c8fb56b60458b09c1caebd4daf1ac8bb	File Read	0	6/21/2019 8:59:43 AM	6/21/2019 8:59:43 AM	Explorer | [AC9-1.1] Autorun.inf	192.168.2.22	9888	C:\Windows\explorer.exe	USBSTOR\Disk&Ven_SanDisk&Prod_Ultra_Fit&Rev_1.00\4C530001070223116203&0	E:\Autorun.inf	0 Bytes	Default	ali.geyik	GLSTR	Alert
3611	6/21/2019 9:00:52 AM	User Event	0	Block	Production	Autorun has been blocked.  Check the Control Log for more details. - Caller MD5=c8fb56b60458b09c1caebd4daf1ac8bb	File Read	0	6/21/2019 8:59:49 AM	6/21/2019 8:59:50 AM	Explorer | [AC9-1.1] Autorun.inf	192.168.2.22	9888	C:\Windows\explorer.exe	USBSTOR\Disk&Ven_SanDisk&Prod_Ultra_Fit&Rev_1.00\4C530001180318112425&0	H:\autorun.inf	0 Bytes	Default	ali.geyik	GLSTR	Alert
3612	6/21/2019 9:00:57 AM	User Event	0	Block	Production	Autorun has been blocked.  Check the Control Log for more details. - Caller MD5=c8fb56b60458b09c1caebd4daf1ac8bb	File Read	0	6/21/2019 8:59:48 AM	6/21/2019 8:59:56 AM	Explorer | [AC9-1.1] Autorun.inf	192.168.2.22	9888	C:\Windows\explorer.exe	USBSTOR\Disk&Ven_SanDisk&Prod_Ultra_Fit&Rev_1.00\4C530001180318112425&0	F:\autorun.inf	0 Bytes	Default	ali.geyik	GLSTR	Alert
3613	6/21/2019 9:04:58 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 9:03:50 AM	6/21/2019 9:03:57 AM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3614	6/21/2019 9:05:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:58:09 AM	6/21/2019 9:04:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3615	6/21/2019 9:06:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:05:09 AM	6/21/2019 9:05:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3616	6/21/2019 9:07:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:06:09 AM	6/21/2019 9:06:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3617	6/21/2019 9:08:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:07:09 AM	6/21/2019 9:07:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3618	6/21/2019 9:09:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:08:09 AM	6/21/2019 9:08:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3619	6/21/2019 9:10:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:09:09 AM	6/21/2019 9:09:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3620	6/21/2019 9:11:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:10:09 AM	6/21/2019 9:10:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3621	6/21/2019 9:12:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:11:09 AM	6/21/2019 9:11:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3622	6/21/2019 9:13:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:12:09 AM	6/21/2019 9:12:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3623	6/21/2019 9:14:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:13:09 AM	6/21/2019 9:13:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3624	6/21/2019 9:15:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:14:09 AM	6/21/2019 9:14:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3625	6/21/2019 9:16:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:15:09 AM	6/21/2019 9:15:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3626	6/21/2019 9:17:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:16:09 AM	6/21/2019 9:16:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3627	6/21/2019 9:18:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:17:09 AM	6/21/2019 9:17:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3628	6/21/2019 9:19:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:18:09 AM	6/21/2019 9:18:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3629	6/21/2019 9:20:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:19:09 AM	6/21/2019 9:19:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3630	6/21/2019 9:20:53 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 9:19:41 AM	6/21/2019 9:19:52 AM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3631	6/21/2019 9:21:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:20:09 AM	6/21/2019 9:20:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3632	6/21/2019 9:22:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:21:09 AM	6/21/2019 9:21:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3633	6/21/2019 9:23:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:22:09 AM	6/21/2019 9:22:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3634	6/21/2019 9:24:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:23:09 AM	6/21/2019 9:23:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3635	6/21/2019 9:25:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:24:09 AM	6/21/2019 9:24:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3636	6/21/2019 9:26:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:25:09 AM	6/21/2019 9:25:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3637	6/21/2019 9:27:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:26:09 AM	6/21/2019 9:26:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3638	6/21/2019 9:28:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:27:09 AM	6/21/2019 9:27:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3639	6/21/2019 9:29:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:28:09 AM	6/21/2019 9:28:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3640	6/21/2019 9:30:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:29:09 AM	6/21/2019 9:29:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3641	6/21/2019 9:31:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:30:09 AM	6/21/2019 9:30:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3642	6/21/2019 9:32:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:31:09 AM	6/21/2019 9:31:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3643	6/21/2019 9:33:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:32:09 AM	6/21/2019 9:32:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3644	6/21/2019 9:34:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:33:09 AM	6/21/2019 9:33:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3645	6/21/2019 9:35:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:34:09 AM	6/21/2019 9:34:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3646	6/21/2019 9:36:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:35:09 AM	6/21/2019 9:35:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3647	6/21/2019 9:37:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:36:09 AM	6/21/2019 9:36:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3648	6/21/2019 9:38:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:37:09 AM	6/21/2019 9:37:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3649	6/21/2019 9:39:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:38:09 AM	6/21/2019 9:38:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3650	6/21/2019 9:40:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:39:09 AM	6/21/2019 9:39:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3651	6/21/2019 9:41:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:40:09 AM	6/21/2019 9:40:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3652	6/21/2019 9:42:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:41:09 AM	6/21/2019 9:41:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3653	6/21/2019 9:43:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:42:09 AM	6/21/2019 9:42:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3654	6/21/2019 9:44:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:43:09 AM	6/21/2019 9:43:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3655	6/21/2019 9:45:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:44:09 AM	6/21/2019 9:44:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3656	6/21/2019 9:46:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:45:09 AM	6/21/2019 9:45:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3657	6/21/2019 9:47:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:46:09 AM	6/21/2019 9:46:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3658	6/21/2019 9:48:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:47:09 AM	6/21/2019 9:47:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3659	6/21/2019 9:49:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:48:09 AM	6/21/2019 9:48:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3660	6/21/2019 9:50:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:49:09 AM	6/21/2019 9:49:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3661	6/21/2019 9:51:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:50:09 AM	6/21/2019 9:50:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3662	6/21/2019 9:52:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:51:09 AM	6/21/2019 9:51:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3663	6/21/2019 9:52:53 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 9:51:47 AM	6/21/2019 9:51:50 AM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3664	6/21/2019 9:53:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:52:09 AM	6/21/2019 9:52:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3665	6/21/2019 9:54:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:53:09 AM	6/21/2019 9:53:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3666	6/21/2019 9:55:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:54:09 AM	6/21/2019 9:54:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3667	6/21/2019 9:55:32 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 9:54:17 AM	6/21/2019 9:54:29 AM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3668	6/21/2019 9:56:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:55:09 AM	6/21/2019 9:55:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3669	6/21/2019 9:57:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:56:09 AM	6/21/2019 9:56:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3670	6/21/2019 9:58:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:57:09 AM	6/21/2019 9:57:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3671	6/21/2019 9:59:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:58:09 AM	6/21/2019 9:58:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3672	6/21/2019 10:00:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:59:09 AM	6/21/2019 9:59:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3673	6/21/2019 10:01:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:00:09 AM	6/21/2019 10:00:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3674	6/21/2019 10:02:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:01:09 AM	6/21/2019 10:01:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3675	6/21/2019 10:03:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:02:09 AM	6/21/2019 10:02:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3676	6/21/2019 10:03:55 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 10:01:46 AM	6/21/2019 10:02:50 AM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3677	6/21/2019 10:04:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:03:09 AM	6/21/2019 10:03:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3678	6/21/2019 10:05:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:04:09 AM	6/21/2019 10:04:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3679	6/21/2019 10:06:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:05:09 AM	6/21/2019 10:05:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3680	6/21/2019 10:07:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:06:09 AM	6/21/2019 10:06:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3681	6/21/2019 10:07:31 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 10:04:48 AM	6/21/2019 10:06:30 AM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3682	6/21/2019 10:08:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:07:09 AM	6/21/2019 10:07:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3683	6/21/2019 10:09:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:08:09 AM	6/21/2019 10:08:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3684	6/21/2019 10:10:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:09:09 AM	6/21/2019 10:09:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3685	6/21/2019 10:11:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:10:09 AM	6/21/2019 10:10:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3686	6/21/2019 10:11:16 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 10:09:26 AM	6/21/2019 10:10:16 AM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3687	6/21/2019 10:12:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:11:09 AM	6/21/2019 10:11:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3688	6/21/2019 10:13:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:12:09 AM	6/21/2019 10:12:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3689	6/21/2019 10:14:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:13:09 AM	6/21/2019 10:13:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3690	6/21/2019 10:14:42 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 10:13:28 AM	6/21/2019 10:13:38 AM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3691	6/21/2019 10:15:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:14:09 AM	6/21/2019 10:14:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3692	6/21/2019 10:15:43 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments=""C:\Windows\Installer\MSI15EA.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4921265 143 RaiDrive.CA.CBFS!RaiDrive.Installer.PackageHandler.FirstTimeInstall"	Create Process	0	6/21/2019 10:14:42 AM	6/21/2019 10:14:42 AM	LockDown	192.168.2.22	15492	C:\Windows\System32\msiexec.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3693	6/21/2019 10:16:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:15:09 AM	6/21/2019 10:15:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3694	6/21/2019 10:17:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:16:09 AM	6/21/2019 10:16:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3695	6/21/2019 10:18:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:17:09 AM	6/21/2019 10:17:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3696	6/21/2019 10:19:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:18:09 AM	6/21/2019 10:18:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3697	6/21/2019 10:20:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:19:09 AM	6/21/2019 10:19:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3698	6/21/2019 10:21:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:20:09 AM	6/21/2019 10:20:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3699	6/21/2019 10:22:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:21:09 AM	6/21/2019 10:21:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3700	6/21/2019 10:23:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:22:09 AM	6/21/2019 10:22:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3701	6/21/2019 10:23:41 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 10:15:59 AM	6/21/2019 10:22:40 AM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3702	6/21/2019 10:24:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:23:09 AM	6/21/2019 10:23:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3703	6/21/2019 10:25:08 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 10:24:05 AM	6/21/2019 10:24:07 AM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3704	6/21/2019 10:25:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:24:09 AM	6/21/2019 10:24:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3705	6/21/2019 10:26:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:25:09 AM	6/21/2019 10:25:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3706	6/21/2019 10:27:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:26:09 AM	6/21/2019 10:26:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3707	6/21/2019 10:28:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:27:09 AM	6/21/2019 10:27:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3708	6/21/2019 10:29:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:28:09 AM	6/21/2019 10:28:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3709	6/21/2019 10:30:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:29:09 AM	6/21/2019 10:29:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3710	6/21/2019 10:31:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:30:09 AM	6/21/2019 10:30:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3711	6/21/2019 10:32:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:31:09 AM	6/21/2019 10:31:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3712	6/21/2019 10:33:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:32:09 AM	6/21/2019 10:32:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3713	6/21/2019 10:34:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:33:09 AM	6/21/2019 10:33:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3714	6/21/2019 10:34:43 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 10:33:28 AM	6/21/2019 10:33:42 AM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3715	6/21/2019 10:35:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:34:09 AM	6/21/2019 10:34:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3716	6/21/2019 10:36:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:35:09 AM	6/21/2019 10:35:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3717	6/21/2019 10:37:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:36:09 AM	6/21/2019 10:36:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3718	6/21/2019 10:38:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:37:09 AM	6/21/2019 10:37:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3719	6/21/2019 10:39:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:38:09 AM	6/21/2019 10:38:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3720	6/21/2019 10:40:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:39:09 AM	6/21/2019 10:39:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3721	6/21/2019 10:41:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:40:09 AM	6/21/2019 10:40:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3722	6/21/2019 10:42:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:41:09 AM	6/21/2019 10:41:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3723	6/21/2019 10:43:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:42:09 AM	6/21/2019 10:42:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3724	6/21/2019 10:44:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:43:09 AM	6/21/2019 10:43:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3725	6/21/2019 10:45:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:44:09 AM	6/21/2019 10:44:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3726	6/21/2019 10:46:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:45:09 AM	6/21/2019 10:45:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3727	6/21/2019 10:47:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:46:09 AM	6/21/2019 10:46:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3728	6/21/2019 10:48:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:47:09 AM	6/21/2019 10:47:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3729	6/21/2019 10:49:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:48:09 AM	6/21/2019 10:48:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3730	6/21/2019 10:50:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:49:09 AM	6/21/2019 10:49:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3731	6/21/2019 10:51:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:50:09 AM	6/21/2019 10:50:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3732	6/21/2019 10:52:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:51:09 AM	6/21/2019 10:51:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3733	6/21/2019 10:53:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:52:09 AM	6/21/2019 10:52:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3734	6/21/2019 10:54:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:53:09 AM	6/21/2019 10:53:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3735	6/21/2019 10:55:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:54:09 AM	6/21/2019 10:54:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3736	6/21/2019 10:56:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:55:09 AM	6/21/2019 10:55:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3737	6/21/2019 10:57:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:56:09 AM	6/21/2019 10:56:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3738	6/21/2019 10:58:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:57:09 AM	6/21/2019 10:57:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3739	6/21/2019 10:59:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:58:09 AM	6/21/2019 10:58:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3740	6/21/2019 11:00:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:59:09 AM	6/21/2019 10:59:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3741	6/21/2019 11:01:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:00:09 AM	6/21/2019 11:00:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3742	6/21/2019 11:01:23 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 11:00:22 AM	6/21/2019 11:00:22 AM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3743	6/21/2019 11:02:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:01:09 AM	6/21/2019 11:01:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3744	6/21/2019 11:03:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:02:09 AM	6/21/2019 11:02:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3745	6/21/2019 11:04:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:03:09 AM	6/21/2019 11:03:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3746	6/21/2019 11:05:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:04:09 AM	6/21/2019 11:04:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3747	6/21/2019 11:06:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:05:09 AM	6/21/2019 11:05:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3748	6/21/2019 11:07:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:06:09 AM	6/21/2019 11:06:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3749	6/21/2019 11:08:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:07:09 AM	6/21/2019 11:07:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3750	6/21/2019 11:09:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:08:09 AM	6/21/2019 11:08:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3751	6/21/2019 11:10:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:09:09 AM	6/21/2019 11:09:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3752	6/21/2019 11:11:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:10:09 AM	6/21/2019 11:10:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3753	6/21/2019 11:12:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:11:09 AM	6/21/2019 11:11:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3754	6/21/2019 11:13:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:12:09 AM	6/21/2019 11:12:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3755	6/21/2019 11:14:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:13:09 AM	6/21/2019 11:13:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3756	6/21/2019 11:15:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:14:09 AM	6/21/2019 11:14:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3757	6/21/2019 11:16:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:15:09 AM	6/21/2019 11:15:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3758	6/21/2019 11:17:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:16:09 AM	6/21/2019 11:16:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3759	6/21/2019 11:18:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:17:09 AM	6/21/2019 11:17:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3760	6/21/2019 11:19:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:18:09 AM	6/21/2019 11:18:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3761	6/21/2019 11:20:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:19:09 AM	6/21/2019 11:19:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3762	6/21/2019 11:21:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:20:09 AM	6/21/2019 11:20:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3763	6/21/2019 11:22:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:21:09 AM	6/21/2019 11:21:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3764	6/21/2019 11:23:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:22:09 AM	6/21/2019 11:22:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3765	6/21/2019 11:24:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:23:09 AM	6/21/2019 11:23:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3766	6/21/2019 11:25:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:24:09 AM	6/21/2019 11:24:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3767	6/21/2019 11:26:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:25:09 AM	6/21/2019 11:25:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3768	6/21/2019 11:27:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:26:09 AM	6/21/2019 11:26:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3769	6/21/2019 11:28:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:27:09 AM	6/21/2019 11:27:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3770	6/21/2019 11:29:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:28:09 AM	6/21/2019 11:28:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3771	6/21/2019 11:30:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:29:09 AM	6/21/2019 11:29:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3772	6/21/2019 11:31:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:30:09 AM	6/21/2019 11:30:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3773	6/21/2019 11:31:49 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 11:30:19 AM	6/21/2019 11:30:49 AM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3774	6/21/2019 11:32:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:31:09 AM	6/21/2019 11:31:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3775	6/21/2019 11:33:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:32:09 AM	6/21/2019 11:32:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3776	6/21/2019 11:34:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:33:09 AM	6/21/2019 11:33:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3777	6/21/2019 11:35:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:34:09 AM	6/21/2019 11:34:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3778	6/21/2019 11:35:25 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 11:33:34 AM	6/21/2019 11:34:24 AM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3779	6/21/2019 11:36:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:35:09 AM	6/21/2019 11:35:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3780	6/21/2019 11:37:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:36:09 AM	6/21/2019 11:36:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3781	6/21/2019 11:38:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:37:09 AM	6/21/2019 11:37:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3782	6/21/2019 11:39:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:38:09 AM	6/21/2019 11:38:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3783	6/21/2019 11:39:16 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 11:35:33 AM	6/21/2019 11:38:12 AM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3784	6/21/2019 11:40:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:39:09 AM	6/21/2019 11:39:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3785	6/21/2019 11:41:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:40:09 AM	6/21/2019 11:40:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3786	6/21/2019 11:42:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:41:09 AM	6/21/2019 11:41:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3787	6/21/2019 11:42:15 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 11:41:11 AM	6/21/2019 11:41:11 AM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3788	6/21/2019 11:43:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:42:09 AM	6/21/2019 11:42:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3789	6/21/2019 11:44:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:43:09 AM	6/21/2019 11:43:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3790	6/21/2019 11:45:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:44:09 AM	6/21/2019 11:44:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3791	6/21/2019 11:45:35 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 11:44:15 AM	6/21/2019 11:44:30 AM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3792	6/21/2019 11:46:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:45:09 AM	6/21/2019 11:45:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3793	6/21/2019 11:47:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:46:09 AM	6/21/2019 11:46:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3794	6/21/2019 11:48:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:47:09 AM	6/21/2019 11:47:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3795	6/21/2019 11:48:19 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 11:45:54 AM	6/21/2019 11:47:15 AM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3796	6/21/2019 11:49:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:48:09 AM	6/21/2019 11:48:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3797	6/21/2019 11:50:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:49:09 AM	6/21/2019 11:49:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3798	6/21/2019 11:51:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:50:09 AM	6/21/2019 11:50:09 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3799	6/21/2019 11:52:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:51:10 AM	6/21/2019 11:51:10 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3800	6/21/2019 11:53:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:52:10 AM	6/21/2019 11:52:10 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3801	6/21/2019 11:54:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:53:10 AM	6/21/2019 11:53:10 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3802	6/21/2019 11:54:34 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 11:53:13 AM	6/21/2019 11:53:33 AM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3803	6/21/2019 11:55:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:54:10 AM	6/21/2019 11:54:10 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3804	6/21/2019 11:56:06 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 11:55:05 AM	6/21/2019 11:55:06 AM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3805	6/21/2019 11:56:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:55:10 AM	6/21/2019 11:55:10 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3806	6/21/2019 11:57:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:56:10 AM	6/21/2019 11:56:10 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3807	6/21/2019 11:58:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:57:10 AM	6/21/2019 11:57:10 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3808	6/21/2019 11:59:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:58:10 AM	6/21/2019 11:58:10 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3809	6/21/2019 12:00:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:59:10 AM	6/21/2019 11:59:10 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3810	6/21/2019 12:01:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:00:10 PM	6/21/2019 12:00:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3811	6/21/2019 12:02:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:01:10 PM	6/21/2019 12:01:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3812	6/21/2019 12:03:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:02:10 PM	6/21/2019 12:02:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3813	6/21/2019 12:05:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:03:10 PM	6/21/2019 12:04:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3814	6/21/2019 12:06:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:05:10 PM	6/21/2019 12:05:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3815	6/21/2019 12:07:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:06:10 PM	6/21/2019 12:06:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3816	6/21/2019 12:08:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:07:10 PM	6/21/2019 12:07:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3817	6/21/2019 12:09:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:08:10 PM	6/21/2019 12:08:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3818	6/21/2019 12:10:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:09:10 PM	6/21/2019 12:09:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3819	6/21/2019 12:16:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:10:10 PM	6/21/2019 12:15:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3820	6/21/2019 12:17:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:16:10 PM	6/21/2019 12:16:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3821	6/21/2019 12:18:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:17:10 PM	6/21/2019 12:17:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3822	6/21/2019 12:19:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:18:10 PM	6/21/2019 12:18:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3823	6/21/2019 12:20:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:19:10 PM	6/21/2019 12:19:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3824	6/21/2019 12:21:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:20:10 PM	6/21/2019 12:20:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3825	6/21/2019 12:22:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:21:10 PM	6/21/2019 12:21:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3826	6/21/2019 12:23:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:22:10 PM	6/21/2019 12:22:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3827	6/21/2019 12:24:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:23:10 PM	6/21/2019 12:23:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3828	6/21/2019 12:25:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:24:10 PM	6/21/2019 12:24:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3829	6/21/2019 12:26:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:25:10 PM	6/21/2019 12:25:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3830	6/21/2019 12:27:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:26:10 PM	6/21/2019 12:26:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3831	6/21/2019 12:28:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:27:10 PM	6/21/2019 12:27:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3832	6/21/2019 12:29:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:28:10 PM	6/21/2019 12:28:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3833	6/21/2019 12:30:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:29:10 PM	6/21/2019 12:29:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3834	6/21/2019 12:31:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:30:10 PM	6/21/2019 12:30:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3835	6/21/2019 12:32:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:31:10 PM	6/21/2019 12:31:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3836	6/21/2019 12:33:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:32:10 PM	6/21/2019 12:32:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3837	6/21/2019 12:34:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:33:10 PM	6/21/2019 12:33:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3838	6/21/2019 12:35:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:34:10 PM	6/21/2019 12:34:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3839	6/21/2019 12:36:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:35:10 PM	6/21/2019 12:35:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3840	6/21/2019 12:37:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:36:10 PM	6/21/2019 12:36:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3841	6/21/2019 12:38:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:37:10 PM	6/21/2019 12:37:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3842	6/21/2019 12:39:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:38:10 PM	6/21/2019 12:38:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3843	6/21/2019 12:40:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:39:10 PM	6/21/2019 12:39:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3844	6/21/2019 12:41:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:40:10 PM	6/21/2019 12:40:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3845	6/21/2019 12:42:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:41:10 PM	6/21/2019 12:41:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3846	6/21/2019 12:43:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:42:10 PM	6/21/2019 12:42:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3847	6/21/2019 12:44:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:43:10 PM	6/21/2019 12:43:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3848	6/21/2019 12:45:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:44:10 PM	6/21/2019 12:44:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3849	6/21/2019 12:46:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:45:10 PM	6/21/2019 12:45:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3850	6/21/2019 12:47:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:46:10 PM	6/21/2019 12:46:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3851	6/21/2019 12:48:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:47:10 PM	6/21/2019 12:47:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3852	6/21/2019 12:49:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:48:10 PM	6/21/2019 12:48:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3853	6/21/2019 12:50:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:49:10 PM	6/21/2019 12:49:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3854	6/21/2019 12:51:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:50:10 PM	6/21/2019 12:50:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3855	6/21/2019 12:52:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:51:10 PM	6/21/2019 12:51:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3856	6/21/2019 12:53:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:52:10 PM	6/21/2019 12:52:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3857	6/21/2019 12:54:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:53:10 PM	6/21/2019 12:53:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3858	6/21/2019 12:55:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:54:10 PM	6/21/2019 12:54:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3859	6/21/2019 12:56:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:55:10 PM	6/21/2019 12:55:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3860	6/21/2019 12:57:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:56:10 PM	6/21/2019 12:56:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3861	6/21/2019 12:58:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:57:10 PM	6/21/2019 12:57:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3862	6/21/2019 12:59:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:58:10 PM	6/21/2019 12:58:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3863	6/21/2019 1:00:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 12:59:10 PM	6/21/2019 12:59:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3864	6/21/2019 1:01:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:00:10 PM	6/21/2019 1:00:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3865	6/21/2019 1:02:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:01:10 PM	6/21/2019 1:01:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3866	6/21/2019 1:03:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:02:10 PM	6/21/2019 1:02:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3867	6/21/2019 1:04:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:03:10 PM	6/21/2019 1:03:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3868	6/21/2019 1:05:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:04:10 PM	6/21/2019 1:04:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3869	6/21/2019 1:06:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:05:10 PM	6/21/2019 1:05:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3870	6/21/2019 1:07:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:06:10 PM	6/21/2019 1:06:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3871	6/21/2019 1:08:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:07:10 PM	6/21/2019 1:07:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3872	6/21/2019 1:09:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:08:10 PM	6/21/2019 1:08:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3873	6/21/2019 1:10:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:09:10 PM	6/21/2019 1:09:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3874	6/21/2019 1:11:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:10:10 PM	6/21/2019 1:10:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3875	6/21/2019 1:12:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:11:10 PM	6/21/2019 1:11:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3876	6/21/2019 1:13:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:12:10 PM	6/21/2019 1:12:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3877	6/21/2019 1:14:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:13:10 PM	6/21/2019 1:13:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3878	6/21/2019 1:15:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:14:10 PM	6/21/2019 1:14:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3879	6/21/2019 1:16:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:15:10 PM	6/21/2019 1:15:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3880	6/21/2019 1:17:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:16:10 PM	6/21/2019 1:16:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3881	6/21/2019 1:18:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:17:10 PM	6/21/2019 1:17:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3882	6/21/2019 1:19:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:18:10 PM	6/21/2019 1:18:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3883	6/21/2019 1:20:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:19:10 PM	6/21/2019 1:19:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3884	6/21/2019 1:21:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:20:10 PM	6/21/2019 1:20:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3885	6/21/2019 1:22:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:21:10 PM	6/21/2019 1:21:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3886	6/21/2019 1:23:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:22:10 PM	6/21/2019 1:22:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3887	6/21/2019 1:24:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:23:10 PM	6/21/2019 1:23:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3888	6/21/2019 1:25:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:24:10 PM	6/21/2019 1:24:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3889	6/21/2019 1:26:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:25:10 PM	6/21/2019 1:25:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3890	6/21/2019 1:27:06 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 1:26:05 PM	6/21/2019 1:26:06 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3891	6/21/2019 1:27:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:26:10 PM	6/21/2019 1:26:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3892	6/21/2019 1:28:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:27:10 PM	6/21/2019 1:27:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3893	6/21/2019 1:29:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:28:10 PM	6/21/2019 1:28:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3894	6/21/2019 1:30:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:29:10 PM	6/21/2019 1:29:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3895	6/21/2019 1:31:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:30:10 PM	6/21/2019 1:30:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3896	6/21/2019 1:32:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:31:10 PM	6/21/2019 1:31:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3897	6/21/2019 1:33:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:32:10 PM	6/21/2019 1:32:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3898	6/21/2019 1:34:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:33:10 PM	6/21/2019 1:33:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3899	6/21/2019 1:35:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:34:10 PM	6/21/2019 1:34:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3900	6/21/2019 1:36:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:35:10 PM	6/21/2019 1:35:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3901	6/21/2019 1:37:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:36:10 PM	6/21/2019 1:36:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3902	6/21/2019 1:38:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:37:10 PM	6/21/2019 1:37:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3903	6/21/2019 1:39:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:38:10 PM	6/21/2019 1:38:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3904	6/21/2019 1:40:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:39:10 PM	6/21/2019 1:39:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3905	6/21/2019 1:41:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:40:10 PM	6/21/2019 1:40:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3906	6/21/2019 1:42:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:41:10 PM	6/21/2019 1:41:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3907	6/21/2019 1:43:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:42:10 PM	6/21/2019 1:42:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3908	6/21/2019 1:44:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:43:10 PM	6/21/2019 1:43:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3909	6/21/2019 1:45:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:44:10 PM	6/21/2019 1:44:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3910	6/21/2019 1:46:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:45:10 PM	6/21/2019 1:45:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3911	6/21/2019 1:47:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:46:10 PM	6/21/2019 1:46:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3912	6/21/2019 1:48:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:47:10 PM	6/21/2019 1:47:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3913	6/21/2019 1:49:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:48:10 PM	6/21/2019 1:48:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3914	6/21/2019 1:50:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:49:10 PM	6/21/2019 1:49:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3915	6/21/2019 1:51:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:50:10 PM	6/21/2019 1:50:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3916	6/21/2019 1:52:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:51:10 PM	6/21/2019 1:51:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3917	6/21/2019 1:53:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:52:10 PM	6/21/2019 1:52:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3918	6/21/2019 1:54:07 PM	User Event	0	Block	Production	Autorun has been blocked.  Check the Control Log for more details. - Caller MD5=c8fb56b60458b09c1caebd4daf1ac8bb	File Read	0	6/21/2019 1:53:05 PM	6/21/2019 1:53:05 PM	Explorer | [AC9-1.1] Autorun.inf	192.168.2.22	3004	C:\Windows\explorer.exe	USBSTOR\Disk&Ven_iODD&Prod__External_HDD&Rev_\______XX00000001&1	Z:\Autorun.inf	0 Bytes	Default	ali.geyik	GLSTR	Alert
3919	6/21/2019 1:54:12 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 1:53:06 PM	6/21/2019 1:53:11 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3920	6/21/2019 1:54:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:53:10 PM	6/21/2019 1:53:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3921	6/21/2019 1:55:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:54:10 PM	6/21/2019 1:54:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3922	6/21/2019 1:56:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:55:10 PM	6/21/2019 1:55:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3923	6/21/2019 1:57:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:56:10 PM	6/21/2019 1:56:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3924	6/21/2019 1:58:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:57:10 PM	6/21/2019 1:57:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3925	6/21/2019 1:59:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:58:10 PM	6/21/2019 1:58:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3926	6/21/2019 2:00:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 1:59:10 PM	6/21/2019 1:59:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3927	6/21/2019 2:01:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:00:10 PM	6/21/2019 2:00:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3928	6/21/2019 2:02:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:01:10 PM	6/21/2019 2:01:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3929	6/21/2019 2:03:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:02:10 PM	6/21/2019 2:02:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3930	6/21/2019 2:04:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:03:10 PM	6/21/2019 2:03:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3931	6/21/2019 2:05:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:04:10 PM	6/21/2019 2:04:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3932	6/21/2019 2:06:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:05:10 PM	6/21/2019 2:05:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3933	6/21/2019 2:07:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:06:10 PM	6/21/2019 2:06:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3934	6/21/2019 2:08:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:07:10 PM	6/21/2019 2:07:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3935	6/21/2019 2:09:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:08:10 PM	6/21/2019 2:08:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3936	6/21/2019 2:10:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:09:10 PM	6/21/2019 2:09:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3937	6/21/2019 2:11:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:10:10 PM	6/21/2019 2:10:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3938	6/21/2019 2:12:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:11:10 PM	6/21/2019 2:11:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3939	6/21/2019 2:13:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:12:10 PM	6/21/2019 2:12:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3940	6/21/2019 2:14:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:13:10 PM	6/21/2019 2:13:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3941	6/21/2019 2:15:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:14:10 PM	6/21/2019 2:14:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3942	6/21/2019 2:16:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:15:10 PM	6/21/2019 2:15:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3943	6/21/2019 2:17:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:16:10 PM	6/21/2019 2:16:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3944	6/21/2019 2:18:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:17:10 PM	6/21/2019 2:17:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3945	6/21/2019 2:19:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:18:10 PM	6/21/2019 2:18:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3946	6/21/2019 2:20:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:19:10 PM	6/21/2019 2:19:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3947	6/21/2019 2:21:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:20:10 PM	6/21/2019 2:20:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3948	6/21/2019 2:22:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:21:10 PM	6/21/2019 2:21:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3949	6/21/2019 2:23:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:22:10 PM	6/21/2019 2:22:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3950	6/21/2019 2:24:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:23:10 PM	6/21/2019 2:23:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3951	6/21/2019 2:25:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:24:10 PM	6/21/2019 2:24:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3952	6/21/2019 2:26:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:25:10 PM	6/21/2019 2:25:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3953	6/21/2019 2:27:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:26:10 PM	6/21/2019 2:26:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3954	6/21/2019 2:28:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:27:10 PM	6/21/2019 2:27:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3955	6/21/2019 2:29:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:28:10 PM	6/21/2019 2:28:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3956	6/21/2019 2:30:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:29:10 PM	6/21/2019 2:29:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3957	6/21/2019 2:31:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:30:10 PM	6/21/2019 2:30:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3958	6/21/2019 2:32:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:31:10 PM	6/21/2019 2:31:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3959	6/21/2019 2:33:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:32:10 PM	6/21/2019 2:32:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3960	6/21/2019 2:34:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:33:10 PM	6/21/2019 2:33:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3961	6/21/2019 2:35:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:34:10 PM	6/21/2019 2:34:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3962	6/21/2019 2:36:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:35:10 PM	6/21/2019 2:35:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3963	6/21/2019 2:37:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:36:10 PM	6/21/2019 2:36:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3964	6/21/2019 2:38:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:37:10 PM	6/21/2019 2:37:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3965	6/21/2019 2:39:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:38:10 PM	6/21/2019 2:38:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3966	6/21/2019 2:40:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:39:10 PM	6/21/2019 2:39:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3967	6/21/2019 2:41:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:40:10 PM	6/21/2019 2:40:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3968	6/21/2019 2:42:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:41:10 PM	6/21/2019 2:41:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3969	6/21/2019 2:43:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:42:10 PM	6/21/2019 2:42:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3970	6/21/2019 2:44:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:43:10 PM	6/21/2019 2:43:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3971	6/21/2019 2:45:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:44:10 PM	6/21/2019 2:44:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3972	6/21/2019 2:46:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:45:10 PM	6/21/2019 2:45:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3973	6/21/2019 2:47:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:46:10 PM	6/21/2019 2:46:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3974	6/21/2019 2:48:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:47:10 PM	6/21/2019 2:47:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3975	6/21/2019 2:49:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:48:10 PM	6/21/2019 2:48:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3976	6/21/2019 2:50:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:49:10 PM	6/21/2019 2:49:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3977	6/21/2019 2:51:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:50:10 PM	6/21/2019 2:50:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3978	6/21/2019 2:52:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:51:10 PM	6/21/2019 2:51:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3979	6/21/2019 2:53:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:52:10 PM	6/21/2019 2:52:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3980	6/21/2019 2:54:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:53:10 PM	6/21/2019 2:53:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3981	6/21/2019 2:55:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:54:10 PM	6/21/2019 2:54:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3982	6/21/2019 2:56:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:55:10 PM	6/21/2019 2:55:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3983	6/21/2019 2:57:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:56:10 PM	6/21/2019 2:56:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3984	6/21/2019 2:58:09 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 2:57:05 PM	6/21/2019 2:57:06 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
3985	6/21/2019 2:58:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:57:10 PM	6/21/2019 2:57:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3986	6/21/2019 2:59:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:58:10 PM	6/21/2019 2:58:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3987	6/21/2019 3:00:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 2:59:10 PM	6/21/2019 2:59:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3988	6/21/2019 3:01:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:00:10 PM	6/21/2019 3:00:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3989	6/21/2019 3:02:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:01:10 PM	6/21/2019 3:01:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3990	6/21/2019 3:03:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:02:10 PM	6/21/2019 3:02:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3991	6/21/2019 3:04:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:03:10 PM	6/21/2019 3:03:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3992	6/21/2019 3:05:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:04:10 PM	6/21/2019 3:04:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3993	6/21/2019 3:06:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:05:10 PM	6/21/2019 3:05:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3994	6/21/2019 3:07:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:06:10 PM	6/21/2019 3:06:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3995	6/21/2019 3:08:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:07:10 PM	6/21/2019 3:07:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3996	6/21/2019 3:09:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:08:10 PM	6/21/2019 3:08:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3997	6/21/2019 3:10:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:09:10 PM	6/21/2019 3:09:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3998	6/21/2019 3:11:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:10:10 PM	6/21/2019 3:10:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
3999	6/21/2019 3:12:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:11:10 PM	6/21/2019 3:11:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4000	6/21/2019 3:13:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:12:10 PM	6/21/2019 3:12:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4001	6/21/2019 3:14:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:13:10 PM	6/21/2019 3:13:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4002	6/21/2019 3:15:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:14:10 PM	6/21/2019 3:14:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4003	6/21/2019 3:16:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:15:10 PM	6/21/2019 3:15:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4004	6/21/2019 3:17:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:16:10 PM	6/21/2019 3:16:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4005	6/21/2019 3:18:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:17:10 PM	6/21/2019 3:17:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4006	6/21/2019 3:19:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:18:10 PM	6/21/2019 3:18:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4007	6/21/2019 3:20:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:19:10 PM	6/21/2019 3:19:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4008	6/21/2019 3:21:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:20:10 PM	6/21/2019 3:20:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4009	6/21/2019 3:22:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:21:10 PM	6/21/2019 3:21:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4010	6/21/2019 3:23:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:22:10 PM	6/21/2019 3:22:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4011	6/21/2019 3:24:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:23:10 PM	6/21/2019 3:23:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4012	6/21/2019 3:25:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:24:10 PM	6/21/2019 3:24:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4013	6/21/2019 3:26:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:25:10 PM	6/21/2019 3:25:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4014	6/21/2019 3:27:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:26:10 PM	6/21/2019 3:26:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4015	6/21/2019 3:28:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:27:10 PM	6/21/2019 3:27:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4016	6/21/2019 3:29:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:28:10 PM	6/21/2019 3:28:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4017	6/21/2019 3:30:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:29:10 PM	6/21/2019 3:29:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4018	6/21/2019 3:31:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:30:10 PM	6/21/2019 3:30:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4019	6/21/2019 3:32:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:31:10 PM	6/21/2019 3:31:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4020	6/21/2019 3:33:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:32:10 PM	6/21/2019 3:32:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4021	6/21/2019 3:34:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:33:10 PM	6/21/2019 3:33:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4022	6/21/2019 3:35:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:34:10 PM	6/21/2019 3:34:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4023	6/21/2019 3:36:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:35:10 PM	6/21/2019 3:35:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4024	6/21/2019 3:37:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:36:10 PM	6/21/2019 3:36:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4025	6/21/2019 3:38:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:37:10 PM	6/21/2019 3:37:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4026	6/21/2019 3:39:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:38:10 PM	6/21/2019 3:38:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4027	6/21/2019 3:40:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:39:10 PM	6/21/2019 3:39:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4028	6/21/2019 3:41:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:40:10 PM	6/21/2019 3:40:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4029	6/21/2019 3:42:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:41:10 PM	6/21/2019 3:41:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4030	6/21/2019 3:43:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:42:10 PM	6/21/2019 3:42:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4031	6/21/2019 3:44:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:43:10 PM	6/21/2019 3:43:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4032	6/21/2019 3:45:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:44:10 PM	6/21/2019 3:44:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4033	6/21/2019 3:46:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:45:10 PM	6/21/2019 3:45:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4034	6/21/2019 3:47:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:46:10 PM	6/21/2019 3:46:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4035	6/21/2019 3:48:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:47:10 PM	6/21/2019 3:47:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4036	6/21/2019 3:49:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:48:10 PM	6/21/2019 3:48:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4037	6/21/2019 3:50:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:49:10 PM	6/21/2019 3:49:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4038	6/21/2019 3:51:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:50:10 PM	6/21/2019 3:50:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4039	6/21/2019 3:52:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:51:10 PM	6/21/2019 3:51:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4040	6/21/2019 3:53:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:52:10 PM	6/21/2019 3:52:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4041	6/21/2019 3:54:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:53:10 PM	6/21/2019 3:53:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4042	6/21/2019 3:55:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:54:10 PM	6/21/2019 3:54:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4043	6/21/2019 3:56:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:55:10 PM	6/21/2019 3:55:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4044	6/21/2019 3:57:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:56:10 PM	6/21/2019 3:56:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4045	6/21/2019 3:58:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:57:10 PM	6/21/2019 3:57:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4046	6/21/2019 3:59:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:58:10 PM	6/21/2019 3:58:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4047	6/21/2019 4:00:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 3:59:10 PM	6/21/2019 3:59:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4048	6/21/2019 4:01:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:00:10 PM	6/21/2019 4:00:10 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4049	6/21/2019 4:02:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:01:11 PM	6/21/2019 4:01:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4050	6/21/2019 4:03:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:02:11 PM	6/21/2019 4:02:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4051	6/21/2019 4:04:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:03:11 PM	6/21/2019 4:03:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4052	6/21/2019 4:05:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:04:11 PM	6/21/2019 4:04:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4053	6/21/2019 4:06:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:05:11 PM	6/21/2019 4:05:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4054	6/21/2019 4:07:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:06:11 PM	6/21/2019 4:06:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4055	6/21/2019 4:08:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:07:11 PM	6/21/2019 4:07:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4056	6/21/2019 4:09:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:08:11 PM	6/21/2019 4:08:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4057	6/21/2019 4:10:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:09:11 PM	6/21/2019 4:09:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4058	6/21/2019 4:11:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:10:11 PM	6/21/2019 4:10:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4059	6/21/2019 4:12:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:11:11 PM	6/21/2019 4:11:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4060	6/21/2019 4:13:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:12:11 PM	6/21/2019 4:12:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4061	6/21/2019 4:14:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:13:11 PM	6/21/2019 4:13:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4062	6/21/2019 4:15:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:14:11 PM	6/21/2019 4:14:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4063	6/21/2019 4:16:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:15:11 PM	6/21/2019 4:15:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4064	6/21/2019 4:17:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:16:11 PM	6/21/2019 4:16:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4065	6/21/2019 4:18:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:17:11 PM	6/21/2019 4:17:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4066	6/21/2019 4:19:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:18:11 PM	6/21/2019 4:18:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4067	6/21/2019 4:20:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:19:11 PM	6/21/2019 4:19:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4068	6/21/2019 4:21:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:20:11 PM	6/21/2019 4:20:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4069	6/21/2019 4:22:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:21:11 PM	6/21/2019 4:21:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4070	6/21/2019 4:23:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:22:11 PM	6/21/2019 4:22:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4071	6/21/2019 4:24:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:23:11 PM	6/21/2019 4:23:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4072	6/21/2019 4:25:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:24:11 PM	6/21/2019 4:24:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4073	6/21/2019 4:26:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:25:11 PM	6/21/2019 4:25:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4074	6/21/2019 4:27:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:26:11 PM	6/21/2019 4:26:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4075	6/21/2019 4:28:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:27:11 PM	6/21/2019 4:27:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4076	6/21/2019 4:29:13 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 4:28:06 PM	6/21/2019 4:28:09 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4077	6/21/2019 4:29:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:28:11 PM	6/21/2019 4:28:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4078	6/21/2019 4:30:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:29:11 PM	6/21/2019 4:29:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4079	6/21/2019 4:31:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:30:11 PM	6/21/2019 4:30:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4080	6/21/2019 4:32:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:31:11 PM	6/21/2019 4:31:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4081	6/21/2019 4:33:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:32:11 PM	6/21/2019 4:32:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4082	6/21/2019 4:34:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:33:11 PM	6/21/2019 4:33:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4083	6/21/2019 4:35:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:34:11 PM	6/21/2019 4:34:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4084	6/21/2019 4:36:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:35:11 PM	6/21/2019 4:35:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4085	6/21/2019 4:37:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:36:11 PM	6/21/2019 4:36:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4086	6/21/2019 4:38:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:37:11 PM	6/21/2019 4:37:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4087	6/21/2019 4:39:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:38:11 PM	6/21/2019 4:38:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4088	6/21/2019 4:40:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:39:11 PM	6/21/2019 4:39:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4089	6/21/2019 4:41:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:40:11 PM	6/21/2019 4:40:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4090	6/21/2019 4:42:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:41:11 PM	6/21/2019 4:41:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4091	6/21/2019 4:43:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:42:11 PM	6/21/2019 4:42:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4092	6/21/2019 4:44:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:43:11 PM	6/21/2019 4:43:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4093	6/21/2019 4:45:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:44:11 PM	6/21/2019 4:44:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4094	6/21/2019 4:46:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:45:11 PM	6/21/2019 4:45:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4095	6/21/2019 4:47:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:46:11 PM	6/21/2019 4:46:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4096	6/21/2019 4:48:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:47:11 PM	6/21/2019 4:47:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4097	6/21/2019 4:49:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:48:11 PM	6/21/2019 4:48:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4098	6/21/2019 4:50:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:49:11 PM	6/21/2019 4:49:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4099	6/21/2019 4:51:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:50:11 PM	6/21/2019 4:50:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4100	6/21/2019 4:52:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:51:11 PM	6/21/2019 4:51:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4101	6/21/2019 4:53:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:52:11 PM	6/21/2019 4:52:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4102	6/21/2019 4:54:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:53:11 PM	6/21/2019 4:53:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4103	6/21/2019 4:55:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:54:11 PM	6/21/2019 4:54:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4104	6/21/2019 4:56:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:55:11 PM	6/21/2019 4:55:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4105	6/21/2019 4:57:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:56:11 PM	6/21/2019 4:56:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4106	6/21/2019 4:58:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:57:11 PM	6/21/2019 4:57:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4107	6/21/2019 4:59:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:58:11 PM	6/21/2019 4:58:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4108	6/21/2019 5:00:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 4:59:11 PM	6/21/2019 4:59:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4109	6/21/2019 5:01:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:00:11 PM	6/21/2019 5:00:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4110	6/21/2019 5:02:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:01:11 PM	6/21/2019 5:01:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4111	6/21/2019 5:03:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:02:11 PM	6/21/2019 5:02:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4112	6/21/2019 5:04:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:03:11 PM	6/21/2019 5:03:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4113	6/21/2019 5:05:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:04:11 PM	6/21/2019 5:04:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4114	6/21/2019 5:06:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:05:11 PM	6/21/2019 5:05:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4115	6/21/2019 5:07:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:06:11 PM	6/21/2019 5:06:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4116	6/21/2019 5:08:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:07:11 PM	6/21/2019 5:07:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4117	6/21/2019 5:09:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:08:11 PM	6/21/2019 5:08:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4118	6/21/2019 5:10:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:09:11 PM	6/21/2019 5:09:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4119	6/21/2019 5:11:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:10:11 PM	6/21/2019 5:10:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4120	6/21/2019 5:12:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:11:11 PM	6/21/2019 5:11:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4121	6/21/2019 5:13:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:12:11 PM	6/21/2019 5:12:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4122	6/21/2019 5:13:36 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 5:12:14 PM	6/21/2019 5:12:32 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4123	6/21/2019 5:14:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:13:11 PM	6/21/2019 5:13:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4124	6/21/2019 5:15:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:14:11 PM	6/21/2019 5:14:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4125	6/21/2019 5:16:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:15:11 PM	6/21/2019 5:15:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4126	6/21/2019 5:17:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:16:11 PM	6/21/2019 5:16:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4127	6/21/2019 5:18:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:17:11 PM	6/21/2019 5:17:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4128	6/21/2019 5:19:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:18:11 PM	6/21/2019 5:18:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4129	6/21/2019 5:20:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:19:11 PM	6/21/2019 5:19:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4130	6/21/2019 5:20:21 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/21/2019 5:19:18 PM	6/21/2019 5:19:18 PM	LockDown	192.168.2.22	1944	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4131	6/21/2019 5:21:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:20:11 PM	6/21/2019 5:20:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4132	6/21/2019 5:22:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:21:11 PM	6/21/2019 5:21:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4133	6/21/2019 5:23:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:22:11 PM	6/21/2019 5:22:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4134	6/21/2019 5:24:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:23:11 PM	6/21/2019 5:23:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4135	6/21/2019 5:25:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:24:11 PM	6/21/2019 5:24:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4136	6/21/2019 5:26:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:25:11 PM	6/21/2019 5:25:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4137	6/21/2019 5:27:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:26:11 PM	6/21/2019 5:26:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4138	6/21/2019 5:28:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:27:11 PM	6/21/2019 5:27:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4139	6/21/2019 5:29:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:28:11 PM	6/21/2019 5:28:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4140	6/21/2019 5:30:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:29:11 PM	6/21/2019 5:29:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4141	6/21/2019 5:31:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:30:11 PM	6/21/2019 5:30:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4142	6/21/2019 5:32:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:31:11 PM	6/21/2019 5:31:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4143	6/21/2019 5:33:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:32:11 PM	6/21/2019 5:32:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4144	6/21/2019 5:34:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:33:11 PM	6/21/2019 5:33:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4145	6/21/2019 5:35:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:34:11 PM	6/21/2019 5:34:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4146	6/21/2019 5:36:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:35:11 PM	6/21/2019 5:35:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4147	6/21/2019 5:37:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:36:11 PM	6/21/2019 5:36:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4148	6/21/2019 5:38:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:37:11 PM	6/21/2019 5:37:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4149	6/21/2019 5:39:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:38:11 PM	6/21/2019 5:38:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4150	6/21/2019 5:40:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:39:11 PM	6/21/2019 5:39:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4151	6/21/2019 5:41:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:40:11 PM	6/21/2019 5:40:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4152	6/21/2019 5:42:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:41:11 PM	6/21/2019 5:41:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4153	6/21/2019 5:43:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:42:11 PM	6/21/2019 5:42:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4154	6/21/2019 5:44:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:43:11 PM	6/21/2019 5:43:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4155	6/21/2019 5:45:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:44:11 PM	6/21/2019 5:44:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4156	6/21/2019 5:46:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:45:11 PM	6/21/2019 5:45:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4157	6/21/2019 5:47:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:46:11 PM	6/21/2019 5:46:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4158	6/21/2019 5:48:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:47:11 PM	6/21/2019 5:47:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4159	6/21/2019 5:49:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:48:11 PM	6/21/2019 5:48:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4160	6/21/2019 5:50:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:49:11 PM	6/21/2019 5:49:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4161	6/21/2019 5:50:22 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="/d acproxy.dll,PerformAutochkOperations"	Create Process	0	6/21/2019 5:49:17 PM	6/21/2019 5:49:17 PM	LockDown	192.168.2.22	1944	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4162	6/21/2019 5:51:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:50:11 PM	6/21/2019 5:50:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4163	6/21/2019 5:52:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:51:11 PM	6/21/2019 5:51:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4164	6/21/2019 5:53:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:52:11 PM	6/21/2019 5:52:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4165	6/21/2019 5:54:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:53:11 PM	6/21/2019 5:53:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4166	6/21/2019 5:55:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:54:11 PM	6/21/2019 5:54:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4167	6/21/2019 5:56:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:55:11 PM	6/21/2019 5:55:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4168	6/21/2019 5:57:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:56:11 PM	6/21/2019 5:56:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4169	6/21/2019 5:58:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:57:11 PM	6/21/2019 5:57:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4170	6/21/2019 5:59:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:58:11 PM	6/21/2019 5:58:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4171	6/21/2019 6:00:07 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 5:59:06 PM	6/21/2019 5:59:06 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4172	6/21/2019 6:00:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 5:59:11 PM	6/21/2019 5:59:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4173	6/21/2019 6:01:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:00:11 PM	6/21/2019 6:00:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4174	6/21/2019 6:02:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:01:11 PM	6/21/2019 6:01:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4175	6/21/2019 6:03:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:02:11 PM	6/21/2019 6:02:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4176	6/21/2019 6:04:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:03:11 PM	6/21/2019 6:03:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4177	6/21/2019 6:05:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:04:11 PM	6/21/2019 6:04:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4178	6/21/2019 6:06:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:05:11 PM	6/21/2019 6:05:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4179	6/21/2019 6:07:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:06:11 PM	6/21/2019 6:06:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4180	6/21/2019 6:08:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:07:11 PM	6/21/2019 6:07:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4181	6/21/2019 6:09:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:08:11 PM	6/21/2019 6:08:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4182	6/21/2019 6:10:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:09:11 PM	6/21/2019 6:09:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4183	6/21/2019 6:11:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:10:11 PM	6/21/2019 6:10:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4184	6/21/2019 6:12:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:11:11 PM	6/21/2019 6:11:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4185	6/21/2019 6:13:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:12:11 PM	6/21/2019 6:12:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4186	6/21/2019 6:14:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:13:11 PM	6/21/2019 6:13:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4187	6/21/2019 6:15:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:14:11 PM	6/21/2019 6:14:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4188	6/21/2019 6:16:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:15:11 PM	6/21/2019 6:15:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4189	6/21/2019 6:17:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:16:11 PM	6/21/2019 6:16:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4190	6/21/2019 6:18:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:17:11 PM	6/21/2019 6:17:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4191	6/21/2019 6:19:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:18:11 PM	6/21/2019 6:18:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4192	6/21/2019 6:20:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:19:11 PM	6/21/2019 6:19:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4193	6/21/2019 6:21:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:20:11 PM	6/21/2019 6:20:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4194	6/21/2019 6:22:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:21:11 PM	6/21/2019 6:21:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4195	6/21/2019 6:23:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:22:11 PM	6/21/2019 6:22:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4196	6/21/2019 6:24:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:23:11 PM	6/21/2019 6:23:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4197	6/21/2019 6:25:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:24:11 PM	6/21/2019 6:24:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4198	6/21/2019 6:26:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:25:11 PM	6/21/2019 6:25:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4199	6/21/2019 6:27:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:26:11 PM	6/21/2019 6:26:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4200	6/21/2019 6:28:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:27:11 PM	6/21/2019 6:27:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4201	6/21/2019 6:29:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:28:11 PM	6/21/2019 6:28:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4202	6/21/2019 6:30:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:29:11 PM	6/21/2019 6:29:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4203	6/21/2019 6:31:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:30:11 PM	6/21/2019 6:30:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4204	6/21/2019 6:31:40 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/21/2019 6:30:35 PM	6/21/2019 6:30:35 PM	LockDown	192.168.2.22	1944	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4205	6/21/2019 6:32:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:31:11 PM	6/21/2019 6:31:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4206	6/21/2019 6:33:07 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/21/2019 6:32:04 PM	6/21/2019 6:32:04 PM	LockDown	192.168.2.22	1944	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4207	6/21/2019 6:33:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:32:11 PM	6/21/2019 6:32:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4208	6/21/2019 6:34:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:33:11 PM	6/21/2019 6:33:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4209	6/21/2019 6:34:19 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/21/2019 6:33:16 PM	6/21/2019 6:33:16 PM	LockDown	192.168.2.22	1944	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4210	6/21/2019 6:35:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:34:11 PM	6/21/2019 6:34:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4211	6/21/2019 6:36:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:35:11 PM	6/21/2019 6:35:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4212	6/21/2019 6:36:17 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/21/2019 6:35:14 PM	6/21/2019 6:35:14 PM	LockDown	192.168.2.22	1944	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4213	6/21/2019 6:37:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:36:11 PM	6/21/2019 6:36:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4214	6/21/2019 6:38:10 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/21/2019 6:37:05 PM	6/21/2019 6:37:05 PM	LockDown	192.168.2.22	1944	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4215	6/21/2019 6:38:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:37:11 PM	6/21/2019 6:37:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4216	6/21/2019 6:39:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:38:11 PM	6/21/2019 6:38:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4217	6/21/2019 6:40:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:39:11 PM	6/21/2019 6:39:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4218	6/21/2019 6:40:54 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/21/2019 6:39:54 PM	6/21/2019 6:39:54 PM	LockDown	192.168.2.22	1944	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4219	6/21/2019 6:41:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:40:11 PM	6/21/2019 6:40:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4220	6/21/2019 6:42:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:41:11 PM	6/21/2019 6:41:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4221	6/21/2019 6:42:42 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/21/2019 6:41:40 PM	6/21/2019 6:41:40 PM	LockDown	192.168.2.22	1944	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4222	6/21/2019 6:43:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:42:11 PM	6/21/2019 6:42:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4223	6/21/2019 6:44:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:43:11 PM	6/21/2019 6:43:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4224	6/21/2019 6:45:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:44:11 PM	6/21/2019 6:44:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4225	6/21/2019 6:46:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:45:11 PM	6/21/2019 6:45:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4226	6/21/2019 6:46:59 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/21/2019 6:45:54 PM	6/21/2019 6:45:54 PM	LockDown	192.168.2.22	1944	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4227	6/21/2019 6:47:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:46:11 PM	6/21/2019 6:46:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4228	6/21/2019 6:48:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:47:11 PM	6/21/2019 6:47:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4229	6/21/2019 6:48:16 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/21/2019 6:47:13 PM	6/21/2019 6:47:13 PM	LockDown	192.168.2.22	1944	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4230	6/21/2019 6:49:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:48:11 PM	6/21/2019 6:48:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4231	6/21/2019 6:50:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:49:11 PM	6/21/2019 6:49:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4232	6/21/2019 6:51:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:50:11 PM	6/21/2019 6:50:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4233	6/21/2019 6:52:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:51:11 PM	6/21/2019 6:51:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4234	6/21/2019 6:52:38 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/21/2019 6:51:33 PM	6/21/2019 6:51:33 PM	LockDown	192.168.2.22	1944	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4235	6/21/2019 6:53:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:52:11 PM	6/21/2019 6:52:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4236	6/21/2019 6:54:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:53:11 PM	6/21/2019 6:53:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4237	6/21/2019 6:55:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:54:11 PM	6/21/2019 6:54:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4238	6/21/2019 6:56:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:55:11 PM	6/21/2019 6:55:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4239	6/21/2019 6:57:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:56:11 PM	6/21/2019 6:56:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4240	6/21/2019 6:58:07 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/21/2019 6:57:05 PM	6/21/2019 6:57:05 PM	LockDown	192.168.2.22	1944	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4241	6/21/2019 6:58:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:57:11 PM	6/21/2019 6:57:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4242	6/21/2019 6:59:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:58:11 PM	6/21/2019 6:58:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4243	6/21/2019 7:00:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 6:59:11 PM	6/21/2019 6:59:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4244	6/21/2019 7:00:51 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/21/2019 6:59:49 PM	6/21/2019 6:59:49 PM	LockDown	192.168.2.22	1944	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4245	6/21/2019 7:01:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:00:11 PM	6/21/2019 7:00:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4246	6/21/2019 7:02:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:01:11 PM	6/21/2019 7:01:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4247	6/21/2019 7:03:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:02:11 PM	6/21/2019 7:02:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4248	6/21/2019 7:04:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:03:11 PM	6/21/2019 7:03:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4249	6/21/2019 7:05:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:04:11 PM	6/21/2019 7:04:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4250	6/21/2019 7:06:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:05:11 PM	6/21/2019 7:05:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4251	6/21/2019 7:07:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:06:11 PM	6/21/2019 7:06:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4252	6/21/2019 7:08:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:07:11 PM	6/21/2019 7:07:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4253	6/21/2019 7:09:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:08:11 PM	6/21/2019 7:08:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4254	6/21/2019 7:10:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:09:11 PM	6/21/2019 7:09:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4255	6/21/2019 7:11:01 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/21/2019 7:10:00 PM	6/21/2019 7:10:00 PM	LockDown	192.168.2.22	1944	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4256	6/21/2019 7:11:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:10:11 PM	6/21/2019 7:10:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4257	6/21/2019 7:12:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:11:11 PM	6/21/2019 7:11:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4258	6/21/2019 7:13:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:12:11 PM	6/21/2019 7:12:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4259	6/21/2019 7:14:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:13:11 PM	6/21/2019 7:13:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4260	6/21/2019 7:15:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:14:11 PM	6/21/2019 7:14:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4261	6/21/2019 7:16:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:15:11 PM	6/21/2019 7:15:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4262	6/21/2019 7:17:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:16:11 PM	6/21/2019 7:16:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4263	6/21/2019 7:18:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:17:11 PM	6/21/2019 7:17:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4264	6/21/2019 7:19:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:18:11 PM	6/21/2019 7:18:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4265	6/21/2019 7:20:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:19:11 PM	6/21/2019 7:19:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4266	6/21/2019 7:21:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:20:11 PM	6/21/2019 7:20:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4267	6/21/2019 7:22:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:21:11 PM	6/21/2019 7:21:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4268	6/21/2019 7:23:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:22:11 PM	6/21/2019 7:22:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4269	6/21/2019 7:24:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:23:11 PM	6/21/2019 7:23:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4270	6/21/2019 7:25:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:24:11 PM	6/21/2019 7:24:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4271	6/21/2019 7:26:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:25:11 PM	6/21/2019 7:25:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4272	6/21/2019 7:27:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:26:11 PM	6/21/2019 7:26:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4273	6/21/2019 7:28:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:27:11 PM	6/21/2019 7:27:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4274	6/21/2019 7:29:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:28:11 PM	6/21/2019 7:28:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4275	6/21/2019 7:30:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:29:11 PM	6/21/2019 7:29:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4276	6/21/2019 7:31:07 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 7:30:06 PM	6/21/2019 7:30:07 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4277	6/21/2019 7:31:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:30:11 PM	6/21/2019 7:30:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4278	6/21/2019 7:32:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:31:11 PM	6/21/2019 7:31:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4279	6/21/2019 7:33:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:32:11 PM	6/21/2019 7:32:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4280	6/21/2019 7:34:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:33:11 PM	6/21/2019 7:33:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4281	6/21/2019 7:35:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:34:11 PM	6/21/2019 7:34:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4282	6/21/2019 7:36:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:35:11 PM	6/21/2019 7:35:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4283	6/21/2019 7:37:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:36:11 PM	6/21/2019 7:36:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4284	6/21/2019 7:38:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:37:11 PM	6/21/2019 7:37:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4285	6/21/2019 7:39:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:38:11 PM	6/21/2019 7:38:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4286	6/21/2019 7:40:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:39:11 PM	6/21/2019 7:39:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4287	6/21/2019 7:41:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:40:11 PM	6/21/2019 7:40:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4288	6/21/2019 7:42:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:41:11 PM	6/21/2019 7:41:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4289	6/21/2019 7:43:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:42:11 PM	6/21/2019 7:42:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4290	6/21/2019 7:44:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:43:11 PM	6/21/2019 7:43:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4291	6/21/2019 7:45:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:44:11 PM	6/21/2019 7:44:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4292	6/21/2019 7:46:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:45:11 PM	6/21/2019 7:45:11 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4293	6/21/2019 7:47:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:46:12 PM	6/21/2019 7:46:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4294	6/21/2019 7:48:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:47:12 PM	6/21/2019 7:47:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4295	6/21/2019 7:49:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:48:12 PM	6/21/2019 7:48:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4296	6/21/2019 7:50:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:49:12 PM	6/21/2019 7:49:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4297	6/21/2019 7:51:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:50:12 PM	6/21/2019 7:50:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4298	6/21/2019 7:52:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:51:12 PM	6/21/2019 7:51:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4299	6/21/2019 7:53:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:52:12 PM	6/21/2019 7:52:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4300	6/21/2019 7:54:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:53:12 PM	6/21/2019 7:53:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4301	6/21/2019 7:55:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:54:12 PM	6/21/2019 7:54:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4302	6/21/2019 7:56:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:55:12 PM	6/21/2019 7:55:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4303	6/21/2019 7:57:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:56:12 PM	6/21/2019 7:56:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4304	6/21/2019 7:58:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:57:12 PM	6/21/2019 7:57:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4305	6/21/2019 7:59:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:58:12 PM	6/21/2019 7:58:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4306	6/21/2019 8:00:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 7:59:12 PM	6/21/2019 7:59:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4307	6/21/2019 8:01:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:00:12 PM	6/21/2019 8:00:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4308	6/21/2019 8:02:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:01:12 PM	6/21/2019 8:01:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4309	6/21/2019 8:03:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:02:12 PM	6/21/2019 8:02:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4310	6/21/2019 8:04:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:03:12 PM	6/21/2019 8:03:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4311	6/21/2019 8:05:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:04:12 PM	6/21/2019 8:04:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4312	6/21/2019 8:06:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:05:12 PM	6/21/2019 8:05:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4313	6/21/2019 8:07:17 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:06:12 PM	6/21/2019 8:06:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4314	6/21/2019 8:07:47 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 8:06:42 PM	6/21/2019 8:06:43 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4315	6/21/2019 8:08:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:07:12 PM	6/21/2019 8:07:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4316	6/21/2019 8:09:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:08:12 PM	6/21/2019 8:08:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4317	6/21/2019 8:10:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:09:12 PM	6/21/2019 8:09:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4318	6/21/2019 8:11:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:10:12 PM	6/21/2019 8:10:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4319	6/21/2019 8:12:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:11:12 PM	6/21/2019 8:11:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4320	6/21/2019 8:13:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:12:12 PM	6/21/2019 8:12:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4321	6/21/2019 8:14:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:13:12 PM	6/21/2019 8:13:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4322	6/21/2019 8:15:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:14:12 PM	6/21/2019 8:14:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4323	6/21/2019 8:16:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:15:12 PM	6/21/2019 8:15:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4324	6/21/2019 8:17:17 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:16:12 PM	6/21/2019 8:16:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4325	6/21/2019 8:18:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:17:12 PM	6/21/2019 8:17:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4326	6/21/2019 8:19:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:18:12 PM	6/21/2019 8:18:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4327	6/21/2019 8:20:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:19:12 PM	6/21/2019 8:19:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4328	6/21/2019 8:21:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:20:12 PM	6/21/2019 8:20:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4329	6/21/2019 8:22:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:21:12 PM	6/21/2019 8:21:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4330	6/21/2019 8:23:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:22:12 PM	6/21/2019 8:22:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4331	6/21/2019 8:24:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:23:12 PM	6/21/2019 8:23:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4332	6/21/2019 8:25:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:24:12 PM	6/21/2019 8:24:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4333	6/21/2019 8:26:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:25:12 PM	6/21/2019 8:25:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4334	6/21/2019 8:27:17 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:26:12 PM	6/21/2019 8:26:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4335	6/21/2019 8:28:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:27:12 PM	6/21/2019 8:27:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4336	6/21/2019 8:29:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:28:12 PM	6/21/2019 8:28:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4337	6/21/2019 8:30:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:29:12 PM	6/21/2019 8:29:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4338	6/21/2019 8:31:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:30:12 PM	6/21/2019 8:30:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4339	6/21/2019 8:32:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:31:12 PM	6/21/2019 8:31:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4340	6/21/2019 8:33:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:32:12 PM	6/21/2019 8:32:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4341	6/21/2019 8:34:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:33:12 PM	6/21/2019 8:33:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4342	6/21/2019 8:35:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:34:12 PM	6/21/2019 8:34:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4343	6/21/2019 8:36:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:35:12 PM	6/21/2019 8:35:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4344	6/21/2019 8:37:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:36:12 PM	6/21/2019 8:36:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4345	6/21/2019 8:38:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:37:12 PM	6/21/2019 8:37:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4346	6/21/2019 8:39:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:38:12 PM	6/21/2019 8:38:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4347	6/21/2019 8:40:17 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:39:12 PM	6/21/2019 8:39:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4348	6/21/2019 8:41:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:40:12 PM	6/21/2019 8:40:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4349	6/21/2019 8:42:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:41:12 PM	6/21/2019 8:41:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4350	6/21/2019 8:43:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:42:12 PM	6/21/2019 8:42:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4351	6/21/2019 8:44:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:43:12 PM	6/21/2019 8:43:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4352	6/21/2019 8:45:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:44:12 PM	6/21/2019 8:44:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4353	6/21/2019 8:46:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:45:12 PM	6/21/2019 8:45:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4354	6/21/2019 8:47:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:46:12 PM	6/21/2019 8:46:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4355	6/21/2019 8:47:28 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 8:46:19 PM	6/21/2019 8:46:25 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4356	6/21/2019 8:48:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:47:12 PM	6/21/2019 8:47:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4357	6/21/2019 8:49:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:48:12 PM	6/21/2019 8:48:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4358	6/21/2019 8:50:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:49:12 PM	6/21/2019 8:49:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4359	6/21/2019 8:51:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:50:12 PM	6/21/2019 8:50:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4360	6/21/2019 8:52:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:51:12 PM	6/21/2019 8:51:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4361	6/21/2019 8:53:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:52:12 PM	6/21/2019 8:52:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4362	6/21/2019 8:54:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:53:12 PM	6/21/2019 8:53:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4363	6/21/2019 8:55:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:54:12 PM	6/21/2019 8:54:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4364	6/21/2019 8:56:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:55:12 PM	6/21/2019 8:55:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4365	6/21/2019 8:57:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:56:12 PM	6/21/2019 8:56:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4366	6/21/2019 8:58:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:57:12 PM	6/21/2019 8:57:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4367	6/21/2019 8:59:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:58:12 PM	6/21/2019 8:58:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4368	6/21/2019 9:00:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 8:59:12 PM	6/21/2019 8:59:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4369	6/21/2019 9:01:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:00:12 PM	6/21/2019 9:00:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4370	6/21/2019 9:02:10 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 9:01:05 PM	6/21/2019 9:01:06 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4371	6/21/2019 9:02:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:01:12 PM	6/21/2019 9:01:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4372	6/21/2019 9:03:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:02:12 PM	6/21/2019 9:02:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4373	6/21/2019 9:04:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:03:12 PM	6/21/2019 9:03:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4374	6/21/2019 9:05:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:04:12 PM	6/21/2019 9:04:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4375	6/21/2019 9:06:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:05:12 PM	6/21/2019 9:05:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4376	6/21/2019 9:07:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:06:12 PM	6/21/2019 9:06:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4377	6/21/2019 9:08:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:07:12 PM	6/21/2019 9:07:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4378	6/21/2019 9:09:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:08:12 PM	6/21/2019 9:08:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4379	6/21/2019 9:10:13 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 9:09:11 PM	6/21/2019 9:09:12 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4380	6/21/2019 9:10:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:09:12 PM	6/21/2019 9:09:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4381	6/21/2019 9:11:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:10:12 PM	6/21/2019 9:10:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4382	6/21/2019 9:12:17 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:11:12 PM	6/21/2019 9:11:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4383	6/21/2019 9:13:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:12:12 PM	6/21/2019 9:12:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4384	6/21/2019 9:14:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:13:12 PM	6/21/2019 9:13:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4385	6/21/2019 9:15:17 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:14:12 PM	6/21/2019 9:14:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4386	6/21/2019 9:16:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:15:12 PM	6/21/2019 9:15:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4387	6/21/2019 9:17:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:16:12 PM	6/21/2019 9:16:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4388	6/21/2019 9:18:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:17:12 PM	6/21/2019 9:17:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4389	6/21/2019 9:19:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:18:12 PM	6/21/2019 9:18:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4390	6/21/2019 9:20:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:19:12 PM	6/21/2019 9:19:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4391	6/21/2019 9:21:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:20:12 PM	6/21/2019 9:20:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4392	6/21/2019 9:22:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:21:12 PM	6/21/2019 9:21:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4393	6/21/2019 9:23:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:22:12 PM	6/21/2019 9:22:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4394	6/21/2019 9:24:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:23:12 PM	6/21/2019 9:23:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4395	6/21/2019 9:25:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:24:12 PM	6/21/2019 9:24:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4396	6/21/2019 9:26:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:25:12 PM	6/21/2019 9:25:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4397	6/21/2019 9:27:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:26:12 PM	6/21/2019 9:26:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4398	6/21/2019 9:28:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:27:12 PM	6/21/2019 9:27:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4399	6/21/2019 9:29:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:28:12 PM	6/21/2019 9:28:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4400	6/21/2019 9:30:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:29:12 PM	6/21/2019 9:29:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4401	6/21/2019 9:31:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:30:12 PM	6/21/2019 9:30:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4402	6/21/2019 9:32:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:31:12 PM	6/21/2019 9:31:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4403	6/21/2019 9:33:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:32:12 PM	6/21/2019 9:32:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4404	6/21/2019 9:34:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:33:12 PM	6/21/2019 9:33:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4405	6/21/2019 9:35:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:34:12 PM	6/21/2019 9:34:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4406	6/21/2019 9:36:13 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/21/2019 9:35:10 PM	6/21/2019 9:35:10 PM	LockDown	192.168.2.22	1944	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4407	6/21/2019 9:36:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:35:12 PM	6/21/2019 9:35:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4408	6/21/2019 9:37:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:36:12 PM	6/21/2019 9:36:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4409	6/21/2019 9:38:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:37:12 PM	6/21/2019 9:37:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4410	6/21/2019 9:39:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:38:12 PM	6/21/2019 9:38:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4411	6/21/2019 9:40:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:39:12 PM	6/21/2019 9:39:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4412	6/21/2019 9:41:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:40:12 PM	6/21/2019 9:40:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4413	6/21/2019 9:42:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:41:12 PM	6/21/2019 9:41:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4414	6/21/2019 9:43:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:42:12 PM	6/21/2019 9:42:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4415	6/21/2019 9:44:06 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/21/2019 9:43:05 PM	6/21/2019 9:43:05 PM	LockDown	192.168.2.22	1944	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4416	6/21/2019 9:44:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:43:12 PM	6/21/2019 9:43:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4417	6/21/2019 9:45:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:44:12 PM	6/21/2019 9:44:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4418	6/21/2019 9:46:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:45:12 PM	6/21/2019 9:45:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4419	6/21/2019 9:47:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:46:12 PM	6/21/2019 9:46:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4420	6/21/2019 9:48:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:47:12 PM	6/21/2019 9:47:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4421	6/21/2019 9:49:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:48:12 PM	6/21/2019 9:48:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4422	6/21/2019 9:50:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:49:12 PM	6/21/2019 9:49:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4423	6/21/2019 9:51:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:50:12 PM	6/21/2019 9:50:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4424	6/21/2019 9:52:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:51:12 PM	6/21/2019 9:51:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4425	6/21/2019 9:53:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:52:12 PM	6/21/2019 9:52:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4426	6/21/2019 9:54:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:53:12 PM	6/21/2019 9:53:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4427	6/21/2019 9:55:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:54:12 PM	6/21/2019 9:54:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4428	6/21/2019 9:56:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:55:12 PM	6/21/2019 9:55:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4429	6/21/2019 9:57:17 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:56:12 PM	6/21/2019 9:56:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4430	6/21/2019 9:58:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:57:12 PM	6/21/2019 9:57:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4431	6/21/2019 9:59:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:58:12 PM	6/21/2019 9:58:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4432	6/21/2019 10:00:17 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 9:59:12 PM	6/21/2019 9:59:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4433	6/21/2019 10:01:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:00:12 PM	6/21/2019 10:00:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4434	6/21/2019 10:02:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:01:12 PM	6/21/2019 10:01:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4435	6/21/2019 10:03:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:02:12 PM	6/21/2019 10:02:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4436	6/21/2019 10:04:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:03:12 PM	6/21/2019 10:03:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4437	6/21/2019 10:05:17 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:04:12 PM	6/21/2019 10:04:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4438	6/21/2019 10:06:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:05:12 PM	6/21/2019 10:05:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4439	6/21/2019 10:06:24 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/21/2019 10:05:23 PM	6/21/2019 10:05:23 PM	LockDown	192.168.2.22	1944	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4440	6/21/2019 10:07:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:06:12 PM	6/21/2019 10:06:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4441	6/21/2019 10:08:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:07:12 PM	6/21/2019 10:07:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4442	6/21/2019 10:09:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:08:12 PM	6/21/2019 10:08:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4443	6/21/2019 10:10:17 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:09:12 PM	6/21/2019 10:09:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4444	6/21/2019 10:11:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:10:12 PM	6/21/2019 10:10:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4445	6/21/2019 10:12:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:11:12 PM	6/21/2019 10:11:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4446	6/21/2019 10:13:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:12:12 PM	6/21/2019 10:12:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4447	6/21/2019 10:14:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:13:12 PM	6/21/2019 10:13:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4448	6/21/2019 10:15:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:14:12 PM	6/21/2019 10:14:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4449	6/21/2019 10:16:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:15:12 PM	6/21/2019 10:15:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4450	6/21/2019 10:17:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:16:12 PM	6/21/2019 10:16:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4451	6/21/2019 10:18:17 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:17:12 PM	6/21/2019 10:17:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4452	6/21/2019 10:19:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:18:12 PM	6/21/2019 10:18:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4453	6/21/2019 10:20:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:19:12 PM	6/21/2019 10:19:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4454	6/21/2019 10:21:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:20:12 PM	6/21/2019 10:20:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4455	6/21/2019 10:22:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:21:12 PM	6/21/2019 10:21:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4456	6/21/2019 10:23:17 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:22:12 PM	6/21/2019 10:22:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4457	6/21/2019 10:24:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:23:12 PM	6/21/2019 10:23:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4458	6/21/2019 10:25:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:24:12 PM	6/21/2019 10:24:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4459	6/21/2019 10:26:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:25:12 PM	6/21/2019 10:25:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4460	6/21/2019 10:27:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:26:12 PM	6/21/2019 10:26:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4461	6/21/2019 10:28:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:27:12 PM	6/21/2019 10:27:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4462	6/21/2019 10:29:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:28:12 PM	6/21/2019 10:28:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4463	6/21/2019 10:30:17 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:29:12 PM	6/21/2019 10:29:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4464	6/21/2019 10:31:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:30:12 PM	6/21/2019 10:30:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4465	6/21/2019 10:32:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:31:12 PM	6/21/2019 10:31:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4466	6/21/2019 10:33:08 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 10:32:06 PM	6/21/2019 10:32:06 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4467	6/21/2019 10:33:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:32:12 PM	6/21/2019 10:32:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4468	6/21/2019 10:34:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:33:12 PM	6/21/2019 10:33:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4469	6/21/2019 10:35:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:34:12 PM	6/21/2019 10:34:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4470	6/21/2019 10:36:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:35:12 PM	6/21/2019 10:35:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4471	6/21/2019 10:37:18 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:36:12 PM	6/21/2019 10:36:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4472	6/21/2019 10:38:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:37:12 PM	6/21/2019 10:37:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4473	6/21/2019 10:39:17 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:38:12 PM	6/21/2019 10:38:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4474	6/21/2019 10:40:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:39:12 PM	6/21/2019 10:39:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4475	6/21/2019 10:41:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:40:12 PM	6/21/2019 10:40:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4476	6/21/2019 10:42:17 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:41:12 PM	6/21/2019 10:41:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4477	6/21/2019 10:43:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:42:12 PM	6/21/2019 10:42:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4478	6/21/2019 10:44:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:43:12 PM	6/21/2019 10:43:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4479	6/21/2019 10:45:17 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:44:12 PM	6/21/2019 10:44:12 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4480	6/21/2019 10:46:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:45:13 PM	6/21/2019 10:45:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4481	6/21/2019 10:47:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:46:13 PM	6/21/2019 10:46:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4482	6/21/2019 10:48:17 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:47:13 PM	6/21/2019 10:47:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4483	6/21/2019 10:49:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:48:13 PM	6/21/2019 10:48:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4484	6/21/2019 10:50:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:49:13 PM	6/21/2019 10:49:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4485	6/21/2019 10:51:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:50:13 PM	6/21/2019 10:50:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4486	6/21/2019 10:52:02 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/21/2019 10:50:58 PM	6/21/2019 10:50:58 PM	LockDown	192.168.2.22	1944	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4487	6/21/2019 10:52:18 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:51:13 PM	6/21/2019 10:51:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4488	6/21/2019 10:53:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:52:13 PM	6/21/2019 10:52:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4489	6/21/2019 10:53:55 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/21/2019 10:52:53 PM	6/21/2019 10:52:53 PM	LockDown	192.168.2.22	1944	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4490	6/21/2019 10:54:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:53:13 PM	6/21/2019 10:53:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4491	6/21/2019 10:55:17 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:54:13 PM	6/21/2019 10:54:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4492	6/21/2019 10:56:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:55:13 PM	6/21/2019 10:55:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4493	6/21/2019 10:57:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:56:13 PM	6/21/2019 10:56:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4494	6/21/2019 10:58:17 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:57:13 PM	6/21/2019 10:57:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4495	6/21/2019 10:59:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:58:13 PM	6/21/2019 10:58:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4496	6/21/2019 11:00:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 10:59:13 PM	6/21/2019 10:59:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4497	6/21/2019 11:01:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:00:13 PM	6/21/2019 11:00:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4498	6/21/2019 11:02:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:01:13 PM	6/21/2019 11:01:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4499	6/21/2019 11:03:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:02:13 PM	6/21/2019 11:02:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4500	6/21/2019 11:04:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:03:13 PM	6/21/2019 11:03:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4501	6/21/2019 11:05:18 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:04:13 PM	6/21/2019 11:04:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4502	6/21/2019 11:06:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:05:13 PM	6/21/2019 11:05:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4503	6/21/2019 11:07:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:06:13 PM	6/21/2019 11:06:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4504	6/21/2019 11:07:46 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 11:06:43 PM	6/21/2019 11:06:43 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4505	6/21/2019 11:07:52 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/21/2019 11:06:47 PM	6/21/2019 11:06:47 PM	LockDown	192.168.2.22	1944	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4506	6/21/2019 11:08:17 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:07:13 PM	6/21/2019 11:07:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4507	6/21/2019 11:09:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:08:13 PM	6/21/2019 11:08:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4508	6/21/2019 11:10:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:09:13 PM	6/21/2019 11:09:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4509	6/21/2019 11:11:17 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:10:13 PM	6/21/2019 11:10:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4510	6/21/2019 11:12:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:11:13 PM	6/21/2019 11:11:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4511	6/21/2019 11:13:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:12:13 PM	6/21/2019 11:12:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4512	6/21/2019 11:14:17 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:13:13 PM	6/21/2019 11:13:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4513	6/21/2019 11:15:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:14:13 PM	6/21/2019 11:14:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4514	6/21/2019 11:16:17 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:15:13 PM	6/21/2019 11:15:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4515	6/21/2019 11:17:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:16:13 PM	6/21/2019 11:16:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4516	6/21/2019 11:18:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:17:13 PM	6/21/2019 11:17:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4517	6/21/2019 11:19:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:18:13 PM	6/21/2019 11:18:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4518	6/21/2019 11:20:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:19:13 PM	6/21/2019 11:19:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4519	6/21/2019 11:20:31 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/21/2019 11:19:27 PM	6/21/2019 11:19:27 PM	LockDown	192.168.2.22	1944	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4520	6/21/2019 11:21:17 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:20:13 PM	6/21/2019 11:20:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4521	6/21/2019 11:22:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:21:13 PM	6/21/2019 11:21:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4522	6/21/2019 11:23:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:22:13 PM	6/21/2019 11:22:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4523	6/21/2019 11:24:17 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:23:13 PM	6/21/2019 11:23:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4524	6/21/2019 11:25:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:24:13 PM	6/21/2019 11:24:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4525	6/21/2019 11:25:34 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/21/2019 11:24:33 PM	6/21/2019 11:24:33 PM	LockDown	192.168.2.22	1944	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4526	6/21/2019 11:26:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:25:13 PM	6/21/2019 11:25:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4527	6/21/2019 11:27:17 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:26:13 PM	6/21/2019 11:26:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4528	6/21/2019 11:28:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:27:13 PM	6/21/2019 11:27:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4529	6/21/2019 11:29:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:28:13 PM	6/21/2019 11:28:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4530	6/21/2019 11:30:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:29:13 PM	6/21/2019 11:29:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4531	6/21/2019 11:31:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:30:13 PM	6/21/2019 11:30:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4532	6/21/2019 11:32:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:31:13 PM	6/21/2019 11:31:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4533	6/21/2019 11:33:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:32:13 PM	6/21/2019 11:32:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4534	6/21/2019 11:34:18 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:33:13 PM	6/21/2019 11:33:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4535	6/21/2019 11:35:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:34:13 PM	6/21/2019 11:34:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4536	6/21/2019 11:36:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:35:13 PM	6/21/2019 11:35:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4537	6/21/2019 11:37:18 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:36:13 PM	6/21/2019 11:36:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4538	6/21/2019 11:38:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:37:13 PM	6/21/2019 11:37:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4539	6/21/2019 11:39:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:38:13 PM	6/21/2019 11:38:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4540	6/21/2019 11:40:18 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:39:13 PM	6/21/2019 11:39:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4541	6/21/2019 11:40:28 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 11:39:26 PM	6/21/2019 11:39:27 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4542	6/21/2019 11:41:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:40:13 PM	6/21/2019 11:40:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4543	6/21/2019 11:41:55 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/21/2019 11:40:50 PM	6/21/2019 11:40:50 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4544	6/21/2019 11:42:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:41:13 PM	6/21/2019 11:41:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4545	6/21/2019 11:43:17 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:42:13 PM	6/21/2019 11:42:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4546	6/21/2019 11:44:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:43:13 PM	6/21/2019 11:43:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4547	6/21/2019 11:45:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:44:13 PM	6/21/2019 11:44:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4548	6/21/2019 11:45:41 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/21/2019 11:44:41 PM	6/21/2019 11:44:41 PM	LockDown	192.168.2.22	1944	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4549	6/21/2019 11:46:17 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:45:13 PM	6/21/2019 11:45:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4550	6/21/2019 11:47:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:46:13 PM	6/21/2019 11:46:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4551	6/21/2019 11:48:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:47:13 PM	6/21/2019 11:47:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4552	6/21/2019 11:49:17 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:48:13 PM	6/21/2019 11:48:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4553	6/21/2019 11:50:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:49:13 PM	6/21/2019 11:49:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4554	6/21/2019 11:51:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:50:13 PM	6/21/2019 11:50:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4555	6/21/2019 11:52:17 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:51:13 PM	6/21/2019 11:51:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4556	6/21/2019 11:53:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:52:13 PM	6/21/2019 11:52:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4557	6/21/2019 11:54:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:53:13 PM	6/21/2019 11:53:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4558	6/21/2019 11:55:17 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:54:13 PM	6/21/2019 11:54:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4559	6/21/2019 11:56:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:55:13 PM	6/21/2019 11:55:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4560	6/21/2019 11:57:15 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:56:13 PM	6/21/2019 11:56:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4561	6/21/2019 11:58:16 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:57:13 PM	6/21/2019 11:57:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4562	6/21/2019 11:59:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:58:13 PM	6/21/2019 11:58:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4563	6/22/2019 12:00:15 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/21/2019 11:59:13 PM	6/21/2019 11:59:13 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4564	6/22/2019 12:01:16 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:00:13 AM	6/22/2019 12:00:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4565	6/22/2019 12:02:18 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:01:13 AM	6/22/2019 12:01:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4566	6/22/2019 12:03:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:02:13 AM	6/22/2019 12:02:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4567	6/22/2019 12:04:11 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/22/2019 12:03:05 AM	6/22/2019 12:03:06 AM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4568	6/22/2019 12:04:16 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:03:13 AM	6/22/2019 12:03:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4569	6/22/2019 12:05:18 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:04:13 AM	6/22/2019 12:04:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4570	6/22/2019 12:06:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:05:13 AM	6/22/2019 12:05:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4571	6/22/2019 12:07:16 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:06:13 AM	6/22/2019 12:06:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4572	6/22/2019 12:08:17 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:07:13 AM	6/22/2019 12:07:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4573	6/22/2019 12:09:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:08:13 AM	6/22/2019 12:08:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4574	6/22/2019 12:10:15 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:09:13 AM	6/22/2019 12:09:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4575	6/22/2019 12:11:17 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:10:13 AM	6/22/2019 12:10:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4576	6/22/2019 12:12:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:11:13 AM	6/22/2019 12:11:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4577	6/22/2019 12:13:15 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:12:13 AM	6/22/2019 12:12:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4578	6/22/2019 12:14:16 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:13:13 AM	6/22/2019 12:13:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4579	6/22/2019 12:15:18 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:14:13 AM	6/22/2019 12:14:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4580	6/22/2019 12:16:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:15:13 AM	6/22/2019 12:15:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4581	6/22/2019 12:17:16 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:16:13 AM	6/22/2019 12:16:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4582	6/22/2019 12:18:17 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:17:13 AM	6/22/2019 12:17:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4583	6/22/2019 12:19:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:18:13 AM	6/22/2019 12:18:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4584	6/22/2019 12:20:15 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:19:13 AM	6/22/2019 12:19:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4585	6/22/2019 12:21:17 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:20:13 AM	6/22/2019 12:20:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4586	6/22/2019 12:22:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:21:13 AM	6/22/2019 12:21:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4587	6/22/2019 12:23:15 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:22:13 AM	6/22/2019 12:22:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4588	6/22/2019 12:24:16 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:23:13 AM	6/22/2019 12:23:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4589	6/22/2019 12:25:18 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:24:13 AM	6/22/2019 12:24:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4590	6/22/2019 12:26:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:25:13 AM	6/22/2019 12:25:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4591	6/22/2019 12:27:16 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:26:13 AM	6/22/2019 12:26:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4592	6/22/2019 12:28:18 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:27:13 AM	6/22/2019 12:27:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4593	6/22/2019 12:29:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:28:13 AM	6/22/2019 12:28:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4594	6/22/2019 12:30:16 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:29:13 AM	6/22/2019 12:29:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4595	6/22/2019 12:31:17 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:30:13 AM	6/22/2019 12:30:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4596	6/22/2019 12:32:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:31:13 AM	6/22/2019 12:31:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4597	6/22/2019 12:33:16 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:32:13 AM	6/22/2019 12:32:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4598	6/22/2019 12:34:17 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:33:13 AM	6/22/2019 12:33:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4599	6/22/2019 12:35:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:34:13 AM	6/22/2019 12:34:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4600	6/22/2019 12:36:15 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:35:13 AM	6/22/2019 12:35:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4601	6/22/2019 12:37:17 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:36:13 AM	6/22/2019 12:36:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4602	6/22/2019 12:38:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:37:13 AM	6/22/2019 12:37:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4603	6/22/2019 12:39:15 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:38:13 AM	6/22/2019 12:38:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4604	6/22/2019 12:40:17 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:39:13 AM	6/22/2019 12:39:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4605	6/22/2019 12:41:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:40:13 AM	6/22/2019 12:40:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4606	6/22/2019 12:42:15 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:41:13 AM	6/22/2019 12:41:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4607	6/22/2019 12:43:17 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:42:13 AM	6/22/2019 12:42:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4608	6/22/2019 12:44:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:43:13 AM	6/22/2019 12:43:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4609	6/22/2019 12:44:23 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/22/2019 12:43:19 AM	6/22/2019 12:43:19 AM	LockDown	192.168.2.22	1944	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4610	6/22/2019 12:45:15 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:44:13 AM	6/22/2019 12:44:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4611	6/22/2019 12:46:16 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:45:13 AM	6/22/2019 12:45:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4612	6/22/2019 12:47:18 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:46:13 AM	6/22/2019 12:46:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4613	6/22/2019 12:48:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:47:13 AM	6/22/2019 12:47:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4614	6/22/2019 12:49:16 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:48:13 AM	6/22/2019 12:48:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4615	6/22/2019 12:50:18 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:49:13 AM	6/22/2019 12:49:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4616	6/22/2019 12:51:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:50:13 AM	6/22/2019 12:50:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4617	6/22/2019 12:52:16 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:51:13 AM	6/22/2019 12:51:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4618	6/22/2019 12:53:17 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:52:13 AM	6/22/2019 12:52:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4619	6/22/2019 12:53:53 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/22/2019 12:52:53 AM	6/22/2019 12:52:53 AM	LockDown	192.168.2.22	1944	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4620	6/22/2019 12:54:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:53:13 AM	6/22/2019 12:53:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4621	6/22/2019 12:55:15 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:54:13 AM	6/22/2019 12:54:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4622	6/22/2019 12:56:17 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:55:13 AM	6/22/2019 12:55:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4623	6/22/2019 12:57:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:56:13 AM	6/22/2019 12:56:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4624	6/22/2019 12:58:15 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:57:13 AM	6/22/2019 12:57:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4625	6/22/2019 12:59:17 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:58:13 AM	6/22/2019 12:58:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4626	6/22/2019 1:00:13 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 12:59:13 AM	6/22/2019 12:59:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4627	6/22/2019 1:01:15 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 1:00:13 AM	6/22/2019 1:00:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4628	6/22/2019 1:02:16 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 1:01:13 AM	6/22/2019 1:01:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4629	6/22/2019 1:03:18 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 1:02:13 AM	6/22/2019 1:02:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4630	6/22/2019 1:04:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 1:03:13 AM	6/22/2019 1:03:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4631	6/22/2019 1:04:40 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/22/2019 1:03:18 AM	6/22/2019 1:03:37 AM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4632	6/22/2019 1:05:16 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 1:04:13 AM	6/22/2019 1:04:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4633	6/22/2019 1:06:18 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 1:05:13 AM	6/22/2019 1:05:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4634	6/22/2019 1:07:14 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 1:06:13 AM	6/22/2019 1:06:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4635	6/24/2019 9:03:34 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/22/2019 1:07:13 AM	6/22/2019 1:07:13 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4636	6/24/2019 9:03:34 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/22/2019 1:07:38 AM	6/22/2019 1:07:38 AM	LockDown	192.168.2.22	1944	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4637	6/24/2019 9:05:06 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="NVCPL.DLL,NvStartupRunOnEachSessionUserAccount"	Create Process	0	6/24/2019 9:04:02 AM	6/24/2019 9:04:02 AM	LockDown	0.0.0.0	9192	C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4638	6/24/2019 9:05:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:04:00 AM	6/24/2019 9:04:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	0.0.0.0	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4639	6/24/2019 9:06:07 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:05:06 AM	6/24/2019 9:05:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4640	6/24/2019 9:07:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:06:06 AM	6/24/2019 9:06:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4641	6/24/2019 9:08:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:07:06 AM	6/24/2019 9:07:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4642	6/24/2019 9:08:20 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding"	Create Process	0	6/24/2019 9:07:19 AM	6/24/2019 9:07:19 AM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4643	6/24/2019 9:08:26 AM	User Event	0	Block	Production	Autorun has been blocked.  Check the Control Log for more details. - Caller MD5=c8fb56b60458b09c1caebd4daf1ac8bb	File Read	0	6/24/2019 9:07:21 AM	6/24/2019 9:07:21 AM	Explorer | [AC9-1.1] Autorun.inf	192.168.2.22	21800	C:\Windows\explorer.exe	USBSTOR\Disk&Ven_iODD&Prod__External_HDD&Rev_\______XX00000001&1	Z:\Autorun.inf	0 Bytes	Default	ali.geyik	GLSTR	Alert
4644	6/24/2019 9:09:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:08:06 AM	6/24/2019 9:08:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4645	6/24/2019 9:10:07 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:09:06 AM	6/24/2019 9:09:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4646	6/24/2019 9:16:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:10:06 AM	6/24/2019 9:15:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4647	6/24/2019 9:17:07 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:16:06 AM	6/24/2019 9:16:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4648	6/24/2019 9:18:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:17:06 AM	6/24/2019 9:17:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4649	6/24/2019 9:19:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:18:06 AM	6/24/2019 9:18:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4650	6/24/2019 9:20:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:19:06 AM	6/24/2019 9:19:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4651	6/24/2019 9:21:07 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:20:06 AM	6/24/2019 9:20:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4652	6/24/2019 9:22:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:21:06 AM	6/24/2019 9:21:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4653	6/24/2019 9:23:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:22:06 AM	6/24/2019 9:22:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	0.0.0.0	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4654	6/24/2019 9:24:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:23:06 AM	6/24/2019 9:23:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	0.0.0.0	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4655	6/24/2019 9:25:07 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:24:06 AM	6/24/2019 9:24:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4656	6/24/2019 9:26:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:25:06 AM	6/24/2019 9:25:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4657	6/24/2019 9:27:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:26:06 AM	6/24/2019 9:26:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4658	6/24/2019 9:28:03 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments=""C:\Windows\Installer\MSI861D.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_261261406 2 ChipsetWiX.CustomAction!Intel.Deployment.ChipsetWiX.CustomActions.SetTargetPath"	Create Process	0	6/24/2019 9:27:02 AM	6/24/2019 9:27:02 AM	LockDown	192.168.2.22	18472	C:\Windows\System32\msiexec.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	ali.geyik	GLSTR	Alert
4659	6/24/2019 9:28:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:27:06 AM	6/24/2019 9:27:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4660	6/24/2019 9:29:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:28:06 AM	6/24/2019 9:28:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4661	6/24/2019 9:30:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:29:06 AM	6/24/2019 9:29:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4662	6/24/2019 9:31:07 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:30:06 AM	6/24/2019 9:30:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4663	6/24/2019 9:32:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:31:06 AM	6/24/2019 9:31:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4664	6/24/2019 9:33:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:32:06 AM	6/24/2019 9:32:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4665	6/24/2019 9:34:07 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:33:06 AM	6/24/2019 9:33:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4666	6/24/2019 9:35:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:34:06 AM	6/24/2019 9:34:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4667	6/24/2019 9:36:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:35:06 AM	6/24/2019 9:35:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4668	6/24/2019 9:37:07 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:36:06 AM	6/24/2019 9:36:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4669	6/24/2019 9:38:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:37:06 AM	6/24/2019 9:37:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4670	6/24/2019 9:39:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:38:06 AM	6/24/2019 9:38:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4671	6/24/2019 9:40:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:39:06 AM	6/24/2019 9:39:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4672	6/24/2019 9:40:42 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 9:39:29 AM	6/24/2019 9:39:39 AM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4673	6/24/2019 9:41:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:40:06 AM	6/24/2019 9:40:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4674	6/24/2019 9:42:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:41:06 AM	6/24/2019 9:41:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4675	6/24/2019 9:42:30 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 9:41:08 AM	6/24/2019 9:41:29 AM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4676	6/24/2019 9:43:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:42:06 AM	6/24/2019 9:42:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4677	6/24/2019 9:44:07 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:43:06 AM	6/24/2019 9:43:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4678	6/24/2019 9:45:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:44:06 AM	6/24/2019 9:44:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4679	6/24/2019 9:46:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:45:06 AM	6/24/2019 9:45:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4680	6/24/2019 9:47:07 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:46:06 AM	6/24/2019 9:46:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4681	6/24/2019 9:48:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:47:06 AM	6/24/2019 9:47:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4682	6/24/2019 9:48:44 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 9:47:38 AM	6/24/2019 9:47:40 AM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4683	6/24/2019 9:49:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:48:06 AM	6/24/2019 9:48:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4684	6/24/2019 9:50:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:49:06 AM	6/24/2019 9:49:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4685	6/24/2019 9:51:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:50:06 AM	6/24/2019 9:50:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4686	6/24/2019 9:52:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:51:06 AM	6/24/2019 9:51:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4687	6/24/2019 9:52:20 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 9:51:06 AM	6/24/2019 9:51:20 AM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4688	6/24/2019 9:53:07 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:52:06 AM	6/24/2019 9:52:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4689	6/24/2019 9:54:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:53:06 AM	6/24/2019 9:53:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4690	6/24/2019 9:55:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:54:06 AM	6/24/2019 9:54:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4691	6/24/2019 9:56:07 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:55:06 AM	6/24/2019 9:55:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4692	6/24/2019 9:57:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:56:06 AM	6/24/2019 9:56:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4693	6/24/2019 9:58:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:57:06 AM	6/24/2019 9:57:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4694	6/24/2019 9:59:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:58:06 AM	6/24/2019 9:58:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4695	6/24/2019 10:00:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 9:59:06 AM	6/24/2019 9:59:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4696	6/24/2019 10:01:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:00:06 AM	6/24/2019 10:00:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4697	6/24/2019 10:02:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:01:06 AM	6/24/2019 10:01:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4698	6/24/2019 10:03:07 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:02:06 AM	6/24/2019 10:02:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4699	6/24/2019 10:04:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:03:06 AM	6/24/2019 10:03:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4700	6/24/2019 10:05:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:04:06 AM	6/24/2019 10:04:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4701	6/24/2019 10:06:07 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:05:06 AM	6/24/2019 10:05:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4702	6/24/2019 10:07:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:06:06 AM	6/24/2019 10:06:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4703	6/24/2019 10:08:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:07:06 AM	6/24/2019 10:07:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4704	6/24/2019 10:09:06 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:08:06 AM	6/24/2019 10:08:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4705	6/24/2019 10:10:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:09:06 AM	6/24/2019 10:09:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4706	6/24/2019 10:11:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:10:06 AM	6/24/2019 10:10:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4707	6/24/2019 10:12:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:11:06 AM	6/24/2019 10:11:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4708	6/24/2019 10:13:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:12:06 AM	6/24/2019 10:12:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4709	6/24/2019 10:14:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:13:06 AM	6/24/2019 10:13:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4710	6/24/2019 10:15:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:14:06 AM	6/24/2019 10:14:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4711	6/24/2019 10:16:07 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:15:06 AM	6/24/2019 10:15:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4712	6/24/2019 10:17:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:16:06 AM	6/24/2019 10:16:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4713	6/24/2019 10:18:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:17:06 AM	6/24/2019 10:17:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4714	6/24/2019 10:19:07 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:18:06 AM	6/24/2019 10:18:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4715	6/24/2019 10:20:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:19:06 AM	6/24/2019 10:19:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4716	6/24/2019 10:21:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:20:06 AM	6/24/2019 10:20:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4717	6/24/2019 10:22:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:21:06 AM	6/24/2019 10:21:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4718	6/24/2019 10:23:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:22:06 AM	6/24/2019 10:22:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4719	6/24/2019 10:24:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:23:06 AM	6/24/2019 10:23:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4720	6/24/2019 10:25:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:24:06 AM	6/24/2019 10:24:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4721	6/24/2019 10:26:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:25:06 AM	6/24/2019 10:25:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4722	6/24/2019 10:27:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:26:06 AM	6/24/2019 10:26:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4723	6/24/2019 10:28:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:27:06 AM	6/24/2019 10:27:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4724	6/24/2019 10:29:07 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:28:06 AM	6/24/2019 10:28:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4725	6/24/2019 10:30:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:29:06 AM	6/24/2019 10:29:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4726	6/24/2019 10:31:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:30:06 AM	6/24/2019 10:30:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4727	6/24/2019 10:32:07 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:31:06 AM	6/24/2019 10:31:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4728	6/24/2019 10:33:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:32:06 AM	6/24/2019 10:32:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4729	6/24/2019 10:34:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:33:06 AM	6/24/2019 10:33:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4730	6/24/2019 10:35:07 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:34:06 AM	6/24/2019 10:34:06 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4731	6/24/2019 10:36:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:35:07 AM	6/24/2019 10:35:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4732	6/24/2019 10:37:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:36:07 AM	6/24/2019 10:36:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4733	6/24/2019 10:38:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:37:07 AM	6/24/2019 10:37:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4734	6/24/2019 10:39:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:38:07 AM	6/24/2019 10:38:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4735	6/24/2019 10:40:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:39:07 AM	6/24/2019 10:39:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4736	6/24/2019 10:41:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:40:07 AM	6/24/2019 10:40:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4737	6/24/2019 10:42:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:41:07 AM	6/24/2019 10:41:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4738	6/24/2019 10:43:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:42:07 AM	6/24/2019 10:42:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4739	6/24/2019 10:44:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:43:07 AM	6/24/2019 10:43:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4740	6/24/2019 10:45:07 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 10:44:01 AM	6/24/2019 10:44:02 AM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4741	6/24/2019 10:45:07 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:44:07 AM	6/24/2019 10:44:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4742	6/24/2019 10:46:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:45:07 AM	6/24/2019 10:45:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4743	6/24/2019 10:47:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:46:07 AM	6/24/2019 10:46:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4744	6/24/2019 10:48:07 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:47:07 AM	6/24/2019 10:47:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4745	6/24/2019 10:49:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:48:07 AM	6/24/2019 10:48:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4746	6/24/2019 10:50:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:49:07 AM	6/24/2019 10:49:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4747	6/24/2019 10:51:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:50:07 AM	6/24/2019 10:50:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4748	6/24/2019 10:52:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:51:07 AM	6/24/2019 10:51:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4749	6/24/2019 10:53:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:52:07 AM	6/24/2019 10:52:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4750	6/24/2019 10:54:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:53:07 AM	6/24/2019 10:53:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4751	6/24/2019 10:55:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:54:07 AM	6/24/2019 10:54:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4752	6/24/2019 10:56:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:55:07 AM	6/24/2019 10:55:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4753	6/24/2019 10:57:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:56:07 AM	6/24/2019 10:56:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4754	6/24/2019 10:58:07 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:57:07 AM	6/24/2019 10:57:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4755	6/24/2019 10:59:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:58:07 AM	6/24/2019 10:58:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4756	6/24/2019 11:00:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 10:59:07 AM	6/24/2019 10:59:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4757	6/24/2019 11:01:07 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:00:07 AM	6/24/2019 11:00:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4758	6/24/2019 11:02:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:01:07 AM	6/24/2019 11:01:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4759	6/24/2019 11:03:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:02:07 AM	6/24/2019 11:02:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4760	6/24/2019 11:04:07 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:03:07 AM	6/24/2019 11:03:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4761	6/24/2019 11:05:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:04:07 AM	6/24/2019 11:04:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4762	6/24/2019 11:06:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:05:07 AM	6/24/2019 11:05:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4763	6/24/2019 11:07:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:06:07 AM	6/24/2019 11:06:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4764	6/24/2019 11:08:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:07:07 AM	6/24/2019 11:07:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4765	6/24/2019 11:09:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:08:07 AM	6/24/2019 11:08:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4766	6/24/2019 11:10:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:09:07 AM	6/24/2019 11:09:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4767	6/24/2019 11:11:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:10:07 AM	6/24/2019 11:10:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4768	6/24/2019 11:11:59 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 11:10:40 AM	6/24/2019 11:10:56 AM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4769	6/24/2019 11:12:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:11:07 AM	6/24/2019 11:11:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4770	6/24/2019 11:13:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:12:07 AM	6/24/2019 11:12:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4771	6/24/2019 11:14:07 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:13:07 AM	6/24/2019 11:13:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4772	6/24/2019 11:15:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:14:07 AM	6/24/2019 11:14:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4773	6/24/2019 11:16:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:15:07 AM	6/24/2019 11:15:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4774	6/24/2019 11:17:07 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:16:07 AM	6/24/2019 11:16:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4775	6/24/2019 11:18:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:17:07 AM	6/24/2019 11:17:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4776	6/24/2019 11:19:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:18:07 AM	6/24/2019 11:18:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4777	6/24/2019 11:20:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:19:07 AM	6/24/2019 11:19:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4778	6/24/2019 11:21:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:20:07 AM	6/24/2019 11:20:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4779	6/24/2019 11:22:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:21:07 AM	6/24/2019 11:21:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4780	6/24/2019 11:23:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:22:07 AM	6/24/2019 11:22:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4781	6/24/2019 11:24:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:23:07 AM	6/24/2019 11:23:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4782	6/24/2019 11:25:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:24:07 AM	6/24/2019 11:24:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4783	6/24/2019 11:26:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:25:07 AM	6/24/2019 11:25:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4784	6/24/2019 11:27:07 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:26:07 AM	6/24/2019 11:26:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4785	6/24/2019 11:28:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:27:07 AM	6/24/2019 11:27:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4786	6/24/2019 11:29:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:28:07 AM	6/24/2019 11:28:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4787	6/24/2019 11:30:07 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:29:07 AM	6/24/2019 11:29:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4788	6/24/2019 11:31:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:30:07 AM	6/24/2019 11:30:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4789	6/24/2019 11:32:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:31:07 AM	6/24/2019 11:31:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4790	6/24/2019 11:33:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:32:07 AM	6/24/2019 11:32:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4791	6/24/2019 11:34:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:33:07 AM	6/24/2019 11:33:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4792	6/24/2019 11:35:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:34:07 AM	6/24/2019 11:34:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4793	6/24/2019 11:36:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:35:07 AM	6/24/2019 11:35:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4794	6/24/2019 11:37:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:36:07 AM	6/24/2019 11:36:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4795	6/24/2019 11:38:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:37:07 AM	6/24/2019 11:37:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4796	6/24/2019 11:39:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:38:07 AM	6/24/2019 11:38:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4797	6/24/2019 11:40:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:39:07 AM	6/24/2019 11:39:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4798	6/24/2019 11:41:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:40:07 AM	6/24/2019 11:40:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4799	6/24/2019 11:42:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:41:07 AM	6/24/2019 11:41:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4800	6/24/2019 11:43:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:42:07 AM	6/24/2019 11:42:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4801	6/24/2019 11:44:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:43:07 AM	6/24/2019 11:43:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4802	6/24/2019 11:45:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:44:07 AM	6/24/2019 11:44:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4803	6/24/2019 11:45:42 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 11:44:00 AM	6/24/2019 11:44:37 AM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4804	6/24/2019 11:46:07 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:45:07 AM	6/24/2019 11:45:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4805	6/24/2019 11:47:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:46:07 AM	6/24/2019 11:46:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4806	6/24/2019 11:48:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:47:07 AM	6/24/2019 11:47:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4807	6/24/2019 11:48:16 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 11:46:51 AM	6/24/2019 11:47:14 AM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4808	6/24/2019 11:49:07 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:48:07 AM	6/24/2019 11:48:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4809	6/24/2019 11:50:09 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:49:07 AM	6/24/2019 11:49:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4810	6/24/2019 11:51:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:50:07 AM	6/24/2019 11:50:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4811	6/24/2019 11:52:12 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:51:07 AM	6/24/2019 11:51:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4812	6/24/2019 11:53:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:52:07 AM	6/24/2019 11:52:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4813	6/24/2019 11:54:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:53:07 AM	6/24/2019 11:53:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4814	6/24/2019 11:55:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:54:07 AM	6/24/2019 11:54:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4815	6/24/2019 11:56:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:55:07 AM	6/24/2019 11:55:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4816	6/24/2019 11:57:10 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:56:07 AM	6/24/2019 11:56:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4817	6/24/2019 11:58:01 AM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/24/2019 11:57:01 AM	6/24/2019 11:57:01 AM	LockDown	192.168.2.22	1944	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4818	6/24/2019 11:58:11 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:57:07 AM	6/24/2019 11:57:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4819	6/24/2019 11:59:08 AM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:58:07 AM	6/24/2019 11:58:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4820	6/24/2019 12:00:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 11:59:07 AM	6/24/2019 11:59:07 AM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4821	6/24/2019 12:01:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:00:07 PM	6/24/2019 12:00:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4822	6/24/2019 12:02:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:01:07 PM	6/24/2019 12:01:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4823	6/24/2019 12:03:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:02:07 PM	6/24/2019 12:02:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4824	6/24/2019 12:04:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:03:07 PM	6/24/2019 12:03:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4825	6/24/2019 12:05:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:04:07 PM	6/24/2019 12:04:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4826	6/24/2019 12:06:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:05:07 PM	6/24/2019 12:05:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4827	6/24/2019 12:07:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:06:07 PM	6/24/2019 12:06:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4828	6/24/2019 12:08:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:07:07 PM	6/24/2019 12:07:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4829	6/24/2019 12:09:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:08:07 PM	6/24/2019 12:08:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4830	6/24/2019 12:10:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:09:07 PM	6/24/2019 12:09:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4831	6/24/2019 12:11:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:10:07 PM	6/24/2019 12:10:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4832	6/24/2019 12:12:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:11:07 PM	6/24/2019 12:11:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4833	6/24/2019 12:13:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:12:07 PM	6/24/2019 12:12:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4834	6/24/2019 12:14:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:13:07 PM	6/24/2019 12:13:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4835	6/24/2019 12:15:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:14:07 PM	6/24/2019 12:14:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4836	6/24/2019 12:16:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:15:07 PM	6/24/2019 12:15:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4837	6/24/2019 12:17:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:16:07 PM	6/24/2019 12:16:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4838	6/24/2019 12:18:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:17:07 PM	6/24/2019 12:17:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4839	6/24/2019 12:19:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:18:07 PM	6/24/2019 12:18:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4840	6/24/2019 12:20:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:19:07 PM	6/24/2019 12:19:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4841	6/24/2019 12:21:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:20:07 PM	6/24/2019 12:20:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4842	6/24/2019 12:22:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:21:07 PM	6/24/2019 12:21:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4843	6/24/2019 12:23:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:22:07 PM	6/24/2019 12:22:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4844	6/24/2019 12:24:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:23:07 PM	6/24/2019 12:23:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4845	6/24/2019 12:25:09 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 12:24:02 PM	6/24/2019 12:24:04 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4846	6/24/2019 12:25:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:24:07 PM	6/24/2019 12:24:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4847	6/24/2019 12:26:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:25:07 PM	6/24/2019 12:25:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4848	6/24/2019 12:27:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:26:07 PM	6/24/2019 12:26:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4849	6/24/2019 12:28:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:27:07 PM	6/24/2019 12:27:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4850	6/24/2019 12:29:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:28:07 PM	6/24/2019 12:28:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4851	6/24/2019 12:30:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:29:07 PM	6/24/2019 12:29:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4852	6/24/2019 12:31:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:30:07 PM	6/24/2019 12:30:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4853	6/24/2019 12:32:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:31:07 PM	6/24/2019 12:31:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4854	6/24/2019 12:33:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:32:07 PM	6/24/2019 12:32:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4855	6/24/2019 12:34:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:33:07 PM	6/24/2019 12:33:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4856	6/24/2019 12:35:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:34:07 PM	6/24/2019 12:34:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4857	6/24/2019 12:36:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:35:07 PM	6/24/2019 12:35:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4858	6/24/2019 12:37:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:36:07 PM	6/24/2019 12:36:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4859	6/24/2019 12:38:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:37:07 PM	6/24/2019 12:37:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4860	6/24/2019 12:39:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:38:07 PM	6/24/2019 12:38:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4861	6/24/2019 12:40:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:39:07 PM	6/24/2019 12:39:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4862	6/24/2019 12:41:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:40:07 PM	6/24/2019 12:40:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4863	6/24/2019 12:42:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:41:07 PM	6/24/2019 12:41:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4864	6/24/2019 12:43:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:42:07 PM	6/24/2019 12:42:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4865	6/24/2019 12:44:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:43:07 PM	6/24/2019 12:43:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4866	6/24/2019 12:45:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:44:07 PM	6/24/2019 12:44:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4867	6/24/2019 12:46:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:45:07 PM	6/24/2019 12:45:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4868	6/24/2019 12:47:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:46:07 PM	6/24/2019 12:46:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4869	6/24/2019 12:48:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:47:07 PM	6/24/2019 12:47:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4870	6/24/2019 12:49:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:48:07 PM	6/24/2019 12:48:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4871	6/24/2019 12:50:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:49:07 PM	6/24/2019 12:49:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4872	6/24/2019 12:51:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:50:07 PM	6/24/2019 12:50:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4873	6/24/2019 12:52:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:51:07 PM	6/24/2019 12:51:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4874	6/24/2019 12:53:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:52:07 PM	6/24/2019 12:52:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4875	6/24/2019 12:54:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:53:07 PM	6/24/2019 12:53:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4876	6/24/2019 12:54:25 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/24/2019 12:53:20 PM	6/24/2019 12:53:20 PM	LockDown	192.168.2.22	1944	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4877	6/24/2019 12:55:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:54:07 PM	6/24/2019 12:54:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4878	6/24/2019 12:56:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:55:07 PM	6/24/2019 12:55:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4879	6/24/2019 12:57:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:56:07 PM	6/24/2019 12:56:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4880	6/24/2019 12:58:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:57:07 PM	6/24/2019 12:57:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4881	6/24/2019 12:59:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:58:07 PM	6/24/2019 12:58:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4882	6/24/2019 1:00:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 12:59:07 PM	6/24/2019 12:59:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4883	6/24/2019 1:01:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:00:07 PM	6/24/2019 1:00:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4884	6/24/2019 1:02:07 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:01:07 PM	6/24/2019 1:01:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4885	6/24/2019 1:03:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:02:07 PM	6/24/2019 1:02:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4886	6/24/2019 1:04:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:03:07 PM	6/24/2019 1:03:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4887	6/24/2019 1:05:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:04:07 PM	6/24/2019 1:04:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4888	6/24/2019 1:06:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:05:07 PM	6/24/2019 1:05:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4889	6/24/2019 1:07:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:06:07 PM	6/24/2019 1:06:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4890	6/24/2019 1:08:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:07:07 PM	6/24/2019 1:07:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4891	6/24/2019 1:08:58 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 1:07:56 PM	6/24/2019 1:07:57 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4892	6/24/2019 1:09:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:08:07 PM	6/24/2019 1:08:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4893	6/24/2019 1:10:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:09:07 PM	6/24/2019 1:09:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4894	6/24/2019 1:11:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:10:07 PM	6/24/2019 1:10:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4895	6/24/2019 1:12:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:11:07 PM	6/24/2019 1:11:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4896	6/24/2019 1:13:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:12:07 PM	6/24/2019 1:12:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4897	6/24/2019 1:14:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:13:07 PM	6/24/2019 1:13:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4898	6/24/2019 1:15:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:14:07 PM	6/24/2019 1:14:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4899	6/24/2019 1:16:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:15:07 PM	6/24/2019 1:15:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4900	6/24/2019 1:17:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:16:07 PM	6/24/2019 1:16:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4901	6/24/2019 1:18:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:17:07 PM	6/24/2019 1:17:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4902	6/24/2019 1:19:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:18:07 PM	6/24/2019 1:18:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4903	6/24/2019 1:19:35 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 1:18:31 PM	6/24/2019 1:18:33 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4904	6/24/2019 1:20:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:19:07 PM	6/24/2019 1:19:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4905	6/24/2019 1:21:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:20:07 PM	6/24/2019 1:20:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4906	6/24/2019 1:22:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:21:07 PM	6/24/2019 1:21:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4907	6/24/2019 1:23:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:22:07 PM	6/24/2019 1:22:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4908	6/24/2019 1:24:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:23:07 PM	6/24/2019 1:23:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4909	6/24/2019 1:25:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:24:07 PM	6/24/2019 1:24:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4910	6/24/2019 1:26:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:25:07 PM	6/24/2019 1:25:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4911	6/24/2019 1:27:02 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="Windows.Storage.ApplicationData.dll,CleanupTemporaryState"	Create Process	0	6/24/2019 1:25:58 PM	6/24/2019 1:25:58 PM	LockDown	192.168.2.22	1944	c:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4912	6/24/2019 1:27:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:26:07 PM	6/24/2019 1:26:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4913	6/24/2019 1:28:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:27:07 PM	6/24/2019 1:27:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4914	6/24/2019 1:29:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:28:07 PM	6/24/2019 1:28:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4915	6/24/2019 1:30:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:29:07 PM	6/24/2019 1:29:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4916	6/24/2019 1:31:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:30:07 PM	6/24/2019 1:30:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4917	6/24/2019 1:32:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:31:07 PM	6/24/2019 1:31:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4918	6/24/2019 1:33:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:32:07 PM	6/24/2019 1:32:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4919	6/24/2019 1:34:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:33:07 PM	6/24/2019 1:33:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4920	6/24/2019 1:35:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:34:07 PM	6/24/2019 1:34:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4921	6/24/2019 1:36:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:35:07 PM	6/24/2019 1:35:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4922	6/24/2019 1:37:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:36:07 PM	6/24/2019 1:36:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4923	6/24/2019 1:38:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:37:07 PM	6/24/2019 1:37:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4924	6/24/2019 1:39:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:38:07 PM	6/24/2019 1:38:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4925	6/24/2019 1:40:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:39:07 PM	6/24/2019 1:39:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4926	6/24/2019 1:41:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:40:07 PM	6/24/2019 1:40:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4927	6/24/2019 1:42:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:41:07 PM	6/24/2019 1:41:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4928	6/24/2019 1:43:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:42:07 PM	6/24/2019 1:42:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4929	6/24/2019 1:44:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:43:07 PM	6/24/2019 1:43:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4930	6/24/2019 1:45:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:44:07 PM	6/24/2019 1:44:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4931	6/24/2019 1:46:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:45:07 PM	6/24/2019 1:45:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4932	6/24/2019 1:47:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:46:07 PM	6/24/2019 1:46:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4933	6/24/2019 1:48:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:47:07 PM	6/24/2019 1:47:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4934	6/24/2019 1:49:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:48:07 PM	6/24/2019 1:48:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4935	6/24/2019 1:50:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:49:07 PM	6/24/2019 1:49:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4936	6/24/2019 1:51:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:50:07 PM	6/24/2019 1:50:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4937	6/24/2019 1:52:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:51:07 PM	6/24/2019 1:51:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4938	6/24/2019 1:53:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:52:07 PM	6/24/2019 1:52:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4939	6/24/2019 1:54:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:53:07 PM	6/24/2019 1:53:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4940	6/24/2019 1:55:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:54:07 PM	6/24/2019 1:54:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4941	6/24/2019 1:56:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:55:07 PM	6/24/2019 1:55:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4942	6/24/2019 1:57:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:56:07 PM	6/24/2019 1:56:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4943	6/24/2019 1:58:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:57:07 PM	6/24/2019 1:57:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4944	6/24/2019 1:59:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:58:07 PM	6/24/2019 1:58:07 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4945	6/24/2019 2:00:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 1:59:08 PM	6/24/2019 1:59:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4946	6/24/2019 2:01:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:00:08 PM	6/24/2019 2:00:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4947	6/24/2019 2:02:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:01:08 PM	6/24/2019 2:01:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4948	6/24/2019 2:03:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:02:08 PM	6/24/2019 2:02:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4949	6/24/2019 2:04:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:03:08 PM	6/24/2019 2:03:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4950	6/24/2019 2:05:08 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 2:04:03 PM	6/24/2019 2:04:05 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4951	6/24/2019 2:05:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:04:08 PM	6/24/2019 2:04:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4952	6/24/2019 2:06:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:05:08 PM	6/24/2019 2:05:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4953	6/24/2019 2:07:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:06:08 PM	6/24/2019 2:06:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4954	6/24/2019 2:08:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:07:08 PM	6/24/2019 2:07:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4955	6/24/2019 2:09:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:08:08 PM	6/24/2019 2:08:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	0.0.0.0	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4956	6/24/2019 2:09:45 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 2:08:22 PM	6/24/2019 2:08:44 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4957	6/24/2019 2:10:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:09:08 PM	6/24/2019 2:09:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4958	6/24/2019 2:11:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:10:08 PM	6/24/2019 2:10:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4959	6/24/2019 2:12:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:11:08 PM	6/24/2019 2:11:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4960	6/24/2019 2:13:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:12:08 PM	6/24/2019 2:12:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4961	6/24/2019 2:14:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:13:08 PM	6/24/2019 2:13:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4962	6/24/2019 2:15:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:14:08 PM	6/24/2019 2:14:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4963	6/24/2019 2:16:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:15:08 PM	6/24/2019 2:15:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4964	6/24/2019 2:17:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:16:08 PM	6/24/2019 2:16:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4965	6/24/2019 2:18:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:17:08 PM	6/24/2019 2:17:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4966	6/24/2019 2:19:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:18:08 PM	6/24/2019 2:18:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4967	6/24/2019 2:20:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:19:08 PM	6/24/2019 2:19:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4968	6/24/2019 2:21:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:20:08 PM	6/24/2019 2:20:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4969	6/24/2019 2:21:44 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 2:19:02 PM	6/24/2019 2:20:43 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4970	6/24/2019 2:22:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:21:08 PM	6/24/2019 2:21:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4971	6/24/2019 2:23:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:22:08 PM	6/24/2019 2:22:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4972	6/24/2019 2:24:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:23:08 PM	6/24/2019 2:23:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4973	6/24/2019 2:25:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:24:08 PM	6/24/2019 2:24:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4974	6/24/2019 2:26:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:25:08 PM	6/24/2019 2:25:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4975	6/24/2019 2:27:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:26:08 PM	6/24/2019 2:26:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4976	6/24/2019 2:28:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:27:08 PM	6/24/2019 2:27:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4977	6/24/2019 2:29:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:28:08 PM	6/24/2019 2:28:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4978	6/24/2019 2:30:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:29:08 PM	6/24/2019 2:29:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4979	6/24/2019 2:31:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:30:08 PM	6/24/2019 2:30:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4980	6/24/2019 2:32:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:31:08 PM	6/24/2019 2:31:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4981	6/24/2019 2:33:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:32:08 PM	6/24/2019 2:32:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4982	6/24/2019 2:34:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:33:08 PM	6/24/2019 2:33:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4983	6/24/2019 2:35:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:34:08 PM	6/24/2019 2:34:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4984	6/24/2019 2:36:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:35:08 PM	6/24/2019 2:35:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4985	6/24/2019 2:37:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:36:08 PM	6/24/2019 2:36:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4986	6/24/2019 2:38:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:37:08 PM	6/24/2019 2:37:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4987	6/24/2019 2:39:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:38:08 PM	6/24/2019 2:38:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4988	6/24/2019 2:40:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:39:08 PM	6/24/2019 2:39:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4989	6/24/2019 2:41:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:40:08 PM	6/24/2019 2:40:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4990	6/24/2019 2:42:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:41:08 PM	6/24/2019 2:41:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4991	6/24/2019 2:43:13 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 2:41:34 PM	6/24/2019 2:42:12 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4992	6/24/2019 2:43:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:42:08 PM	6/24/2019 2:42:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4993	6/24/2019 2:44:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:43:08 PM	6/24/2019 2:43:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4994	6/24/2019 2:44:30 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 2:43:28 PM	6/24/2019 2:43:30 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4995	6/24/2019 2:45:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:44:08 PM	6/24/2019 2:44:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4996	6/24/2019 2:46:07 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 2:45:04 PM	6/24/2019 2:45:05 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
4997	6/24/2019 2:46:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:45:08 PM	6/24/2019 2:45:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4998	6/24/2019 2:47:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:46:08 PM	6/24/2019 2:46:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
4999	6/24/2019 2:47:45 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 2:46:24 PM	6/24/2019 2:46:44 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
5000	6/24/2019 2:48:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:47:08 PM	6/24/2019 2:47:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5001	6/24/2019 2:49:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:48:08 PM	6/24/2019 2:48:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5002	6/24/2019 2:50:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:49:08 PM	6/24/2019 2:49:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5003	6/24/2019 2:51:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:50:08 PM	6/24/2019 2:50:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5004	6/24/2019 2:51:26 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 2:47:58 PM	6/24/2019 2:50:24 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
5005	6/24/2019 2:52:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:51:08 PM	6/24/2019 2:51:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5006	6/24/2019 2:52:32 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 2:51:28 PM	6/24/2019 2:51:29 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
5007	6/24/2019 2:53:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:52:08 PM	6/24/2019 2:52:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5008	6/24/2019 2:54:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:53:08 PM	6/24/2019 2:53:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5009	6/24/2019 2:55:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:54:08 PM	6/24/2019 2:54:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5010	6/24/2019 2:56:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:55:08 PM	6/24/2019 2:55:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5011	6/24/2019 2:57:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:56:08 PM	6/24/2019 2:56:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5012	6/24/2019 2:58:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:57:08 PM	6/24/2019 2:57:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5013	6/24/2019 2:59:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:58:08 PM	6/24/2019 2:58:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5014	6/24/2019 3:00:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 2:59:08 PM	6/24/2019 2:59:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5015	6/24/2019 3:01:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:00:08 PM	6/24/2019 3:00:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5016	6/24/2019 3:02:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:01:08 PM	6/24/2019 3:01:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5017	6/24/2019 3:02:18 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 3:01:01 PM	6/24/2019 3:01:14 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
5018	6/24/2019 3:03:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:02:08 PM	6/24/2019 3:02:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5019	6/24/2019 3:04:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:03:08 PM	6/24/2019 3:03:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5020	6/24/2019 3:04:21 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 3:03:15 PM	6/24/2019 3:03:16 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
5021	6/24/2019 3:05:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:04:08 PM	6/24/2019 3:04:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5022	6/24/2019 3:06:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:05:08 PM	6/24/2019 3:05:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5023	6/24/2019 3:07:10 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 3:04:44 PM	6/24/2019 3:06:09 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
5024	6/24/2019 3:07:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:06:08 PM	6/24/2019 3:06:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5025	6/24/2019 3:08:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:07:08 PM	6/24/2019 3:07:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5026	6/24/2019 3:09:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:08:08 PM	6/24/2019 3:08:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5027	6/24/2019 3:10:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:09:08 PM	6/24/2019 3:09:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5028	6/24/2019 3:11:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:10:08 PM	6/24/2019 3:10:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5029	6/24/2019 3:12:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:11:08 PM	6/24/2019 3:11:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5030	6/24/2019 3:13:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:12:08 PM	6/24/2019 3:12:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5031	6/24/2019 3:14:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:13:08 PM	6/24/2019 3:13:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5032	6/24/2019 3:15:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:14:08 PM	6/24/2019 3:14:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5033	6/24/2019 3:16:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:15:08 PM	6/24/2019 3:15:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5034	6/24/2019 3:17:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:16:08 PM	6/24/2019 3:16:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5035	6/24/2019 3:17:52 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 3:12:05 PM	6/24/2019 3:16:51 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
5036	6/24/2019 3:18:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:17:08 PM	6/24/2019 3:17:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5037	6/24/2019 3:19:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:18:08 PM	6/24/2019 3:18:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5038	6/24/2019 3:20:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:19:08 PM	6/24/2019 3:19:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5039	6/24/2019 3:21:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:20:08 PM	6/24/2019 3:20:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5040	6/24/2019 3:22:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:21:08 PM	6/24/2019 3:21:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5041	6/24/2019 3:23:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:22:08 PM	6/24/2019 3:22:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5042	6/24/2019 3:24:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:23:08 PM	6/24/2019 3:23:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5043	6/24/2019 3:24:58 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 3:20:36 PM	6/24/2019 3:23:55 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
5044	6/24/2019 3:25:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:24:08 PM	6/24/2019 3:24:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5045	6/24/2019 3:26:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:25:08 PM	6/24/2019 3:25:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5046	6/24/2019 3:27:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:26:08 PM	6/24/2019 3:26:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5047	6/24/2019 3:28:03 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 3:25:08 PM	6/24/2019 3:26:59 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
5048	6/24/2019 3:28:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:27:08 PM	6/24/2019 3:27:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5049	6/24/2019 3:29:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:28:08 PM	6/24/2019 3:28:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5050	6/24/2019 3:30:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:29:08 PM	6/24/2019 3:29:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5051	6/24/2019 3:31:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:30:08 PM	6/24/2019 3:30:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5052	6/24/2019 3:32:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:31:08 PM	6/24/2019 3:31:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5053	6/24/2019 3:33:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:32:08 PM	6/24/2019 3:32:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5054	6/24/2019 3:34:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:33:08 PM	6/24/2019 3:33:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5055	6/24/2019 3:34:53 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 3:28:06 PM	6/24/2019 3:33:49 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
5056	6/24/2019 3:35:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:34:08 PM	6/24/2019 3:34:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5057	6/24/2019 3:36:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:35:08 PM	6/24/2019 3:35:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5058	6/24/2019 3:36:31 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 3:35:25 PM	6/24/2019 3:35:26 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
5059	6/24/2019 3:37:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:36:08 PM	6/24/2019 3:36:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5060	6/24/2019 3:37:53 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 3:36:37 PM	6/24/2019 3:36:52 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
5061	6/24/2019 3:38:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:37:08 PM	6/24/2019 3:37:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5062	6/24/2019 3:39:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:38:08 PM	6/24/2019 3:38:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5063	6/24/2019 3:39:41 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 3:37:59 PM	6/24/2019 3:38:38 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
5064	6/24/2019 3:40:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:39:08 PM	6/24/2019 3:39:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5065	6/24/2019 3:41:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:40:08 PM	6/24/2019 3:40:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5066	6/24/2019 3:42:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:41:08 PM	6/24/2019 3:41:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5067	6/24/2019 3:43:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:42:08 PM	6/24/2019 3:42:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5068	6/24/2019 3:44:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:43:08 PM	6/24/2019 3:43:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5069	6/24/2019 3:45:09 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 3:44:03 PM	6/24/2019 3:44:04 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
5070	6/24/2019 3:45:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:44:08 PM	6/24/2019 3:44:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5071	6/24/2019 3:46:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:45:08 PM	6/24/2019 3:45:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5072	6/24/2019 3:47:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:46:08 PM	6/24/2019 3:46:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5073	6/24/2019 3:48:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:47:08 PM	6/24/2019 3:47:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5074	6/24/2019 3:49:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:48:08 PM	6/24/2019 3:48:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5075	6/24/2019 3:50:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:49:08 PM	6/24/2019 3:49:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5076	6/24/2019 3:51:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:50:08 PM	6/24/2019 3:50:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5077	6/24/2019 3:51:19 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 3:49:01 PM	6/24/2019 3:50:15 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
5078	6/24/2019 3:52:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:51:08 PM	6/24/2019 3:51:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5079	6/24/2019 3:53:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:52:08 PM	6/24/2019 3:52:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5080	6/24/2019 3:54:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:53:08 PM	6/24/2019 3:53:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5081	6/24/2019 3:55:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:54:08 PM	6/24/2019 3:54:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5082	6/24/2019 3:56:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:55:08 PM	6/24/2019 3:55:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5083	6/24/2019 3:57:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:56:08 PM	6/24/2019 3:56:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5084	6/24/2019 3:58:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:57:08 PM	6/24/2019 3:57:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5085	6/24/2019 3:59:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:58:08 PM	6/24/2019 3:58:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5086	6/24/2019 4:00:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 3:59:08 PM	6/24/2019 3:59:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5087	6/24/2019 4:01:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:00:08 PM	6/24/2019 4:00:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5088	6/24/2019 4:02:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:01:08 PM	6/24/2019 4:01:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5089	6/24/2019 4:03:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:02:08 PM	6/24/2019 4:02:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5090	6/24/2019 4:04:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:03:08 PM	6/24/2019 4:03:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5091	6/24/2019 4:05:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:04:08 PM	6/24/2019 4:04:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5092	6/24/2019 4:06:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:05:08 PM	6/24/2019 4:05:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5093	6/24/2019 4:07:08 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:06:08 PM	6/24/2019 4:06:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5094	6/24/2019 4:08:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:07:08 PM	6/24/2019 4:07:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5095	6/24/2019 4:09:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:08:08 PM	6/24/2019 4:08:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5096	6/24/2019 4:10:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:09:08 PM	6/24/2019 4:09:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5097	6/24/2019 4:11:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:10:08 PM	6/24/2019 4:10:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5098	6/24/2019 4:11:15 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 4:10:08 PM	6/24/2019 4:10:10 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
5099	6/24/2019 4:12:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:11:08 PM	6/24/2019 4:11:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5100	6/24/2019 4:13:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:12:08 PM	6/24/2019 4:12:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5101	6/24/2019 4:14:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:13:08 PM	6/24/2019 4:13:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5102	6/24/2019 4:15:01 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 4:11:19 PM	6/24/2019 4:13:58 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
5103	6/24/2019 4:15:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:14:08 PM	6/24/2019 4:14:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5104	6/24/2019 4:16:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:15:08 PM	6/24/2019 4:15:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5105	6/24/2019 4:17:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:16:08 PM	6/24/2019 4:16:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5106	6/24/2019 4:18:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:17:08 PM	6/24/2019 4:17:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5107	6/24/2019 4:19:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:18:08 PM	6/24/2019 4:18:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5108	6/24/2019 4:20:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:19:08 PM	6/24/2019 4:19:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5109	6/24/2019 4:21:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:20:08 PM	6/24/2019 4:20:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5110	6/24/2019 4:22:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:21:08 PM	6/24/2019 4:21:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5111	6/24/2019 4:23:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:22:08 PM	6/24/2019 4:22:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5112	6/24/2019 4:24:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:23:08 PM	6/24/2019 4:23:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5113	6/24/2019 4:25:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:24:08 PM	6/24/2019 4:24:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5114	6/24/2019 4:26:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:25:08 PM	6/24/2019 4:25:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5115	6/24/2019 4:27:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:26:08 PM	6/24/2019 4:26:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5116	6/24/2019 4:28:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:27:08 PM	6/24/2019 4:27:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5117	6/24/2019 4:29:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:28:08 PM	6/24/2019 4:28:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5118	6/24/2019 4:30:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:29:08 PM	6/24/2019 4:29:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5119	6/24/2019 4:31:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:30:08 PM	6/24/2019 4:30:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5120	6/24/2019 4:32:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:31:08 PM	6/24/2019 4:31:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5121	6/24/2019 4:33:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:32:08 PM	6/24/2019 4:32:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5122	6/24/2019 4:34:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:33:08 PM	6/24/2019 4:33:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5123	6/24/2019 4:35:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:34:08 PM	6/24/2019 4:34:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5124	6/24/2019 4:36:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:35:08 PM	6/24/2019 4:35:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5125	6/24/2019 4:37:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:36:08 PM	6/24/2019 4:36:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5126	6/24/2019 4:38:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:37:08 PM	6/24/2019 4:37:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5127	6/24/2019 4:39:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:38:08 PM	6/24/2019 4:38:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5128	6/24/2019 4:40:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:39:08 PM	6/24/2019 4:39:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5129	6/24/2019 4:41:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:40:08 PM	6/24/2019 4:40:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5130	6/24/2019 4:42:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:41:08 PM	6/24/2019 4:41:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5131	6/24/2019 4:43:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:42:08 PM	6/24/2019 4:42:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5132	6/24/2019 4:44:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:43:08 PM	6/24/2019 4:43:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5133	6/24/2019 4:45:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:44:08 PM	6/24/2019 4:44:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5134	6/24/2019 4:46:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:45:08 PM	6/24/2019 4:45:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5135	6/24/2019 4:47:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:46:08 PM	6/24/2019 4:46:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5136	6/24/2019 4:48:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:47:08 PM	6/24/2019 4:47:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5137	6/24/2019 4:49:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:48:08 PM	6/24/2019 4:48:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5138	6/24/2019 4:50:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:49:08 PM	6/24/2019 4:49:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5139	6/24/2019 4:51:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:50:08 PM	6/24/2019 4:50:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5140	6/24/2019 4:52:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:51:08 PM	6/24/2019 4:51:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5141	6/24/2019 4:53:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:52:08 PM	6/24/2019 4:52:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5142	6/24/2019 4:54:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:53:08 PM	6/24/2019 4:53:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5143	6/24/2019 4:55:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:54:08 PM	6/24/2019 4:54:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5144	6/24/2019 4:56:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:55:08 PM	6/24/2019 4:55:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5145	6/24/2019 4:57:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:56:08 PM	6/24/2019 4:56:08 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5146	6/24/2019 4:58:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:57:09 PM	6/24/2019 4:57:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5147	6/24/2019 4:59:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:58:09 PM	6/24/2019 4:58:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5148	6/24/2019 5:00:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 4:59:09 PM	6/24/2019 4:59:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5149	6/24/2019 5:01:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:00:09 PM	6/24/2019 5:00:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5150	6/24/2019 5:02:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:01:09 PM	6/24/2019 5:01:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5151	6/24/2019 5:03:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:02:09 PM	6/24/2019 5:02:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5152	6/24/2019 5:04:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:03:09 PM	6/24/2019 5:03:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5153	6/24/2019 5:05:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:04:09 PM	6/24/2019 5:04:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5154	6/24/2019 5:06:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:05:09 PM	6/24/2019 5:05:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5155	6/24/2019 5:07:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:06:09 PM	6/24/2019 5:06:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5156	6/24/2019 5:08:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:07:09 PM	6/24/2019 5:07:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5157	6/24/2019 5:09:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:08:09 PM	6/24/2019 5:08:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5158	6/24/2019 5:10:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:09:09 PM	6/24/2019 5:09:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5159	6/24/2019 5:11:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:10:09 PM	6/24/2019 5:10:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5160	6/24/2019 5:12:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:11:09 PM	6/24/2019 5:11:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5161	6/24/2019 5:13:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:12:09 PM	6/24/2019 5:12:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5162	6/24/2019 5:14:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:13:09 PM	6/24/2019 5:13:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5163	6/24/2019 5:15:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:14:09 PM	6/24/2019 5:14:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5164	6/24/2019 5:16:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:15:09 PM	6/24/2019 5:15:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5165	6/24/2019 5:17:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:16:09 PM	6/24/2019 5:16:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5166	6/24/2019 5:18:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:17:09 PM	6/24/2019 5:17:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5167	6/24/2019 5:19:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:18:09 PM	6/24/2019 5:18:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5168	6/24/2019 5:20:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:19:09 PM	6/24/2019 5:19:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5169	6/24/2019 5:21:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:20:09 PM	6/24/2019 5:20:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5170	6/24/2019 5:22:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:21:09 PM	6/24/2019 5:21:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5171	6/24/2019 5:23:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:22:09 PM	6/24/2019 5:22:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5172	6/24/2019 5:24:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:23:09 PM	6/24/2019 5:23:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5173	6/24/2019 5:25:08 PM	User Event	1	Block	Production	System Lockdown - Target MD5=73c519f050c20580f8a62c849d49215a - Target Arguments="C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding"	Create Process	0	6/24/2019 5:24:02 PM	6/24/2019 5:24:04 PM	LockDown	192.168.2.22	1076	C:\Windows\System32\svchost.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\rundll32.exe	69632 Bytes	Default	SYSTEM	GLSTR	Alert
5174	6/24/2019 5:25:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:24:09 PM	6/24/2019 5:24:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5175	6/24/2019 5:26:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:25:09 PM	6/24/2019 5:25:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5176	6/24/2019 5:27:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:26:09 PM	6/24/2019 5:26:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5177	6/24/2019 5:28:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:27:09 PM	6/24/2019 5:27:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5178	6/24/2019 5:29:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:28:09 PM	6/24/2019 5:28:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5179	6/24/2019 5:30:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:29:09 PM	6/24/2019 5:29:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5180	6/24/2019 5:31:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:30:09 PM	6/24/2019 5:30:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5181	6/24/2019 5:32:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:31:09 PM	6/24/2019 5:31:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5182	6/24/2019 5:33:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:32:09 PM	6/24/2019 5:32:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5183	6/24/2019 5:34:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:33:09 PM	6/24/2019 5:33:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5184	6/24/2019 5:35:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:34:09 PM	6/24/2019 5:34:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5185	6/24/2019 5:36:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:35:09 PM	6/24/2019 5:35:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5186	6/24/2019 5:37:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:36:09 PM	6/24/2019 5:36:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5187	6/24/2019 5:38:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:37:09 PM	6/24/2019 5:37:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5188	6/24/2019 5:39:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:38:09 PM	6/24/2019 5:38:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5189	6/24/2019 5:40:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:39:09 PM	6/24/2019 5:39:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5190	6/24/2019 5:41:14 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:40:09 PM	6/24/2019 5:40:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5191	6/24/2019 5:42:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:41:09 PM	6/24/2019 5:41:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5192	6/24/2019 5:43:12 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:42:09 PM	6/24/2019 5:42:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5193	6/24/2019 5:44:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:43:09 PM	6/24/2019 5:43:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5194	6/24/2019 5:45:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:44:09 PM	6/24/2019 5:44:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5195	6/24/2019 5:46:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:45:09 PM	6/24/2019 5:45:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5196	6/24/2019 5:47:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:46:09 PM	6/24/2019 5:46:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5197	6/24/2019 5:48:10 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:47:09 PM	6/24/2019 5:47:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5198	6/24/2019 5:49:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:48:09 PM	6/24/2019 5:48:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5199	6/24/2019 5:50:13 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:49:09 PM	6/24/2019 5:49:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5200	6/24/2019 5:51:09 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:50:09 PM	6/24/2019 5:50:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5201	6/24/2019 5:52:11 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:51:09 PM	6/24/2019 5:51:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert
5202	6/24/2019 5:52:23 PM	User Event	10	Block	Production	[AC6-1.1] Block etc hosts file modifications - Caller MD5=7ada2c13b4ddbd01c01c81b82745263f	File Write	0	6/24/2019 5:52:09 PM	6/24/2019 5:52:09 PM	Block modifications to hosts file | [AC6-1.1] Block etc hosts file modifications	192.168.2.22	5788	C:\Program Files\Fortinet\FortiClient\FCDBLog.exe	SCSI\Disk&Ven_NVMe&Prod_PC300_NVMe_SK_hy\000000	C:\Windows\System32\drivers\etc\hosts	824 Bytes	Default	SYSTEM	GLSTR	Alert