Hello, Kirill! Thanks for your reply. Are you looking for something specific? The gzipped logs are roughly 100 MB.
2023-Apr-13 03:35:41.131409 [ 5572] [INF] [LOG] Rotate log...
===============================================================================
Dr.Web Control Service for Windows v12.12.6.01180
Copyright (c) Doctor Web, Ltd., 1992-2023
Current arch: x64
Binary: x64
Operating System: Windows 11 x64 (Build 22621)
Command line: C:\Program Files\DrWeb\dwservice.exe --logfile=C:\ProgramData\Doctor Web\Logs\dwservice.log
===============================================================================
2023-Apr-13 03:35:41.131471 [ 7172] [INF] [arkdll]
id: 642441, timestamp: 13.04.2023 03:35:41.0127, type: FileVolWrite (1), flags: 1 (wait: 1)
sid: S-1-5-18, cid: 4/10056:\Device\HarddiskVolume3\Windows\system32\ntoskrnl.exe
unique id: 4-133257995482431473-18446735292665692160
hips: type: 2, action: ask [0]
type: 0, new: 0, suspicious: 0, cmd:
fileinfo: size: 11986304, easize: 404, attr: 0x20, buildtime: 07.07.1915 15:39:29.0000, ctime: 12.04.2023 04:31:36.0682, atime: 12.04.2023 20:59:20.0184, mtime: 12.04.2023 04:31:37.0014, descr: NT Kernel & System, ver: 10.0.22621.1555 (WinBuild.160101.0800), company: Microsoft Corporation, oname: ntkrnlmp.exe
signer: C=US|ST=Washington|L=Redmond|O=Microsoft Corporation|CN=Microsoft Windows, issuer: C=US|ST=Washington|L=Redmond|O=Microsoft Corporation|CN=Microsoft Windows Production PCA 2011, timestamp: 28.03.2023 05:38:13.0000, thumbprint: 58fd671e2d4d200ce92d6e799ec70df96e6d2664, eku: unknown [28], flags: 0x2a, hash alg: Sha256
catfile: {f750e6c3-38ee-11d1-85e5-00c04fc295ee}\microsoft-windows-client-desktop-required-package05142030~31bf3856ad364e35~amd64~~10.0.22621.1555.cat
creator name: Microsoft Windows
creator url: http://www.microsoft.com/windows
file sha1: b364388ebc1313a7d2dff39fdd0ec916f60c6c8a
file sha256: 35c9d3384ab1858b5460415ce752daa884dfd73eb25c02755909cd82a130103f
status: signed_catroot, sfc, pe64, driver, spc / signed_catroot / unknown / unknown / unknown / unknown
type: unknown, object: \Device\HarddiskVolume6
area: Unknown [1], offset: 0xef6a05000, size: 4096
id: 642441 ==> allowed [2], time: 0.075100 ms
...
2023-Apr-13 04:07:46.847864 [ 5236] [WRN] [bg-scan] scan result \Device\HarddiskVolume3\Windows\system32\drivers\etc\hosts infection: HOSTS:SUSPICIOUS.URL (type: 4; code: 8; )
2023-Apr-13 04:07:46.848022 [ 5236] [INF] [events uniter] registered virus component: component_guard, threat: HOSTS:SUSPICIOUS.URL, type: 0(ALERT_FILE_OBJECT), infection type: 4(Suspicious), action: 8( cured), user: SYSTEM, path: \Device\HarddiskVolume3\Windows\system32\drivers\etc\hosts
2023-Apr-13 04:07:46.848158 [ 5236] [INF] [events uniter] registered server event component: component_guard, threat: HOSTS:SUSPICIOUS.URL, type: 0(ALERT_FILE_OBJECT), infection type: 4(Suspicious), action: 8( cured), user: SYSTEM, path: \Device\HarddiskVolume3\Windows\system32\drivers\etc\hosts
...
2023-Apr-13 09:05:54.095179 [ 6872] [INF] [arkdll]
id: 836874, timestamp: 13.04.2023 09:05:54.0095, type: FileCreate (5), flags: 1 (wait: 1)
sid: S-1-5-21-1587951583-132931476-2871531754-1001, cid: 17932/11976:\Device\HarddiskVolume3\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2302.26.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe
context: start addr: 0x7ff91a6392d0, image: 0x7ff91a610000:\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
unique id: 17932-133258168196751663-140697325600768
behaviour: change_hosts, run_from_shortcut
hips: type: 1, action: allow [2]
type: 0, new: 0, suspicious: 0, cmd: "C:\Windows\System32\notepad.exe" C:\Windows\System32\drivers\etc\hosts
fileinfo: size: 958976, easize: 228, attr: 0x20, buildtime: 24.02.2023 19:54:10.0000, ctime: 03.04.2023 02:09:27.0869, atime: 12.04.2023 22:22:53.0245, mtime: 03.04.2023 02:09:28.0429, descr: Notepad.exe, ver: 11.2302.26.0, company: Microsoft Corporation, oname: Notepad.exe
file sha1: 867a33f328293063732a179df7ae95e897d8322f
file sha256: 5430e6254023f0803ee1107108ee3f24153647967b00667d70a8e95389e685e2
status: unsigned, pe64 / unsigned / unknown / unknown / unknown / unknown
file: \Device\HarddiskVolume3\Windows\System32\drivers\etc\hosts
access: 0x12019f, create options: 0x60, disposition: 0x3
id: 836874 ==> allowed [2], time: 0.131300 ms
...
2023-Apr-13 10:01:56.565401 [ 5236] [WRN] [bg-scan] scan result \Device\HarddiskVolume3\Windows\system32\drivers\etc\hosts infection: HOSTS:SUSPICIOUS.URL (type: 4; code: 8; )
2023-Apr-13 10:01:56.565447 [ 5236] [INF] [events uniter] registered virus component: component_guard, threat: HOSTS:SUSPICIOUS.URL, type: 0(ALERT_FILE_OBJECT), infection type: 4(Suspicious), action: 8( cured), user: SYSTEM, path: \Device\HarddiskVolume3\Windows\system32\drivers\etc\hosts
2023-Apr-13 10:01:56.565628 [ 5236] [INF] [events uniter] registered server event component: component_guard, threat: HOSTS:SUSPICIOUS.URL, type: 0(ALERT_FILE_OBJECT), infection type: 4(Suspicious), action: 8( cured), user: SYSTEM, path: \Device\HarddiskVolume3\Windows\system32\drivers\etc\hosts
...
Log ID 836874 is me having notepad.exe open to overwrite (when the Dr.Web alert about neutralized threat appears :-))